Data Broker Gravy Analytics Penalized for Unlawful Tracking and Data Sales
Data Broker Gravy Analytics Penalized for Unlawful Tracking and Data SalesIn recent months, the Federal Trade Commission (“FTC”) has intensified its efforts to regulate the collection and sale of sensitive location data by data brokers. A recent case involving Gravy Analytics Inc. and its subsidiary Venntel Inc. has shed light on the risks posed by the unauthorized sale of consumers’ personal location data, and it underscores the urgent need for businesses to prioritize privacy and transparency when handling consumer information.
The FTC’s complaint alleges that Gravy Analytics and Venntel unlawfully tracked consumers and sold sensitive location data, such as visits to healthcare facilities and places of worship, without obtaining verifiable consent. This practice raised serious concerns regarding consumer privacy, as it exposed individuals to potential harm, including discrimination, violence, and emotional distress. By exploiting geofencing technology, the companies identified and tracked consumers based on their visits to certain locations, selling this data to third-parties for various purposes, including advertising and government surveillance.
The FTC has made it clear that these practices are a violation of the FTC Act. This case is the fourth instance this year where the FTC has intervened in the sale of sensitive location data, demonstrating a growing commitment to protecting consumer privacy in the age of digital surveillance. As a result, Gravy Analytics and Venntel have agreed to a proposed settlement order that prohibits the companies from selling, transferring, or using sensitive location data in any product or service, except in very specific circumstances involving national security or law enforcement.
For businesses that collect or sell consumer data, this action serves as a wake-up call to reassess their data privacy practices. The proposed order highlights several key compliance measures that companies in similar industries must adopt to avoid facing similar scrutiny. First and foremost, businesses must obtain clear, informed consent from consumers before collecting or using their location data. Additionally, companies must develop robust privacy programs that identify and protect sensitive locations, such as medical facilities, religious organizations, and military installations, from being tracked or sold.
Furthermore, the case underscores the importance of maintaining transparency with consumers. Businesses must ensure that consumers are fully informed about how their data is being collected, used, and shared. This includes providing clear disclosures about what data is being collected and how long it will be retained. If data is shared with third-parties, companies must make sure that proper consent has been obtained, and they must monitor their data suppliers to ensure compliance with privacy regulations.
For businesses that are currently handling sensitive location data, it is crucial to assess whether the data they have collected is anonymized or de-identified. If not, companies must implement procedures to de-identify this data or seek consumers’ consent before using it for any purpose. Retaining data indefinitely also poses risks; businesses should establish clear data retention policies and allow consumers to request the deletion of their data when appropriate.
The FTC’s action against Gravy Analytics and Venntel sends a strong message that companies must prioritize consumer privacy and be transparent about how they use personal data. As the digital landscape continues to evolve, it is essential for businesses to stay ahead of regulatory changes and adopt responsible data practices.
If you would like to read more about this case and others, visit our Case Studies Library.
(Image Credit: iStock Photo)
This article is for information purposes only. It is not intended to be and should not be relied on as legal advice for any particular matter.