Source URL: https://www.ftc.gov/news-events/news/press-releases/2024/12/ftc-takes-action-against-gravy-analytics-venntel-unlawfully-selling-location-data-tracking-consumers
Source: Hacker News
Title: FTC takes action against Gravy Analytics, Venntel for selling location data
Feedly Summary: Comments
AI Summary and Description: Yes
**Summary:** The Federal Trade Commission (FTC) has initiated action against Gravy Analytics Inc. and its subsidiary Venntel Inc. for improperly selling sensitive location data without user consent. The proposed settlement aims to enhance consumer privacy protections and implement stricter controls on the handling of sensitive data, marking a significant move in the regulatory landscape concerning data privacy.
**Detailed Description:**
The FTC’s action against Gravy Analytics and Venntel is indicative of a broader effort to enforce privacy and consumer protection laws regarding the handling of sensitive location data. Here are the major points emphasized in the action:
– **Allegations of Unlawful Practices:**
– Both companies are accused of tracking and selling sensitive location data without obtaining verifiable user consent.
– The nature of the data sold includes visits to health facilities and religious places, raising concerns about personal privacy.
– **Enforcement Actions Taken:**
– The FTC’s complaint alleges that the companies violated the FTC Act and continually used location data despite being aware that they lacked consumer consent.
– The method of data collection involved geofencing, which allowed the companies to sell lists of consumers based on their attendance at sensitive locations.
– **Proposed Settlement Provisions:**
– Gravy Analytics and Venntel will be prohibited from selling or using sensitive location data except in specific circumstances tied to national security or law enforcement.
– The companies must establish a sensitive data location program to identify and manage sensitive locations.
– A mandate to delete all historical location data and inform customers regarding the deletion of sensitive data collected in the past three years.
– **Consumer Protections:**
– The settlement requires the companies to ensure that consumers’ data is deidentified or that they have obtained explicit consent for its use.
– There are also clear requirements for maintaining compliance oversight concerning data suppliers to verify consumer consent.
– **Broader Implications:**
– This action represents the FTC’s fifth intervention regarding the handling of sensitive location data, underlining a growing trend in regulatory scrutiny over data brokers and their practices.
– The FTC aims to protect vulnerable groups, including servicemembers and religious minorities, from potential privacy harms and risks associated with data disclosures.
This case marks a critical juncture in data privacy legislation and regulation, highlighting the need for businesses dealing with sensitive consumer data to adopt more robust compliance strategies to avoid penalties and ensure consumer trust. Security and compliance professionals should take heed of the FTC’s ongoing efforts and adjust their data handling practices accordingly to adhere to government regulations.