I think it's safe to assume they are selling such data.

https://www.techdirt.com/2021/08/25/isps-give-netflow-data-to-third-parties-who-sell-it-without-user-awareness-consent/

https://www.vice.com/en/article/dy3z9a/fbi-bought-netflow-data-team-cymru-contract

On Mon, May 15, 2023 at 6:01 PM Michael Thomas <mike@mtcc.com> wrote:

And maybe try to monetize it? I'm pretty sure that they can be compelled
to do that, but do they do it for their own reasons too? Or is this way
too much overhead to be doing en mass? (I vaguely recall that netflow,
for example, can make routers unhappy if there is too much "flow").

Obviously this is likely to depend on local laws but since this is NANOG
we can limit it to here.

Mike