Kochava sued by the FTC for selling information that tracks people at sensitive locations including religious institutions and reproductive health clinics.
Kochava is being sued by the FTC for selling information that tracks people at sensitive locations including religious institutions and reproductive health clinics. The Agency alleges that it is possible to identify people and track their movements using Kochava’s geolocation data from hundreds of millions of mobile devices.
Due to Kochava Inc.’s sale of geolocation data from hundreds of millions of mobile devices, which can be used to track people’s travels to and from sensitive places, the Federal Trade Commission launched a case against the data broker. The visits that people make to places of worship, shelters for the homeless and victims of domestic abuse, and centers for addiction treatment may all be seen in Kochava’s data. The FTC claims that Kochava is making it possible for others to identify people by selling data on them, putting such people at risk of being stigmatized, stalked, discriminated against, fired from their jobs, and even subjected to physical assault. The FTC is suing Kochava in an effort to stop the company from selling sensitive geolocation data and to force it to remove the data it has already gathered.
“Where consumers seek out health care, receive counseling, or celebrate their faith is private information that shouldn’t be sold to the highest bidder,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The FTC is taking Kochava to court to protect people’s privacy and halt the sale of their sensitive geolocation information.”
Idaho-based Kochava purchases vast troves of location information derived from hundreds of millions of mobile devices. The information is packaged into customized data feeds that match unique mobile device identification numbers with timestamped latitude and longitude locations. According to Kochava, these data feeds can be used to assist clients in advertising and analyzing foot traffic at their stores and other locations. People are often unaware that their location data is being purchased and shared by Kochava and have no control over its sale or use.
In a complaint filed against Kochava, the FTC alleges that the company’s customized data feeds allow purchasers to identify and track specific mobile device users. For example, the location of a mobile device at night is likely the user’s home address and could be combined with property records to uncover their identity. In fact, the data broker has touted identifying households as one of the possible uses of its data in some marketing materials.
According to the FTC’s complaint, Kochava’s sale of geolocation data puts consumers at significant risk. The company’s data allows purchasers to track people at sensitive locations that could reveal information about their personal health decisions, religious beliefs, and steps they are taking to protect themselves from abusers. The release of this data could expose them to stigma, discrimination, physical violence, emotional distress, and other harms.
The FTC alleges that Kochava fails to adequately protect its data from public exposure. Until at least June 2022, Kochava allowed anyone with little effort to obtain a large sample of sensitive data and use it without restriction. The data sample the FTC examined included precise, timestamped location data collected from more than 61 million unique mobile devices in the previous week. Using Kochava’s publicly available data sample, the FTC complaint details how it is possible to identify and track people at sensitive locations.
Protecting sensitive consumer data, including geolocation and health data, is a top priority for the FTC. This month, the FTC announced that it is exploring rules to crack down on harmful commercial surveillance practices that collect, analyze, and profit from information about people. In July, the FTC warned businesses that the agency intends to enforce the law against the illegal use and sharing of highly sensitive consumer data, including sensitive health data. Last year, the FTC issued a policy statement warning health apps and connected devices that collect or use consumers’ health information that they must notify consumers and others when that data is breached as required by the Health Breach Notification Rule. In 2021, the agency also took action against the fertility app Flo Health for sharing sensitive health data with third parties. FTC finalized an order with Flo health, a fertility-tracking app that shared sensitive health data with Facebook, Google, and others.
Source information: FTC Government News