In the wake of several scandals exposing how data brokers endanger military service members, intelligence officers, and average Americans, federal consumer protection agencies on Tuesday announced a series of proposals that would restrict how the industry traffics sensitive personal information.
First, the Consumer Financial Protection Bureau proposed a new rule that would severely limit data brokers’ ability to sell Americans’ sensitive personal information by subjecting them to the same restrictions as credit bureaus like Experian, Equifax, and TransUnion. Second, the Federal Trade Commission announced proposed settlement orders with the data brokers Gravy Analytics, its subsidiary Venntel, and Mobilewalla that would prohibit the companies from using or sharing information about consumers’ visits to medical facilities, religious organizations, labor union offices, schools, military installations, and other sensitive locations.
“Persistent tracking by data brokers can put millions of Americans at risk, exposing the precise locations where service members are stationed or which medical treatments someone is seeking,” FTC Chair Lina Khan said in a statement.
Gravy Analytics did not immediately respond to requests for comment.
“Mobilewalla respects consumer privacy and has been evolving our privacy protections throughout our history as a company,” Laurie Hood, a spokesperson for the company, wrote in an email. “While we disagree with many of the FTC’s allegations and implications that Mobilewalla tracks and targets individuals based on sensitive categories, we are satisfied that the resolution will allow us to continue providing valuable insights to businesses in a manner that respects and protects consumer privacy.”
With Congress repeatedly stalling out over privacy legislation, the CFPB’s proposed rule and FTC’s proposed settlements mark some of the most significant federal efforts in years to prevent individuals’ personal data and location history from being sold for any purpose to anyone.
While the fate of the enforcement actions will largely rest in the unpredictable hands of the incoming Trump administration, the proposals come on the heels of scandals that have exposed how the data broker industry jeopardizes the safety of law enforcement, soldiers, and spies, prompting criticism from both parties.
Last month, a WIRED investigation found that the data broker Datastream Group was selling location data that could be used to track American military and intelligence personnel overseas. In September, researchers purchased location data and used it to track the movements of Securities and Exchange Commission investigators. Meanwhile, police officers in New Jersey are suing more than 100 data brokers for failing to remove personal information, including their home addresses, from the web as required by state law.
“These aren’t isolated incidents – they represent a systemic vulnerability in how our personal data is bought and sold,” CFPB Director Rohit Chopra said in a statement.
The CFPB says its new rule is aimed at preventing data brokers from freely selling that kind of information, which in addition to jeopardizing national security and law enforcement also threatens the safety of survivors of stalking and domestic violence and fuels a wide range of financial scams.
The proposal clarifies that any company that sells information about a consumer’s credit history, credit score, debt payments, or income must follow the Fair Credit Reporting Act’s rules for consumer reporting. That would restrict the purposes for which data brokers could sell information—for example, the rule would prevent the use of consumer report data to target advertisements—and require data brokers to obtain clear consent from consumers before obtaining or sharing such information.
“This means they could no longer dodge their obligations and would need to follow the same consumer protection rules as major credit bureaus, including accuracy requirements and providing consumers access to their information,” Chopra said.
Additionally, the rule would restrict the sale of specific personal identifiers like social security numbers and home addresses so that data brokers could only sell that information for certain purposes.
Notably, however, it would do little to restrict American law enforcement and spy agencies from purchasing that same sensitive and personally identifiable information. As author Byron Tau has reported, federal and state agencies have increasingly turned to data brokers like Gravy Analytics and Mobilewalla to obtain sensitive information without a warrant that can then be used to track and profile Americans.
The FTC settlements also include exceptions for sharing sensitive location data with national security and law enforcement agencies.
)
English (US) ·