Goldenshores also allegedly failed to respect a user’s choice not to accept the app’s EULA. Apparently, the EULA was presented the first time a user launched the app, and a user was given a choice either to “Accept” or “Refuse” the EULA, under which the user gave Goldenshores certain permissions to use data collected from the user. Notwithstanding this apparent choice to refuse the EULA (and the data use permission), the app allegedly began collecting data from the user’s device immediately, including when the user was reviewing the EULA.
The FTC alleged that both of these practices were “deceptive” in violation of Section 5. The settlement reflects the agency’s keen focus on the uses of geolocation data, a category of data the FTC identified as “sensitive” in its March 2012 privacy report. The report recommended that companies obtain “affirmative express consent” before collecting geolocation information. Although the FTC did not fault Goldenshores for failing to obtain such consent, the consent order resolving the case requires Goldenshores to obtain affirmative express consent before “transmitting” geolocation data in the future. This requirement is similar to a requirement imposed on the Aaron’s rent-to-own chain in a consent order announced in October.