WASHINGTON, D.C. — The Federal Trade Commission (FTC) has announced a proposed settlement against Virginia-based data brokers Gravy Analytics Inc. and its subsidiary Venntel Inc. for unlawfully collecting, selling, and using sensitive location data. The complaint alleges the companies compromised consumer privacy by tracking visits to sensitive locations such as medical facilities, places of worship, and correctional institutions — all without obtaining verifiable consent.
According to the FTC, the companies processed and sold data derived from over 17 billion daily signals collected across approximately one billion mobile devices. The data was used to compile lists connecting consumers to sensitive attributes, including health decisions and religious or political affiliations. The FTC asserts that such data was neither anonymized nor collected with proper transparency, exposing individuals to risks such as discrimination, stigma, and unauthorized surveillance.
“Surreptitious surveillance by data brokers undermines our civil liberties and puts servicemembers, union workers, religious minorities, and others at risk,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection.
Settlement Order Requirements
Under the proposed settlement, Gravy Analytics and Venntel face a broad prohibition on selling, sharing, or using sensitive location data except for limited law enforcement or national security purposes. Key provisions of the settlement include:
- Sensitive Data Program: The companies must establish a robust program to identify and prevent the misuse of sensitive data tied to medical facilities, religious centers, labor unions, and similar institutions.
- Data Deletion Mandate: Historic location data and associated products must be deleted, with notification provided to clients requiring similar action for data purchased within the last three years.
- Consent Framework: The companies are required to implement a supplier assessment program ensuring data collection and usage are explicitly consented to by consumers.
- Transparency Requirements: Misrepresentations about data practices — including compliance frameworks, consumer notices, and the extent of data deidentification — are strictly barred.
Implications for Data Privacy
This case marks another milestone in the FTC’s ongoing efforts to regulate the data broker industry, highlighting the agency’s firm stance on protecting individuals’ privacy in an age of pervasive digital tracking. By addressing the misuse of precise location data, the FTC seeks to set clearer boundaries for companies handling sensitive consumer information. The action against Gravy Analytics and Venntel underscores the need for transparency, accountability, and robust privacy safeguards in the $200 billion global data broker market.
For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News and MSN.