FTC goes after three data brokers with enforcement actions

The Federal Trade Commission took action against three data brokers Tuesday, alleging the companies unlawfully tracked and sold sensitive consumer location data, including information that related to people’s visits to health care facilities and places of worship.

The FTC’s complaint accuses Virginia-based Gravy Analytics and its subsidiary Venntel of violating the FTC Act by allegedly obtaining consumer location information from other data suppliers and claiming to collect, process, and curate more than 17 billion signals from around a billion mobile devices daily. The location data the companies sold can be used to identify consumers and is not anonymized, according to the complaint.

Gravy Analytics also reportedly used geofencing technology to identify and sell lists of consumers based on sensitive personal characteristics such as health conditions, political activities, and religious viewpoints. 

Additionally, the FTC accused Georgia-based Mobilewalla of selling sensitive data that could reveal the location of a person’s home, along with using location data to create targeted advertising segments, including a June 2020 report analyzing George Floyd protesters’ racial backgrounds and city of residence.

“Surreptitious surveillance by data brokers undermines our civil liberties and puts servicemembers, union workers, religious minorities, and others at risk,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection.” 

The FTC order also says Mobilewalla, Gravy Analytics and Venntel won’t be allowed to sell or share any sensitive location data unless it’s for national security or law enforcement reasons. They also need to create a program to identify and protect sensitive places, including:

• Hospitals and medical centers
• Places of worship
• Prisons or jails
• Labor union offices
• Schools or childcare centers
• Services that help people based on race or ethnicity
• Shelters for the homeless, abuse victims, refugees, or immigrants
• Military bases

This current enforcement action marks the FTC’s fifth move this year to address the mishandling of location data, underscored by past actions against similar companies like Kochava and X-Mode for similar infractions.

The settlements come amid broader federal efforts, including the Consumer Financial Protection Bureau’s recent proposal to prevent brokers from selling sensitive personal information, such as Social Security numbers.

Gravy Analytics and Mobilewalla have yet to comment on the settlements, but the FTC is opening the agreements to public comment for 30 days before finalization.