From Ars Technica, by Ashley Belanger:
The Federal Trade Commission (FTC) has succeeded in keeping its case against geolocation data broker Kochava alive, alleging that the company has been selling vast amounts of data in violation of the FTC Act. The FTC accuses Kochava of selling data obtained from millions of mobile devices across the world, combining precise geolocation data with sensitive and identifying information without users’ informed consent.
The FTC claims Kochava’s data sales allow customers to create highly detailed profiles of individuals, which invades their privacy and increases the risk of secondary harms such as stigma, discrimination, and emotional distress. The FTC cited specific examples of consumers who have been harmed by such data sharing practices, including a Catholic priest who resigned after being tracked using mobile geolocation data.
Kochava argues that the examples of consumer harm in the FTC’s complaint are disconnected from its activities and has accused the FTC of making knowingly false allegations. However, the court found no evidence to support Kochava’s claims and refused to dismiss the FTC’s case. Kochava CEO Charles Manning maintains that the company has always complied with all rules and laws, including those specific to privacy.
The FTC has proposed that Kochava could implement safeguards to protect consumer privacy, such as blacklisting sensitive locations or removing sensitive characteristics from its data. Kochava has introduced a new feature, Privacy Block, which blocks geolocation data near sensitive locations, although this was implemented after the FTC initiated its investigation.
The FTC is seeking a permanent injunction to stop Kochava from allegedly selling sensitive data without user consent. If the FTC wins the case against Kochava, it could trigger a wave of class-action complaints from consumers and set a precedent for future actions against data brokers.