Companies that collect and share consumer data other than names, Social Security numbers, or other details traditionally thought of as personally identifiable information (PII) are being fingered by the Federal Trade Commission (FTC) for violating its rules.

The agency is amid a crackdown on businesses misusing browsing and location data. Any company compiling or selling geolocation data and browsing activity without consumer permission faces potential enforcement, warned the FTC’s Office of Technology in a blog post Monday.

The FTC is casting a wider net because this underlying data can provide “an intimate picture” of a person’s life, including their health conditions, financial status, sexual orientation, and religion. This type of data can also allow a person to be identified.