The Federal Trade Commission (FTC) has banned data brokers Gravy Analytics and Mobilewalla from collecting, using or selling sensitive location data that reveals Americans’ visits to places like healthcare facilities, military bases and religious institutions.
The settlements, announced on Tuesday, also require both companies to delete previously collected data and impose strict controls to prevent future violations.
The FTC accused Gravy Analytics, along with its subsidiary Venntel, and Mobilewalla of violating privacy laws by gathering detailed location data without consumer consent. This data was sold to third parties, including advertisers and government agencies, and used to identify visits to sensitive locations.
“This breach shows how mobile advertising IDs, often touted as non-identifying, can be used to identify and track specific people,” commented Paul Bischoff, consumer privacy advocate at Comparitech. “The threat of this data being sold goes beyond the usual threats of phishing and scams. It enables stalking, harassment and domestic abuse.”
The FTC’s investigation highlighted the lack of transparency in how the companies collected and used this information. According to the probe, Gravy Analytics sold location data that included insights into individuals’ health, political, and religious activities. Meanwhile, Mobilewalla sed non-anonymized data from online advertising auctions to build detailed audience profiles, including an analysis of attendees at 2020 Black Lives Matter protests.
Both companies allegedly continued these practices despite being aware of the potential risks and lack of user consent.
Settlement Requirements
Under the settlements, Gravy Analytics and Mobilewalla must:
-
Stop collecting and selling location data from sensitive sites, such as health clinics, military installations and schools
-
Implement programs to identify and block data from sensitive locations
-
Delete all previously collected location data and related products
The settlements also prohibit the companies from misrepresenting how they collect, use or protect personal information.
Broader Context and Reactions
The actions are part of the Biden administration’s increased focus on consumer privacy.
“The collection of data on individuals has become a very controversial topic for many and is not being helped by the repeated failures to protect the sensitive information being collected by these organizations,” said Erich Kron, security awareness advocate at KnowBe4.
“Restricting the collection of things like location information is an important step, especially for those in professions where the disclosure of this information could be a danger to them and their families or might make them a target of hate groups due to religious or other affiliations.”
Public comments on the settlements are open for 30 days before they are finalized. The FTC’s move underscores the growing scrutiny of data brokers and their role in the digital ecosystem.