IBM’s Weather Channel app stands accused of misleading users over the purpose of its data collection, with a lawsuit filed by the state of California highlighting the far greater responsibility companies will have to take in data gathering and processing practices in future.

The Weather Channel (TWC) is one of the United States’ most popular online weather services, with over 100 million app downloads across both iOS and Android, and 45 million monthly active users. It has been accused of deceiving those users by sharing and profiting from their location data. According to the filing, TWC executives state that they “track consumers’ movements ‘throughout the day, week and year’ with ‘uber-precise’ geolocation monitoring collecting data that is ‘accurate down to 5 decimal places.’”

The filing, posted by the New York Times in full here, argues that “Unbeknownst to many users, the Weather Channel App has tracked users’ detailed geolocation data for years, analyzing and/or transferring that data to third parties for a variety of commercial and advertising purposes, including for targeted advertisements based on locations users frequent, and for hedge funds interested in analyzing consumer behavior”.

This stands in contrast to what the company tells users, the filing adds. TWC “misleadingly suggests that such data will be used only to provide users with ‘personalized local weather data, alerts and forecasts’”. Meanwhile, and though the Weather Channel says it has “always been transparent with the use of location data”, the filing describes a dense policy document that is “less than forthcoming” regarding the specific use of the data for optimising advertising, which is “scattered through various sections of the nearly 10,000-word Privacy Policy”. The plaintiffs are seeking an injunction to bar such business practices alongside civil penalties.

“Think how Orwellian it feels to live in a world where a private company is tracking potentially every place you go, every minute of every day,” the Los Angeles City Attorney Michael N. Feuer told The Guardian. “If you want to sacrifice to that company that information, you sure ought to be doing it with clear advanced notice of what’s at stake.”

Location data is an area that consumers feel particularly vulnerable about. A 2017 study by the company HERE, which surveyed 8,130 consumers from around the world found that “while most consumers share their location data with at least one application or service provider, the majority feel stressed or vulnerable when doing so and less than a fifth trust that their data will be handled properly”.

While the permissions documents may be clear to the trained eye, or lay-consumers who happen to have a lawyer with then when consenting, part of the fuel to the current discussion is the lack of freely given and explicit consent, which has become a part of European law through the GDPR. Though it is formalised in a wide-ranging set of standards that came into force last year, regulators around the world are now scrutinising companies that play in this often poorly understood area.

The lawsuit follows a New York Times expose, referenced in the filing, that explored the shadowy world of apps that track and share sensitive location data. Later, an FT piece explored the new scrutiny descending on “data death stars,” or some of the world’s largest data brokers that have only recently started to become picky about the provenance of the data they accept.

What it means, however, is that dodgy data practices are not only making headlines for breaches, but for the allegedly unscrupulous collection and processing of sensitive information. In an industry where a 360 degree view of the consumer has been cast as a wholly good thing, the Wild West that was the unregulated data trade may be coming under greater control.

Sourced from the New York Times, The Guardian, Financial Times; additional content by WARC staff