Source URL: https://www.theregister.com/2024/12/04/ftc_data_brokers/
Source: The Register
Title: FTC scolds two data brokers for allegedly selling your location to the metre
Feedly Summary: ‘Where we go is who we are’ totally isn’t a creepy ad slogan at all
The FTC has reached a settlement with two data brokerages over allegations they harvested precise location data that shows when people entered hospitals, places of worship, and even attended protests supporting the late George Floyd.…
AI Summary and Description: Yes
Summary: The article discusses the FTC’s recent settlement with data brokerages Gravy Analytics and Mobilewalla over allegations of improperly harvesting and selling sensitive location data without user consent. The settlements highlight the increasing regulatory scrutiny on data brokers and the necessity for enhanced privacy protections, particularly in how sensitive personal data is managed and stored.
Detailed Description:
The Federal Trade Commission (FTC) has recently settled with Gravy Analytics and Mobilewalla, two data brokerages accused of selling highly sensitive location data, illustrating significant privacy concerns surrounding the handling of personal information.
Key points of the case include:
– **Sensitive Data Collection**:
– The companies allegedly harvested precise location data, which could distinguish movements within various locations like hospitals and religious institutions.
– Data was sourced from app developers and was not fully anonymized, raising concerns over personal privacy.
– **Legal and Compliance Issues**:
– Central to the FTC’s action was the lack of informed consent for data collection practices.
– Both companies are now required to implement consent safeguards and delete improperly obtained location data.
– **Regulatory Landscape**:
– The unanimous decision from the FTC commissioners emphasizes the bipartisan concern over consumer privacy.
– In conjunction with the FTC’s actions, the Consumer Financial Protection Bureau (CFPB) proposed rules targeting the sale of sensitive personal information, indicating a broader governmental push for data protection.
– **Data Security Implications**:
– The article highlights the necessity for strict security measures. A related incident involving a data broker exposing sensitive files through an unsecured AWS S3 bucket underscores existing vulnerabilities in data management practices.
– **Future Outlook**:
– There is expectation for enhanced privacy policies and stricter compliance standards as these regulatory bodies exert greater oversight on data brokers and data protection practices.
This case serves as a critical reminder for security and compliance professionals on the importance of ensuring user consent, the risks of data commodification, and the need for robust security measures in protecting sensitive data in compliance with evolving regulations.