Connect with us

Cyber Security

US govt sues Kochava for selling sensitive geolocation data

Published

on

The U.S. Federal Trade Commission (FTC) announced today that it filed a lawsuit against Idaho-based location data broker Kochava for selling sensitive and precise geolocation data (in meters) collected from hundreds of millions of mobile devices.

As the consumer protection watchdog said, Kochava’s clients could use this data to identify and keep track of mobile users’ movements to and from various locations such as reproductive health, mental care, and addiction recovery facilities or shelters for domestic violence survivors or the homeless.

The company provides access to consumers’ location data through a data feed its clients can access via online data marketplaces after paying for a $25,000 subscription (a free sample dataset was also available until June 2022, containing info collected over the previous seven days).

According to the complaint [PDF], Kochava promoted its data feed to its clients on the Amazon Web Services (AWS) Marketplace as capable of providing “rich geo data spanning billions of devices globally.”

The data broker also claimed that its location data feed “delivers raw latitude/longitude data with volumes around 94B+ geo transactions per month, 125 million monthly active users, and 35 million daily active users, on average observing more than 90 daily transactions per device.”

Location data sold by Kochava
Location data sold by Kochava (FTC)

“The FTC alleges that by selling data tracking people, Kochava is enabling others to identify individuals and exposing them to threats of stigma, stalking, discrimination, job loss, and even physical violence,” the agency said today in a press release.

“In fact, the data broker has touted identifying households as one of the possible uses of its data in some marketing materials.

“The FTC’s lawsuit seeks to halt Kochava’s sale of sensitive geolocation data and require the company to delete the sensitive geolocation information it has collected.”

Making such sensitive information available for purchases or even publicly available online to anyone requesting a free sample can lead to terrible consequences in light of the recent U.S. Supreme Court’s decision to end constitutional abortion rights on June 24 [PDF] in eight U.S. states (with Tennessee, Texas, North Dakota, and Idaho joining their ranks last week).

The “Privacy Block”

Today’s announcement comes after the location data broker also sued the FTC (complaint filed on August 12 is available here) for overreaching when announcing this lawsuit earlier this month.

Kochava also said in a press release (published one day before filing the complaint against the FTC) that it would introduce “Privacy Block”, a “privacy-first approach to block health services locations from the Kochava Collective marketplace” to address the privacy issues pointed out by the U.S. consumer watchdog.

The FTC announced earlier in August that it’s exploring new rules to crack down on businesses behind mass commercial surveillance where consumers’ information is collected, analyzed, and monetized.

In July, the agency also warned businesses that it would enforce the law if they share or illegally use consumers’ highly sensitive information, including health data.

“Where consumers seek out health care, receive counseling, or celebrate their faith is private information that shouldn’t be sold to the highest bidder,” added Samuel Levine, Director of the FTC’s Bureau of Consumer Protection.

“The FTC is taking Kochava to court to protect people’s privacy and halt the sale of their sensitive geolocation information.”

Update: Added more info on Kochava’s lawsuit against the FTC.

Source: https://www.bleepingcomputer.com/news/security/us-govt-sues-kochava-for-selling-sensitive-geolocation-data/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO