FTC bans Kochava from selling location data without consent

The Federal Trade Commission (FTC) has reached a settlement with data broker Kochava and its subsidiary Collective Data Solutions (CDS), prohibiting them from selling location data without explicit consumer consent. This agreement resolves charges filed nearly four years ago concerning the collection and sale of precise geolocation data from mobile devices. The FTC sued Kochava in August 2022, alleging the company provided clients with access to sensitive location information, as reported by Bleeping Computer.

The FTC's complaint detailed how Kochava collected and sold geolocation data from hundreds of millions of mobile devices, enabling clients to track users' movements to and from sensitive locations such as health clinics and places of worship. For a $25,000 subscription fee, clients gained access to this data through a feed via the Amazon Web Services Marketplace. The proposed order, filed in the U.S. District Court for the District of Idaho, will ban Kochava and CDS from selling, licensing, transferring, or disclosing precise location data unless they obtain affirmative express consent from consumers. The companies will also be required to establish a sensitive location data program, implement a supplier assessment program, allow consumers to request data disclosures and withdraw consent, submit incident reports to the FTC, and create a data retention and deletion schedule.

This action follows previous FTC efforts to crack down on commercial surveillance and the sale of sensitive location data, including recent bans on other data brokers like InMarket Media, Outlogic, Gravy Analytics, and Mobilewalla.

Source: Bleeping Computer