The Federal Trade Commission (FTC) has been on a mission to communicate its seriousness about companies collecting, using, and selling consumers’ sensitive location data and that it is closely watching these practices.

On December 3, 2024, the FTC announced that it entered into a proposed order with Gravy Analytics and its subsidiary Venntel “for unlawfully selling location data tracking consumers to sensitive sites” and that the order “bans the use or sale of data associated with military sites, churches, labor unions and other sensitive locations.” Other locations noted include “religious organizations, correctional facilities, schools or childcare facilities, services supporting people based on racial and ethnic backgrounds, services sheltering homeless, domestic abuse, refugee or immigrant populations, and military installations.”

According to the press release, the proposed order requires Gravy Analytics and Venntel to implement a sensitive data location program, and they are prohibited from “selling, disclosing, or using sensitive location data in any product or service.” The FTC alleged in a complaint that Gravy Analytics “unfairly sold sensitive characteristics, like health or medical decisions, political activities and religious viewpoints, derived from consumers’ location data.”

The FTC alleged that Gravy Analytics “used geofencing, which creates a virtual geographical boundary, to identify and sell lists of consumers who attended certain events related to medical conditions and places of worship and sold additional lists that associate individual consumers to other sensitive characteristics.”

The proposed order requires the companies to delete all historic location data, unless the company obtains consent from consumers, or the data is “deidentified or rendered non-sensitive.”

The FTC noted that “this is [its] fourth action taken this year challenging the sale of sensitive location data, and it’s past time for the industry to get serious about protecting Americans’ privacy.”  Message heard.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.