FTC Sensitive Location Guide for Buyers 2026

US buyers of mobility and POI data inherit FTC-shaped definitions of sensitive location even when contracts are silent. Consent orders against X-Mode/Outlogic, InMarket, and Mobilewalla (2024) banned or restricted precise location sales near medical, religious, and other sensitive venues, and required deletion verification. The FTC treats coordinates as sensitive when more precise than roughly 1,850 feet (about 0.35 mile) — ZIP- or census-block-level data is often treated as coarse; polygon visits to named clinics are not. Teams licensing global mobility or POI geofencing should document exclusions before activation in audience targeting or smart cities programs. Pair technical tests with sourcing methodology and /trust/data-broker-registrations.

Key Takeaways

  • Sensitive places are a pass/fail gate, not a marketing footnote — geofence proofs belong in the pilot, not post-launch cleanup.
  • Affirmative express consent is the FTC baseline for commercializing precise location from apps and SDKs.
  • Panel replacement after orders changed supply composition; verify vendor panel QA and device churn post-2024.
  • Buyers should demand geofence exclusion lists, precision audits, and deletion propagation evidence in writing.
  • State laws may use different radii — map the strictest rule in each activation geography.

What the FTC Orders Changed

The FTC's business guidance on privacy and security reinforces that unexpected use of location data is unfair — buyers should map actual activation to notices and orders, not to generic MSA privacy clauses.

The X-Mode/Outlogic order was among the first to explicitly prohibit selling location data revealing visits to sensitive categories. The InMarket order banned sales of precise consumer location data and required deletion workflows. The Mobilewalla order added verification duties. Together they signal that downstream buyers cannot assume "industry standard" geofences from 2022 RFPs still suffice.

Procurement should read data brokers post-FTC consent orders alongside vendor panel audits. Ask whether the vendor's public privacy policy describes sensitive-location exclusions that match feed prep scripts — agents and regulators compare them.

Orders also elevated affirmative express consent language for precise location commercialization — passive app permissions or buried toggles are insufficient in FTC's framing. Map consent artifacts to each device ID in your seed, not only to the publisher's generic policy URL. When vendors cite IAB Transparency & Consent strings, decode purpose IDs relevant to location resale before signing global mobility schedules.

The ~1,850-Foot Line and Coarse vs. Precise

Orders and commentary converge on a practical threshold: coordinates finer than ~1,850 feet are precise for FTC purposes. Census block or ZIP centroids may qualify as coarse in isolation, but combining coarse cells with timestamps, venue labels, or home-work inference can re-identify individuals. Buyers should not treat "aggregated mobility" as automatically safe without reviewing field-level precision and join keys.

Night-time home inference from mobility streams remains a flashpoint — even coarse cells can reveal residence when paired with 90-day histories. Many vendors now suppress night pings or jitter coordinates; verify those transforms on seed devices you control, not only on vendor attestations.

Venue snap-to-POI logic can reintroduce sensitivity even when raw GPS is coarse — a visit attributed to a clinic name is more sensitive than a dot on a map. Test venue labels in the sample, not only lat/long precision. For POI geofencing programs, require polygon source provenance and banned-category lists versioned in the contract.

Tests to Run on a Mobility Sample Before License

Run these on a matched seed before production — mirror enterprise pilot checklist gates. Legal should sign off before engineering connects to production IDs.

Document who ran the test, seed size, date, and polygon version in the procurement record. Re-run after vendor panel refresh events — post-FTC order panel swaps changed device composition materially in 2024–2025. Compare results to public sourcing methodology statements; discrepancies trigger renegotiation or termination rights.

  1. Sensitive-venue geofence: block or flag visits inside hospital, worship, shelter, reproductive health, and similar polygons.
  2. Precision audit: confirm coordinate precision claims vs. stated coarse thresholds on the same devices.
  3. Consent chain: map publisher CMP / IAB TCF strings to your permitted use in contract.
  4. Refresh and decay: document cadence and device churn — see device graph decay.
  5. Deletion drill: submit test opt-out and verify removal from vendor export within SLA.

