Data‑Sharing Warnings Rise
- Social posts warned about expanding risks from data sharing and reminded operators they may legally sell user data. - The warnings emphasized the need for clearer disclosures and stronger governance around secondary data uses. - That messaging is appearing as regulators and users push for transparency and more control mechanisms. (x.com)
Warnings about data sharing are getting sharper as regulators move from privacy notices to enforcement against companies that sell or repurpose personal data. (ftc.gov) The Federal Trade Commission said on February 9, 2026 that it sent letters to 13 data brokers about the Protecting Americans’ Data from Foreign Adversaries Act of 2024, which bars brokers from providing sensitive identifiable data about Americans to foreign adversaries. (ftc.gov) California opened a new state-run Delete Request and Opt-Out Platform, or DROP, on January 1, 2026, letting residents send one deletion request to more than 500 registered data brokers at once. Data brokers must start processing those requests on August 1, 2026, and have 90 days to delete the data. (privacy.ca.gov) California defines a data broker as a business that collects and sells personal information about people with whom it has no direct relationship. The state registry says brokers must register every year, pay a fee, and disclose the categories of data they collect. (privacy.ca.gov) The pressure is also coming through case-by-case enforcement. On March 30, 2026, the Federal Trade Commission said OkCupid and Match Group Americas shared users’ photos and location information with an unrelated third party despite privacy promises that said otherwise. (ftc.gov) Earlier actions focused on the data broker market itself. The Federal Trade Commission finalized an order against Mobilewalla on January 14, 2025 that bars the company from unlawfully tracking and selling sensitive location data, including data tied to visits to medical facilities and other sensitive places. (ftc.gov) California tightened the disclosure side at the same time. The California Privacy Protection Agency says data brokers registering in 2026 must report metrics on deletion and access requests from the prior year through DROP. (cppa.ca.gov) That is changing what “data sharing” means in practice. It no longer covers only an app passing data to a service provider; regulators are now scrutinizing secondary uses, resale, and transfers to buyers the consumer never sees. (ftc.gov) For users, the practical shift is that more of this trade is being named and surfaced in public filings, enforcement orders, and state tools. For companies, the immediate test is whether their disclosures match what their data pipelines actually do. (privacy.ca.gov)
