The Federal Trade Commission (FTC) is banning data brokers Gravy Analytics and Mobilewalla from collecting, using, and selling “sensitive” location data of Americans, the agency announced on Tuesday. The FTC targeted Gravy Analytics, its subsidiary Venntel, and Mobilewalla for allegedly violating the FTC Act by collecting and selling information that could be used to track people to healthcare facilities, military bases, religious sites, labor union gatherings, and other sensitive locations.
The FTC says (PDF) Mobilewalla “relied primarily on consumer information that Mobilewalla collected from real-time bidding exchanges” by bidding to show people personalized ads on their mobile devices and then retaining tracking info identifying them.
It also bought info from other sources and used additional data to build out the profiles attached to each advertising ID. Combining that data, according to the complaint, allowed Mobilewalla to create audience segments targeting pregnant women, as well as provide analysis of people who attended protests over the death of George Floyd.
Meanwhile, Venntel’s scheme is explained (PDF) as collecting location data from otherwise ordinary mobile apps, and then selling access to the data to other businesses or government agencies. 404 Media reports that the IRS, DEA, FBI, CBP, and ICE have all purchased Venntel data.
Now, the companies must comply by never “selling, disclosing, or using sensitive location data in any product or service, and must establish a sensitive data location program.”
Mobilewalla’s proposed settlement order will prohibit the company from:
Misrepresenting how it collects, maintains, uses, deletes or discloses consumers’ personal information, and the extent to which consumers’ location data is deidentified.
Using, transferring, selling and disclosing sensitive location data from health clinics, religious organizations, correctional facilities, labor union offices, LGBTQ+-related locations, political gatherings and military installations.
Senator Ron Wyden from Oregon, who led efforts to target a loophole data brokers used to sell sensitive personal data on the market, applauded the FTC and CFPB for limiting what the companies can collect. In a statement sent to The Verge, Wyden said these companies could sell information about “law enforcement, judges and members of the armed forces is on the open market” to “anyone with a credit card,” putting citizens and military personnel in danger.
Wyden also said US government agencies spied on Americans by obtaining this data without a warrant. “Many federal agencies hid behind the flimsy claim that Americans consented to the sale of their data, but the FTC’s orders make it clear how untrue these claims were,” said Wyden.
