FTC Cracks Down on Companies Selling Sensitive Location Data to Government
The U.S. Federal Trade Commission (FTC) has taken decisive action against companies that collected data from citizens’ mobile devices through apps and advertising platforms, subsequently providing this information to government agencies and other organizations. The FTC has mandated the deletion of all previously gathered data pertaining to sensitive locations, such as medical facilities, religious institutions, schools, and military bases. Among the sanctioned entities are Gravy Analytics and its subsidiary, Venntel.
Venntel emerged as a pivotal supplier of data for surveillance tools employed by government bodies. For instance, Locate X, a program by Babel Street, enables the tracking of individuals’ movements via smartphones, down to clinic visits and residential locations.
According to the FTC, the companies sold and exploited sensitive data without users’ consent, thereby infringing upon privacy rights. The commission further determined that the companies distributed this sensitive information even in the absence of user authorization.
The data collection was conducted through popular applications, including weather and navigation services. These apps transmitted data to intermediaries, which was then relayed to Gravy for sale to marketers. Venntel supplied the data to government agencies such as the Internal Revenue Service (IRS), the Drug Enforcement Administration (DEA), the FBI, and U.S. Customs and Immigration Services. Other clients included firms like Fog Data Science, which provide similar products to local law enforcement.
The FTC reports that Gravy and Venntel process over 17 billion signals daily from approximately one billion devices. The commission stated that the companies’ actions jeopardize civil liberties and the safety of vulnerable groups, including military personnel, religious minorities, and labor union activists.
Previously, it was revealed that U.S. military bases in Europe were endangered by location data leaks initially collected for targeted advertising. Investigations uncovered that U.S. companies, while legally gathering data for advertising purposes, effectively facilitated the tracking of movements associated with military and intelligence personnel, posing significant risks to national security.
