FTC bans data brokers from selling Americans’ sensitive location data

Today, the FTC banned data brokers Mobilewalla and Gravy Analytics from harvesting and selling Americans' location tracking data linked to sensitive locations, like churches, healthcare facilities, military installations, and schools.

The FTC says Mobilewalla and Gravy Analytics unlawfully collected and sold location data collected from consumers, including data linked to their visits to places of worship and health-related locations.

Virginia-based Gravy Analytics and its subsidiary Venntel used this information to build products and services, allowing customers to search through at least three years of historical data (including raw, precise mobile location data).

Customers—including government agencies like the IRS, DEA, FBI, Customs and Border Protection (CBP), and Immigration and Customs Enforcement (ICE), as 404 Media reported—could also get a list of Mobile Advertising IDs (MAIDs) who attended a specific event or were present at a location during a custom timeframe, according to the FTC's complaint.

Venntel also provided them with other tools that allowed them to:

• Geo-fence specific locations and collect VIDs (Venntel unique persistent identifiers) that enter the location, along with IP addresses and timestamps, among other information associated with the identifier;
• "Continuously" track a single device;
• Obtain device information about the mobile device associated with a VID, such as operating system, device brand, carrier type, and IP address; and
• Search location signals associated with specific IP addresses.

The FTC also estimates that Georgia-based Mobilewalla collected over 2 billion unique advertising identifiers between January 1, 2018, and June 30, 2020. It also harvested MAIDs paired with location information for more than 183 million devices in 2021 and over 10 million in the first four months of 2022.

"Under today's proposed order, which settles FTC's allegations, Gravy Analytics and Venntel will be prohibited from selling, disclosing, or using sensitive location data in any product or service, and must establish a sensitive data location program," the independent consumer protection agency said.

"Under the FTC's proposed settlement order, Mobilewalla will also be banned from collecting consumer data from online advertising auctions for purposes other than participating in those auctions, marking the first time the agency has alleged such a practice was an unfair act or practice," the FTC added.

The order also mandates that the two data aggregators erase all historical location data along with any data products created using this information.

Today's actions are just the latest targeting companies that have unlawfully collected and sold Americans' sensitive location data.

In 2022, the FTC also sued location data broker Kochava for selling precise geolocation data (in meters) tracking millions of mobile users' movements to and from sensitive locations like mental care, reproductive health, addiction recovery facilities, or shelters for domestic violence survivors.

Earlier this year, it also banned data brokers InMarket Media and Outlogic (formerly X-Mode Social) from selling Americans' precise location data.