This week, the Federal Trade Commission fired a warning shot in the battle over consumer data privacy, filing a complaint against location data broker Gravy Analytics and its subsidiary Venntel. This enforcement action highlights growing regulatory concerns about how consumer data is collected, used, and sold - concerns that are particularly relevant for financial institutions.
What The FTC Found
The FTC's complaint revealed troubling practices:
- Collection and sale of precise location data from over a billion mobile devices daily
- Tracking detailed enough to identify specific rooms within buildings consumers visited
- Creation of sensitive consumer profiles including medical visits, religious activities, and political affiliations
- Sale of data to both commercial and government customers with minimal oversight
- Lack of meaningful consumer consent or awareness
CFPB Signals More Changes Ahead
Building on this enforcement action, the CFPB has now proposed new rules that would fundamentally change how data brokers can operate. The proposed regulations would give consumers more control over their personal information and restrict the sale of sensitive data that could enable fraud, stalking, or discrimination.
Impact on Community Financial Institutions
What this means for community financial institutions:
- Growing regulatory focus on consumer data rights and privacy protection
- Need for enhanced vendor due diligence, especially for marketing and data services
- Potential impacts on fintech partnerships that leverage location data
- Importance of clear consumer consent mechanisms
- Possible new compliance requirements for data sharing
Looking ahead, financial institutions should prepare for increased scrutiny of their data practices. The FTC action and CFPB proposal suggest this is just the beginning of a broader regulatory push toward consumer privacy protection.
Taking Action: Next Steps
If you're not already addressing these issues in your data governance program, start here:
- Map your current data collection practices and identify any location-based services
- Review and update vendor management processes to specifically assess data handling practices
- Audit your privacy notices and consent mechanisms for clarity and completeness
- Document how collected data flows through your organization and to third parties
- Create clear policies around data retention and deletion
- Establish a process for responding to consumer data requests
Community banks and credit unions that proactively address these issues will be better positioned to maintain trust while continuing to deliver the personalized services consumers expect.