The Federal Trade Commission (FTC) has filed a lawsuit against data broker Kochava, alleging the company sold data from hundreds of millions of devices.
Privacy-enhancing tech like VPNs can be used to hide your IP address, which contains some location-based data, but they cannot alter your GPS location — meaning consumers can’t even help themselves.
The FTC is particularly concerned with the harm this could cause specific consumers, whose health decisions and religious views — among other personal information — may be decipherable from data
FTC Kicks Off Legal Battle
In a statement published this week, the FTC — which has examined a data set of location data from 61 million unique mobile devices — explains that Kochava purchases “troves of location information derived from hundreds of millions of mobile devices,” which match specific mobile devices with timestamped locations.
“These data feeds can be used to assist clients in advertising and analyzing foot traffic at their stores and other locations” the statement continues.
“People are often unaware that their location data is being purchased and shared by Kochava and have no control over its sale or use” – FTC.
In the statement, the consumer watchdog alleges that the data broker’s “customized data feeds” allow the people who buy them to track the mobile devices of individuals.
The FTC also alleges that Kochava “fails to adequately protect its data from public exposure,” by allowing “anyone with little effort” to obtain huge swathes of sensitive information about real people and use it in an unrestricted way.
Why Is the FTC So Concerned?
The main reason, as stated in the FTC’s complaint, is that the sale of such data will put consumers at risk.
The data could, for instance, reveal information about a person’s health decisions. There’s concern that it could be used to find out if someone has visited an abortion clinic, as well as information about people who work at clinics that offer the medical procedure.
The news is particularly concerning in the context of the recent Supreme Court decision on Roe v. Wade, which had previously granted women the constitutional right to an abortion but has now been overturned.
The FTC also highlights that the data could be used to find out a person’s religious leanings, or more concerningly, “steps [a person is] taking to protect themselves from abusers.” This could be, for instance, the location of a person’s new home.
Kochava Bites Back
Kochava says that it “complies with all user data privacy and consent regulations” and that the FTC had a “fundamental misunderstanding” of how the firm’s business operated.
A month ago, it unveiled “Privacy Block,” which it claims will remove health-based location data from the murky marketplace where it’s all sold.
Data brokers will continue to make the news with increasing frequency, especially when affordable, consumer-facing tech like VPNs — however useful for other tasks, including enhancing privacy — don’t have the capacity to protect users.
It’s unlikely to be the last you’ll hear of Kochava — with the FTC’s lawsuit set to be decided in court imminently — and if we continue to use our phones in the way that we do now, our data will continue to be a hyper-valuable commodity.
