By Randy Hutchinson
President of the BBB of the Mid-South
Reprinted from The Commercial Appeal
Data brokers violate the FTC Act if they collect and sell consumers’ sensitive location and other data without obtaining verifiable user consent. The FTC reached settlements in January with two companies it alleged violated the Act. They represent the fourth and fifth such actions the FTC has taken against data brokers.
The FTC said Mobilewalla collected data from online advertising auctions and third-party data aggregators about consumers who often had no knowledge their information was being obtained. In a two-year period the company collected more than 500 million consumer advertising identifiers that were paired with precise location data.
The raw location data wasn’t anonymized and could be used to identify individual users’ mobile devices, their home addresses, and sensitive locations they visited. Mobilewalla sold access to the data to advertisers, data brokers and analytic firms. Locations included visits to health clinics, including pregnancy centers, and places of worship; and the data was used to develop audience segments its clients could use for targeted advertising and other purposes.
The Director of the FTC’s Bureau of Consumer Protection said, “Mobilewalla collected vast amounts of sensitive consumer data – including visits to health clinics and places of worship – and sold this data in a way that exposed consumers to harm.” The FTC cited potential discrimination, physical violence, emotional distress, and other harms that consumers couldn’t protect themselves from since they didn’t know their information was being collected.
The second recent case involved similar allegations against Gravy Analytics and its subsidiary Venntel. The FTC said Gravy Analytics sold sensitive information like health or medical decisions, political activities, and religious viewpoints derived from consumers’ location data. The company continued to use the data even when it learned consumers didn’t provide informed consent.
Gravy Analytics allegedly obtained consumer location data from other data suppliers and claimed to collect, process, and curate more than 17 billion signals from around a billion mobile devices daily. The data could be used to identify consumers and result in disclosure of health or medical decisions, political activity, and religious practices. The FTC said it could put them at risk of stigma, discrimination, violence and other harms.
In this case, the FTC official said, “Surreptitious surveillance by data brokers undermines our civil liberties and puts servicemembers, union workers, religious minorities, and others at risk.” The proposed settlement with Gravy Analytics mentions other sensitive locations including correctional facilities, schools or childcare facilities, and shelters for homeless and domestic abuse populations.
The terms of the proposed settlements with Mobilewalla and Gravy Analytics differ in some details, but at a high level both must reform their practices for collecting, using, selling, and protecting sensitive data about consumers’ locations. They have to delete historic location data and any products developed from the data.
I couldn’t find any easy, foolproof advice for consumers to prevent their data from being collected by companies they’ve never heard of. The U.S. Public Interest Research Group recommends that you start by not accepting web cookies and by turning on default privacy settings on your smartphone.
There are companies that claim they can prevent your data from being collected and/or get it deleted. Check them out and be sure you understand exactly what they’ll do for you.