FTC Suing Data Broker for Selling Off Location Data of US Citizens

The Commission voted 4-1 to file the complaint against Idaho-based broker Kochava.

The Federal Trade Commission (FTC) has filed a lawsuit against data broker Kochava, alleging the company sold data from hundreds of millions of devices.

Privacy-enhancing tech like VPNs can be used to hide your IP address, which contains some location-based data, but they cannot alter your GPS location — meaning consumers can’t even help themselves.

The FTC is particularly concerned with the harm this could cause specific consumers, whose health decisions and religious views — among other personal information — may be decipherable from data

FTC Kicks Off Legal Battle

In a statement published this week, the FTC — which has examined a data set of location data from 61 million unique mobile devices — explains that Kochava purchases “troves of location information derived from hundreds of millions of mobile devices,” which match specific mobile devices with timestamped locations.

“These data feeds can be used to assist clients in advertising and analyzing foot traffic at their stores and other locations” the statement continues.

“People are often unaware that their location data is being purchased and shared by Kochava and have no control over its sale or use” – FTC.

In the statement, the consumer watchdog alleges that the data broker’s “customized data feeds” allow the people who buy them to track the mobile devices of individuals.

The FTC also alleges that Kochava “fails to adequately protect its data from public exposure,” by allowing “anyone with little effort” to obtain huge swathes of sensitive information about real people and use it in an unrestricted way.

Why Is the FTC So Concerned?

The main reason, as stated in the FTC’s complaint, is that the sale of such data will put consumers at risk.

The data could, for instance, reveal information about a person’s health decisions. There’s concern that it could be used to find out if someone has visited an abortion clinic, as well as information about people who work at clinics that offer the medical procedure.

The news is particularly concerning in the context of the recent Supreme Court decision on Roe v. Wade, which had previously granted women the constitutional right to an abortion but has now been overturned.

The FTC also highlights that the data could be used to find out a person’s religious leanings, or more concerningly, “steps [a person is] taking to protect themselves from abusers.” This could be, for instance, the location of a person’s new home.

Kochava Bites Back

Kochava says that it “complies with all user data privacy and consent regulations” and that the FTC had a “fundamental misunderstanding” of how the firm’s business operated.

A month ago, it unveiled “Privacy Block,” which it claims will remove health-based location data from the murky marketplace where it’s all sold.

Data brokers will continue to make the news with increasing frequency, especially when affordable, consumer-facing tech like VPNs however useful for other tasks, including enhancing privacy — don’t have the capacity to protect users.

It’s unlikely to be the last you’ll hear of Kochava — with the FTC’s lawsuit set to be decided in court imminently — and if we continue to use our phones in the way that we do now, our data will continue to be a hyper-valuable commodity.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Aaron Drapkin is a Lead Writer at Tech.co. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol five years ago. As a writer, Aaron takes a special interest in VPNs, cybersecurity, and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, Cybernews, and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, ProPrivacy, The Week, and Politics.co.uk covering a wide range of topics.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals