This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read
Reposted from Taylor English Insights

Data Broker in Bankruptcy is Prohibited from Selling "Sensitive" Location Data Unless Buyer Promises to Treat Data Carefully

Data broker Near, an India-based company, has gone into bankruptcy seven months after a splashy IPO. Touting that it held data about 1.6 billion people, Near has come under fire in bankruptcy as it tries to sell off its assets…including all that data. Sen. Ron Wyden petitioned the FTC in late February to stop the company from selling off “sensitive” location data such as that tied to abortion clinics. The result is that no buyer can purchase such data from Near unless it institutes a program of controls over the use of such data.

Why It Matters

There are two notable features to this story: first, the question of what might constitute “sensitive” data that needs protection; and second, that both a sitting senator and a regulatory agency felt compelled to step into a bankruptcy proceeding on public policy grounds relating to the assets of the bankrupt company. In both cases, the story offers reason for other companies with location data, healthcare data, and other demographically sensitive information to be cautious about how they treat it – both for their own use and in trying to transfer it to third parties. Most companies have a clause in their privacy policy that says they might sell data if they sell their company, but that might not always be feasible.  

Subscribe to Taylor English Insights by topic here.

This week, a new bankruptcy court filing showed that Wyden’s requests were granted. The order placed restrictions on the use, sale, licensing or transfer of location data collected from sensitive locations in the U.S. and requires any company that purchases the data to establish a “sensitive location data program” with detailed policies for such data and ensure ongoing monitoring and compliance, including the creation of a list of sensitive locations such as reproductive health care facilities, doctor’s offices, houses of worship, mental health care providers, corrections facilities and shelters among others. The order demands that unless consumers have explicitly provided consent, the company must cease any collection, use or transfer of location data.

Tags

data security and privacy, hill_mitzi, health care, technology