This past Monday, a lawsuit was officially filed by the Federal Trade Commission targeting one app analytics company for allegedly selling the geolocation data of hundreds of millions of users that could possibly reveal user locations at abortion clinics, places of worship, and recovery centers.
The company in question is Kochava Inc., which is a data broker that hosts one of the largest independent data marketplaces, and they have been accused by federal officials of allegedly revealing the visits of private citizens to reproductive health clinics, places of worship, homeless and domestic violence shelters, and addiction recovery facilities. The FTC went even further to accuse the company of letting 3rd parties identify individual people and in turn threaten their credibility and safety.
“Where consumers seek out health care, receive counseling, or celebrate their faith is private information that shouldn’t be sold to the highest bidder,” explained the Director of the FTC’s Bureau of Consumer Protection, Samuel Levine.
Officials with the FTC have alleged that the Idaho-based app company has gathered customized data that could be allowing the tracking of specifically identified mobile device users at night by supplying the buyers with a link between a person’s identity and their home address.
“In fact, the data broker has touted identifying households as one of the possible uses of its data in some marketing materials,” stated the FTC officials via a press release.
As seen in a data sample gathered by FTC authorities, well over 61 million mobile devices had very precise and even time-stamped, location data scraped over the course of a single week.
“In just the data Kochava made available in the Kochava Data Sample, it is possible to identify a mobile device that visited a women’s reproductive health clinic and trace that mobile device to a single-family residence,” explained the FTC within its lawsuit against the app company, as reported by the New York Post. “The data may also be used to identify medical professionals who perform, or assist in the performance, of abortion services.”
The general manager for Kochava, Brian Cox, dismissed the press release as “flamboyant” while outright denying all allegations as “frivolous litigation” in a response given to the New York Post.
“The FTC has a fundamental misunderstanding of Kochava’s data marketplace business and other data businesses,” explained Cox. “Kochava operates consistently and proactively in compliance with all rules and laws, including those specific to privacy … It’s disappointing that the agency continues to circumvent the lawmaking process and perpetuate misinformation surrounding data privacy.”
Cox also stated that the company did announce a “capability to block data from sensitive locations.”
The chair of the FTC, Lina Khan, stated in a social media post that the commission complaint targeting Kochava is just part of the FTC’s work to use all of its tools to guard the privacy of Americans and to explore rules to crack down on the unlawful commercial surveillance and lax data security practices.
“Firms track & collect data on Americans at a stunning scale—on our location, our health, what we read online, who we know, what we buy,” stated Khan.
The Commission officially authorized the staff to file the complaint within the U.S. District Court for the District of Idaho against Kochava, 4-1, with the only dissenting voice being Commissioner Noah Joshua Phillips.