FTC alleges Data broker of selling sensitive data

Federal regulators have filed a lawsuit against a Data broker for reportedly selling sensitive geolocation Data from millions of mobile devices, which can be utilized to recognize people and track their movements to and from sensitive locations like reproductive health clinics, homeless shelters, and worship places.

The Federal Trade Commission sued Idaho-based Kochava Inc. on Monday, amid a heated debate over the privacy of individuals who may be seeking abortions in the aftermath of the Supreme Court’s decision in June to end constitutional protections for abortion. Although this is not the FTC’s first case against a Data broker, experts believe it is the first involving health care data and referencing reproductive health clinics.

The FTC’s action could be a big deal, said Jeff Chester, executive director of the Center for Digital Democracy, a privacy advocacy group. A stake has been driven into the ground.

Following the Supreme Court decision, Congress and regulators have increased their scrutiny of the Data-broker industry, which collects, sells, or trades location Data from mobile phones. Lawmakers have questioned the top executives of major technology companies, as well as smaller Data brokers, about how they handle consumers’ location Data from mobile phones, and what steps they have taken to protect the privacy rights of individuals seeking abortion information.

The FTC announced this month that it was considering drafting rules to address what it sees as harmful commercial surveillance and lax Data security by tech companies and others.

The FTC alleges in its lawsuit against Kochava, which was filed in federal court in Idaho, that by selling tracking Data, the company allows others to identify individuals and jeopardizes them to threats of stigma, stalking, unfairness, job loss, and even physical violence. The agency is attempting to prevent Kochava from selling “sensitive geolocation Data” and compel the company to delete the geolocation Data it has collected.

Where consumers seek health care, counseling, or celebrate their faith is private information that should not be sold to the highest bidder, said Samuel Levine, director of the Federal Trade Commission’s consumer protection bureau. The FTC is suing Kochava to protect people’s privacy and prevent the sale of sensitive geolocation Data.

The company filed a lawsuit against the FTC earlier this month after the agency sent Kochava a proposed complaint indicating that the company could face legal action.

The company said on Monday that the FTC’s lawsuit shows the agency doesn’t understand the company’s operations or other data businesses.

Kochava operates regularly and dedicatedly in compliance with all rules and laws, including privacy laws, stated Brian Cox, general manager of Kochava Collective. According to the company, it is the world’s largest independent mobile Data marketplace, allowing marketers to “purchase mobile audiences.”

Kochava unveiled a new capability to block geo Data from sensitive locations before the legal proceedings with the FTC began, according to Cox. That effectively removed that data from the Data marketplace, he said and is currently being implemented.

We are continuously monitoring and proactive adjusting our technology to block geo Data from other sensitive locations, he explained.

Concerns about consumers’ online privacy were heightened last week when Twitter’s former security chief claimed that the influential social network misled regulators, including the FTC, about its cyber defenses and efforts to control fake accounts. Among Peiter Zatko’s most serious allegations are that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had strengthened its security and privacy safeguards for its users.

Sephora Inc., one of the world’s largest cosmetics retailers, settled a California lawsuit last week alleging that the company sold customer information without proper notice, in violation of the state’s consumer privacy law.