Activation, Measurement, and POI Overlap

Advertisers using location for cross-channel measurement should align exclusion polygons with POI geofencing products — brand-safe retail geofences can still intersect sensitive sites if polygon libraries are stale. Require versioned polygon changelogs from vendors. For CTV ACR plus mobility fusion, document whether household graphs amplify location sensitivity.

Cross-link diligence to AI search readiness only insofar as public marketing claims match tested samples — inflated precision language on the web becomes evidence in disputes.

Ad platforms should import the same exclusion polygons the vendor uses in feed prep — mismatches create activation liability when the buyer's DMP allows visits the vendor claims to suppress. Store polygon WKT or GeoJSON hashes in the contract appendix so drift is detectable.

Contract Clauses and Ongoing Monitoring

MSAs should codify: (1) sensitive-location definition by reference to FTC orders or stricter state law, (2) vendor obligation to update polygons when facilities open/close, (3) buyer audit rights on exclusion scripts, and (4) termination rights if a new FTC order affects the panel source. Annual re-review should repeat seed tests — panels drift.

Include incident notification when a vendor discovers sensitive-venue leakage in production feeds — time matters for regulatory narrative. Cap indemnity carve-outs for sensitive-location violations; many insurers now exclude surveillance-data risks. Finance buyers using alternative data should align trading compliance with the same polygon evidence marketing uses.

Vendors with strong posture publish exclusions in sourcing methodology and registration indexes without waiting for buyer prompts — that reduces cycle time for risk management teams under board scrutiny.

Boards and insurers now ask for attestation letters confirming sensitive-location controls — prepare a one-page summary referencing your polygon version, consent chain, and last seed test date. Link the summary from /trust/data-broker-registrations if your trust center is the diligence front door.

Healthcare and faith-based buyers may impose stricter polygons than FTC orders — contract for custom exclusion lists rather than assuming vendor defaults cover mission requirements. Document overrides in the schedule, not email footers.

Law enforcement and national-security buyers still need commercial mobility for pattern-of-life analytics in some programs — segregate those use cases in separate contracts with enhanced audit clauses; do not reuse consumer marketing geofence decks for mission datasets.

Retail analytics teams should separate foot-traffic measurement from individual tracking in data specs — buying visit counts by store week is a different privacy posture than device-level paths. Specify the grain in the schedule and test the sample at that grain only.

International buyers importing US mobility into EU campaigns need GDPR transfer tools plus FTC-style geofence discipline — the stricter geography wins for activation, not the looser vendor default.

Maintain a vendor attestation registry listing polygon version, consent chain version, and last seed test ID — update the registry when vendors refresh panels after FTC orders. Attach registry rows to procurement portal attachments.

Escalate to termination when a vendor cannot reproduce geofence results on a blind seed you provide — reproducibility matters more than marketing polygon counts.

Document children's venue exclusions separately from adult sensitive categories — schools and youth sports complexes appear in COPPA and location orders alike.

Frequently Asked Questions

Is ZIP-level mobility always safe?
Not automatically. Coarse geolocation is less likely to be treated as sensitive in isolation, but combined with timestamps, venue labels, or home-work inference it can still re-identify individuals. Evaluate holistically on a seed, not from the product name alone.
Does the FTC define sensitive locations the same as state laws?
No. State health-privacy laws may use geofence radii (for example ~1,750 feet around facilities). Washington and other states add sectoral rules. Map the strictest rule in your activation geography and document which polygon library version you used.
Where should legal sit in the pilot?
Before seed delivery. Use the enterprise pilot checklist and pilot process so governance gates precede engineering joins to production MAIDs or households.
Do FTC orders bind buyers directly?
Orders bind the named respondents, but they establish agency expectations that flow into vendor contracts and industry practice. Buyers who activate non-compliant feeds risk Section 5 unfairness theories and reputational harm even without being order parties.
How does sensitive location relate to GDPR?
GDPR treats location as personal data; special-category data may arise when location reveals health or religious life. US FTC orders emphasize commercial surveillance harms. EU buyers need both GDPR Art. 14 transparency and FTC-style geofence discipline for US-sourced panels.