U.S. sues broker for selling data that could track church, health clinic visits
WASHINGTON — The U.S. Federal Trade Commission (FTC) on Monday sued Idaho-based data broker Kochava Inc for selling geolocation data from hundreds of millions of mobile devices that could be used to track consumers.
The FTC said consumer data could be used to trace people’s movements to and from sensitive locations including “reproductive health clinics, places of worship, homeless and domestic violence shelters, and addiction recovery facilities.” Kochava responded by calling the FTC action “frivolous.”
The issue gained interest after a Supreme Court ruling in June overturned the Roe vs Wade decision that for decades guaranteed a constitutional right to an abortion. The technology industry has fretted police or other entities could access customers’ search history, geolocation and other information revealing pregnancy plans.
Brian Cox, general manager of Kochava, said “the FTC has a fundamental misunderstanding of Kochava’s data marketplace business and other data businesses. Kochava operates consistently and proactively in compliance with all rules and laws.”
Kochava said it had been in talks with the FTC for weeks and recently announced a function in the works to block geolocation data from sensitive locations.
The lawsuit seeks to halt Kochava’s sale of sensitive geolocation data and require the company to delete the sensitive geolocation information it has collected.
“Where consumers seek out health care, receive counseling, or celebrate their faith is private information that shouldn’t be sold to the highest bidder,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The FTC is taking Kochava to court to protect people’s privacy.”
The FTC said Kochava purchases vast troves of location information from other data brokers across hundreds of millions of mobile devices that is packaged into customized data. They then sell that data to clients including retailers looking at foot traffic.
The FTC alleges that Kochava failed to adequately protect its data from public exposure and until at least June “allowed anyone with little effort to obtain a large sample of sensitive data and use it without restriction.”
Democratic Senator Ron Wyden praised the FTC action saying he has been working “to protect Americans from shady data brokers trying to sell private reproductive data for a profit in post-Roe America.”
The Kochava data FTC reviewed “included precise, timestamped location data collected from than 61 million unique mobile devices in the previous week.”
The FTC lawsuit said consumers could subscribe to Kochava’a data feed through the Amazon Web Services marketplace until June. The FTC lawsuit said Kochava has asserted that it offers “rich geo data spanning billions of devices globally.”
In July, Alphabet’s Google said it would delete location data showing when users visit an abortion clinic, following concerns that a digital trail could inform law enforcement if someone terminates a pregnancy illegally.
Earlier this month, the FTC said it is considering writing rules to better protect Americans’ privacy and crack down on businesses that collect far-reaching personal information without consumers’ full understanding. (Reporting by David Shepardson in Washington and Akriti Sharma in Bengaluru; Editing by Arun Koyyur and Josie Kao)