FTC Sues Data Broker For Selling Sensitive Location Data
The Federal Trade Commission (FTC) has filed a lawsuit against an Idaho-based data broker called Kochava, alleging that its customized data feeds allow purchasers to track end users at sensitive locations like places of worship and addiction recovery centers.
The lawsuit is the latest move by the FTC around data security and privacy policies under Lina Khan’s administration since she was sworn in as the FTC chair in June 2021. In March, the FTC cracked down on online retailer CafePress after the company allegedly covered a major data breach and failed to secure customers’ sensitive data, while in August the commission announced its intent to scrutinize the surveillance and data collection tactics of big tech and ad tech firms.
“Of the privacy cases that have come out, this is the first one that most clearly reflects Lina Khan’s administration taking a big swing,” said Ben Rossen, special counsel with Baker Botts, who is a former senior attorney at the FTC with experience handling high-profile privacy and data security investigations. He noted that Kochava’s data collection practices here “are not terribly unusual, but it does potentially cause significant harm to consumers when they’re not aware it’s going on.”
Kochava, which was founded in 2011, is a self-described “mobile measurement platform” that collects data for advertising purposes or for clients to be able to analyze foot traffic at their stores.
The company has collected geolocation data from hundreds of millions of mobile devices that is categorized to match unique mobile device identification numbers – which are assigned to consumer mobile devices to assist marketers in advertising – with timestamped latitudinal and longitudinal locations, alleges the FTC. The company has sold this access on publicly accessible online data marketplaces for a monthly subscription fee. The FTC said it examined a data sample with precise location data collected from more than 61 million unique mobile devices in the previous week, for instance.
The FTC said that these measures violate the FTC Act, which prohibits “unfair or deceptive acts or practices in or affecting commerce.” The data collected by…