If a Data Broker Goes Bankrupt, What Happens to Your Sensitive Data?

The Markup, now a part of CalMatters, uses investigative reporting, data analysis, and software engineering to challenge technology to serve the public good. Sign up for Klaxon, a newsletter that delivers our stories and tools directly to your inbox.

\ In 2021, a company specializing in collecting and selling location data called Near bragged that it was “The World’s Largest Dataset of People’s Behavior in the Real-World,” with data representing “1.6B people across 44 countries.” Last year the company went public with a valuation of $1 billion (via a SPAC). Seven months later it filed for bankruptcy and has agreed to sell the company.

\ But for the “1.6B people” that Near said its data represents, the important question is: What happens to Near’s mountain of location data? Any company could gain access to it through purchasing the company’s assets.

\ The prospect of this data, including Near’s collection of location data from sensitive locations such as abortion clinics, being sold off in bankruptcy has raised alarms in Congress. Last week, Sen. Ron Wyden wrote the Federal Trade Commission (FTC) urging the agency to “protect consumers and investors from the outrageous conduct” of Near, citing his office’s investigation into the India-based company.

\ Wyden’s letter also urged the FTC “to intervene in Near’s bankruptcy proceedings to ensure that all location and device data held by Near about Americans is promptly destroyed and is not sold off, including to another data broker.” The FTC took such an action in 2010 to block the use of 11 years worth of subscriber personal data during the bankruptcy proceedings of the XY Magazine, which was oriented to young gay men. The agency requested that the data be destroyed to prevent its misuse.

\ Wyden’s investigation was spurred by a May 2023 Wall Street Journal report that Near had licensed location data to the anti-abortion group Veritas Society so it could target ads to visitors of Planned Parenthood clinics and attempt to dissuade women from seeking abortions. Wyden’s investigation revealed that the group’s geofencing campaign focused on 600 Planned Parenthood clinics in 48 states. The Journal also revealed that Near had been selling its location data to the Department of Defense and intelligence agencies.

\ As of publication, Near has not responded to requests for comment.

\ According to Near’s privacy policy, all of the data they have collected can be transferred to the new owners. Under the heading of “Who do you share my personal data with?” It lists “Prospective buyers of our business.”

\ This type of clause is common in privacy policies, and is a regular part of businesses being bought and sold. Where it gets complicated is when the company being sold owns data containing sensitive information.

\ This week, a new bankruptcy court filing showed that Wyden’s requests were granted. The order placed restrictions on the use, sale, licensing or transfer of location data collected from sensitive locations in the U.S. and requires any company that purchases the data to establish a “sensitive location data program” with detailed policies for such data and ensure ongoing monitoring and compliance, including the creation of a list of sensitive locations such as reproductive health care facilities, doctor’s offices, houses of worship, mental health care providers, corrections facilities and shelters among others. The order demands that unless consumers have explicitly provided consent, the company must cease any collection, use or transfer of location data.

\ In a statement emailed to The Markup, Sen. Wyden wrote, “I commend the FTC for stepping in – at my request – to ensure that this data broker’s stockpile of Americans’ sensitive location data isn’t abused, again.”

\ Wyden called for protecting sensitive location data from data brokers citing the new legal threats to women since the Supreme Court’s June 2022 decision to overturn the abortion-rights ruling Roe v. Wade. Wyden wrote, “The threat posed by the sale of location data is clear, particularly to women who are seeking reproductive care.”

\ The bankruptcy order also provided a rare glimpse into how data brokers license data to one another. Near’s list of contracts included agreements with several location brokers, ad platforms, universities, retailers, and city governments.

\

• The order listed “Data Monetization” agreements with location data broker X-Mode from 2017 through 2023, including an agreement valued at $122,706 from 2023 with X-Mode parent Digital Origin. The FTC recently banned X-Mode from selling sensitive location data as part of a settlement. The Markup previously revealed that X-Mode was one of the companies family tracking app Life360 was selling location data to (the company has since limited such data sales).
• Location data broker Tamoco was listed as having a data licensing agreement from 2021 that was amended in 2023.
• Location data broker Irys was listed as having a data supplier agreement with Near from 2019, worth $72,000.  Irys and Tamoco were both among the 47 companies that The Markup identified as part of the multibillion-dollar location data industry.

\ It is not clear from the filing if the agreements covered Near data being licensed, Near licensing the data from the companies, or both.

Credits

• Jon Keegan, Investigative Data Journalist

Design and Graphics

• Gabriel Hongsdusit

Engagement

• Maria Puertas

Editing

• Sisi Wei

\ Also published here

\ \