Litigation Initiated by the US FTC Leads to Settlement Restricting Data Broker
In a significant development concerning data privacy, an Idaho-based data broker has reached a settlement with federal regulators restricting its sales of sensitive location data gathered from millions of smartphones. This agreement aims to resolve a federal lawsuit initiated by the U.S. Federal Trade Commission (FTC), a move that underscores growing concerns over consumer privacy in the digital age.
The company involved, Kochava, along with its subsidiary Collective Data Solutions, was accused of selling precise geolocation data without obtaining consent from consumers. This practice raised alarms among regulators and advocacy groups regarding potential invasions of privacy, particularly in the context of sensitive locations such as medical facilities and places of worship.
Kochava had promoted its capability to accurately determine an individual’s location to within a mere 10 meters by utilizing GPS coordinates alongside data from other signals, such as the Wi-Fi networks to which the smartphones were connected. However, this technological prowess became contentious when the FTC filed a lawsuit against the data broker in August 2022. The lawsuit highlighted the alarming reality that such location data could enable the tracking of individuals’ movements, raising ethical concerns about surveillance and privacy.
The scrutiny surrounding Kochava intensified significantly following the U.S. Supreme Court’s decision in June 2022 to overturn Roe v. Wade, which had guaranteed constitutional protections for abortion for nearly five decades. This landmark decision prompted fears that data brokers could exploit location tracking to monitor individuals traveling to states where abortion remains legal, particularly in light of the legislative landscape that saw 13 states implementing full bans on abortion.
As the FTC’s inquiry progressed, public concern about the use of geolocation data grew. Activists warned that without proper regulations, this data could lead to serious violations of privacy, especially for vulnerable populations. The lawsuit pressed by the FTC aimed to address these growing unease and ensure that companies like Kochava are held accountable for their data practices.
The proposed order, recently filed in a federal court in Boise, aims to put an end to the protracted legal dispute between Kochava and the FTC. If approved by a federal judge, the settlement will enforce strict guidelines on the company’s practices, prohibiting Kochava from selling or sharing sensitive location data without first securing explicit consent from consumers. Under this proposed order, Kochava must acquire affirmative express consent before using any collected geolocation data for its products or services and can only do so if it is directly related to the consumer’s requested service.
Furthermore, the settlement includes stipulations that require Kochava to verify quarterly that its sources of location data have obtained the necessary permissions from consumers. Notably, the ban on selling data extends to "sensitive locations," which encompass medical and religious facilities, daycare centers, temporary shelters for survivors of domestic violence, as well as military and federal law enforcement offices. This careful differentiation highlights the FTC’s commitment to shielding sensitive spaces from potential exploitation.
In addition to restricting its data-sharing practices, Kochava will also enable consumers to inquire about the businesses or individuals that have purchased their geolocation data. This transparency initiative aims to empower consumers, allowing them to withdraw their consent should they find the sale of their location data unacceptable.
The FTC’s litigation against Kochava, which previously faced dismissal in May 2023 for allegedly relying too heavily on the assumption that consumers were injured by the data broker’s operations, is now set to move forward under the newly amended complaint. This development underscores the agency’s determination to address privacy concerns more effectively by honing in on specific violations rather than relying on inferred harm.
Legal experts have remarked on the significance of the FTC’s settlement with Kochava. Attorney Randal Shaheen, a legal expert from BakerHostetler, indicated that Kochava’s decision to settle under stringent conditions serves as a notable reminder for companies to remain vigilant regarding their data collection and sharing practices to avoid regulatory scrutiny.
As the legal landscape surrounding geolocation data continues to evolve, ongoing litigation raises further questions about the rights of consumers and the obligations of companies in the digital age. The case of Kochava serves as a crucial point of reference as regulators and courts assess the implications of data privacy in broader societal contexts, especially amid shifting legal frameworks surrounding sensitive issues such as abortion rights.
With geolocation data remaining a focal point for legislative and legal challenges, the resolution of this case could set precedents for how data brokers and tech companies manage consumer data moving forward. As more states initiate legislative measures addressing data privacy, this settlement may pave the way for increased consumer protections in an era where personal data is constantly under scrutiny.