On December 3, 2024, the United States Federal Trade Commission (FTC) issued law enforcement actions against three data brokers, prohibiting them from selling, disclosing or using sensitive location data in any product or service and requiring them to establish comprehensive data security programs to protect consumer information. The three data brokers identified were:
Gravy Analytics and their subsidiary Venntel
- Operates out of 44679 Endicott Dr Suite 300, Ashburn, VA 20147 and 2201 Cooperative Way, Herndon, VA 20171 respectively.
- Accused of violating the FTC Act by obtaining consumer location information, which is not anonymized, from other data suppliers and claiming to collect, process and curate over 17 billion signals from around a billion mobile devices daily.
- Accused of using geofencing technology to identify and sell lists of consumers based on sensitive personal characteristics, such as health conditions, political activities or religious viewpoints.
- Operates out of 5170 Peachtree Rd building 100 suite 100, Atlanta, GA 30341.
- Accused of selling sensitive data that reveals the location of a person’s home and using location data to create targeted advertising segments.
- Accused of collecting data from real-time bidding exchanges and third-party aggregators without consumer knowledge.