Home Privacy The FTC Sues Kochava For ‘Selling’ Sensitive Location Data

The FTC Sues Kochava For ‘Selling’ Sensitive Location Data

SHARE:
lawsuit
LAWSUIT red stamp text on white

The Federal Trade Commission sued Kochava on Monday for allegedly selling visitation data tied to abortion clinics, mental health facilities, places of worship, domestic abuse shelters and other sensitive locations.

The FTC’s complaint (click here to read it in full) claims that Kochava acquires and sells precise geolocation data associated with mobile ad IDs “in a format” that allows entities to track a person’s movements to and from these locations.

According to the FTC, the geolocation data provided by Kochava is not anonymized, which means that combining it with a mobile ad ID and offline information could serve to identify a specific device owner.

But even if that doesn’t happen, the FTC claims that the location data in Kochava’s marketplace typically includes multiple time-stamped signals for each mobile ad ID, and that by plotting these signals on a map it would be possible to make inferences about a device owner.

If a phone spends eight hours each night in a certain location, for example, it’s likely the person lives there.

By the same token, the complaint says that by using a publicly available map program to plot the latitude and longitude coordinates included in Kochava’s marketplace, it would be possible to know whether and at what times a mobile device visited, say, a reproductive health clinic.

Although the FTC’s complaint talks about tracking visits to “sensitive locations” in general and there’s no specific mention of the recent overturn of Roe v. Wade in the suit, it’s hard to imagine that the Dobbs decision isn’t one of the main motivators here.

Although Kochava charges a monthly subscription fee for access to its data, the FTC suit points out that it has also offered a free “data sample” that was relatively easy to access in just a few steps.

Until June 2022, for instance, anyone with a free AWS account could get a subset of licensed data covering a rolling seven-day period formatted as a text file that included information corresponding to more than 61,803,400 unique mobile devices.

Suit yourself

Kochava was aware that this suit was coming.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

Two weeks ago, Kochava preemptively sued the FTC claiming that the agency was wrongfully threatening to sue the company for selling sensitive geolocation data.

The FTC sent a copy of its proposed complaint to Kochava in advance, according to The Wall Street Journal.

In a statement on Aug. 15, Kochava called the commission’s then-as-yet unfiled suit a “manipulative attempt by the FTC to give the appearance that it is protecting consumer privacy despite being based on completely false pretenses.” Kochava also told the Journal that the FTC doesn’t seem to understand how Kochava’s business works.

Just a few days before that, in early August, Kochava released a new feature it calls “Privacy Block” that excludes any health services-related location data from its data marketplace.

Kochava is not the only company to come under fire recently for privacy concerns related to sensitive location data.

Vice’s Motherboard found that it was able to buy location data from SafeGraph showing who visited Planned Parenthood facilities, including how long they stayed and where they went before and after. MobileWalla was called out in 2020 for tracking mobile devices to collect data on Black Lives Matter protesters. And Gravy Analytics allegedly contracted with Homeland Security during the Trump administration to track the location of people crossing the US-Mexico border.

Kochava did not respond in time for publication to a request from AdExchanger for comment on the FTC’s lawsuit.

Must Read

Albert Thompson, Managing Director, Digital at Walton Isaacson

To Cure What Ails Digital Advertising, Marketers And Publishers Must Get Back To Basics

Albert Thompson, a buy-side veteran with 20+ years of experience, weighs in on attention metrics, the value of MFA sites, brand safety backlash and how publishers can improve their inventory.

A comic depiction of Google's ad machine sucking money out of a publisher.

DOJ vs. Google, Day Five Rewind: Prebid Reality Check, Unfair Rev Share And Jedi Blue (Sorta)

Someone will eventually need to make a Netflix-style documentary about the Google ad tech antitrust trial happening in Virginia. (And can we call it “You’ve Been Ad Served?”)

Comic: Alphabet Soup

Buried DOJ Evidence Reveals How Google Dealt With The Trade Desk

In the process of the investigation into Google, the Department of Justice unearthed a vast trove of separate evidence. Some of these findings paint a whole new picture of how Google interacts and competes with its main DSP rival, The Trade Desk.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Comic: The Unified Auction

DOJ vs. Google, Day Four: Behind The Scenes On The Fraught Rollout Of Unified Pricing Rules

On Thursday, the US district court in Alexandria, Virginia boarded a time machine back to April 18, 2019 – the day of a tense meeting between Google and publishers.

Google Ads Will Now Use A Trusted Execution Environment By Default

Confidential matching – which uses a TEE built on Google Cloud infrastructure – will now be the default setting for all uses of advertiser first-party data in Customer Match.

In 2019, Google moved to a first-price auction and also ceded its last look advantage in AdX, in part because it had to. Most exchanges had already moved to first price.

Unraveling The Mystery Of PubMatic’s $5 Million Loss From A “First-Price Auction Switch”

PubMatic’s $5 million loss from DV360’s bidding algorithm fix earlier this year suggests second-price auctions aren’t completely a thing of the past.