I'll push back on this a bit - we have always been transparent about our business model. We have always clearly explained how we use data to monetize. We did not have a single incident of abuse of this platform. When we started monetizing this way, it was not considered controversial, and the world has obviously shifted and evolved.
That being said, it was a small portion of our revenue, and we decided to shut down this part of our business. Well intentioned people can disagree in good faith, and we decided the controversy wasn't worth it even though our practices were misunderstood and sensationalized. We shifted our strategy to using a purely aggregated model that does not use any type of device level identifier (e.g. no IDFA, no in-house work around identifiers), which should not be considered controversial.
Trust is paramount for us, so we decided to stick to our core, which is subscriptions and devices.
If you sell anonymized location data, it would be trivial for whoever has the data to figure out who the individuals are.
If you work for a high profile company, hedge funds will use this data to determine where you are traveling and who you are meeting with. Governments buy this data to track their enemies. This is not something you want to be a provider of.
Additionally this is not something you want to brush off as an "agree to disagree" sort of thing, you should try to understand that this sort of thing puts your customers at risk.
The claim that "We did not have a single incident of abuse" holds no water because you would have no way of knowing something like that.
Honestly, how would you know that some foreign government or hedge fund isn't buying your customers data from the 3rd party you are selling that data to?
Please check out this article published in the NYT some years back. It's a long multi-part series, but worth your time.
"Anonymized" is a controversial term. Let me be very clear about the model we are moving to.
We are going "aggregated" so there are no GPS lines or raw feeds as consumable outputs. It is instead counters on places...e.g. how many people went to Safeway? What was the average speed at this road segment? We will show big patterns, such as where did the people who went to Safeway come from, but that will be done in 50 user blocks with randomized locations within census zones. Even Apple, as ostensibly the most privacy conscious company out there, uses their aggregated location data in similar ways (see Apple Maps Mobility Trends Reports).
If using aggregated data is bad, that will mean that we will not have basic things we all rely on such as traffic ETAs in nav apps, because that data was ultimately from probes in the real world. Should we outlaw this? There is a ton of nuance.
Re your link to the NYTimes and that type of data feed, I still think there is a huge gap between perception and reality, and from what I know of the industry there are generally very strong contractual commitments by partners to limit how these databases are used. If a partner who has direct access to a location data feed that includes raw data and breaches a contract, yes, people could in theory be "de-identified." That would also apply to Amazon for your S3 storage, or your phone carrier. I don't know where the NYTimes data came from, but I can say that all of our prior partners had very strict limitations on how the data could be used.
I hope that one solution from all this is that there are much strong penalties, including criminal ones, for misuse of data. It isn't a data broker issue per se - employees at companies for example are probably a much more real risk vector because the tools to access the data on a user-level exist. People should go to jail if they abuse it, either in first party or third party form.
That being said, it was a small portion of our revenue, and we decided to shut down this part of our business. Well intentioned people can disagree in good faith, and we decided the controversy wasn't worth it even though our practices were misunderstood and sensationalized. We shifted our strategy to using a purely aggregated model that does not use any type of device level identifier (e.g. no IDFA, no in-house work around identifiers), which should not be considered controversial.
Trust is paramount for us, so we decided to stick to our core, which is subscriptions and devices.