Among the first location data brokers to come under public fire from the Federal Trade Commission for allegedly selling sensitive reproductive health data was Kochava, Inc., in a lawsuit the adtech company filed this week Kochava asked a federal court to intervene and stop the FTC from allegedly overtaxing it.
Kochava’s complaint revealed for the first time how the FTC could act to protect consumer data from being used to support abortion processes in post-Roe America. In it, Kochava detailed a planned FTC complaint against Kochava alleging that the company’s data collection practices allow third parties and bad actors to track sensitive location data of users. The FTC suggests cellphone users were not adequately informed that they were sharing this data with Kochava, making the practice unfair or misleading and allegedly in violation of the Federal Trade Commission Act.
In a statement to Ars, Kochava defended its data collection practices: “Kochava acts consistently and proactively in compliance with all rules and laws, including those related to privacy. Nonetheless, the FTC has threatened Kochava with a lawsuit and a proposed settlement, the merits of which are unfounded. This is a manipulative attempt by the FTC to make it appear that it protects consumer privacy despite being based on completely false claims.” When Kochava sued the FTC to block her lawsuit, her complaint noted that the FTC has up to 60 days until mid-October to respond to a subpoena.
advertisement
What did Kochava allegedly do?
According to its company website, Kochava is the “largest independent data marketplace for connected devices”. Based in Idaho, Kochava’s primary business is developing app developer tools to track, organize, and visualize marketing data, often buying and selling mobile data to its customers from third-party vendors as part of a side business called Kochava Collective.
The FTC claims that Kochava customers can “license premium data” which dangerously includes the “accurate location of a consumer’s mobile device” and “time-stamped latitude and longitude coordinates showing the location of mobile devices.” This, the FTC says, could allow bad actors, law enforcement, or anyone with access to track consumers who visit sensitive places like “therapists’ offices, addiction help centers, medical facilities, and women’s reproductive health clinics.”
The FTC has claimed that Kochava’s data collection methods “are an unfair or deceptive act or practice or interfere with commerce” because “they cause, or are likely to cause, significant harm to consumers that consumers themselves cannot reasonably avoid.” The FTC says also that the FTC law applies because there is no significant or universal benefit to consumers or the competitive marketplace from the collection of sensitive information.
Kochava says in his complaint that the FTC is wrong and doesn’t understand its technology, and claims that it already “uses technical controls to prohibit its customers from identifying consumers or tracking third-party users in sensitive locations.” The company says the lawsuit is a waste of time, largely because the FTC “is not yet required to issue a rule or statement of legal force and effect describing the specific practices of geolocation data that it believes has the authority to prohibit or.” to allow”. Without that specific rulemaking, the FTC makes it difficult for companies to comply with the law, Kochava suggests.
advertisement
Kochava also says that allowing the FTC to tie up the adtech company in a lengthy court case would cause Kochava “irreparable and significant harm.”
The FTC declined Ars’ request for comment.
Is the FTC exaggerating?
Kochava says in his complaint that the FTC sent its proposed complaint in July or August. Shortly thereafter, the company announced a new policy that would appear to address the FTC’s complaint by installing a so-called “privacy lock” that “removes healthcare provider location data from the Kochava Collective marketplace.” The feature is used regardless of whether users consent to data sharing and also allows anyone in the healthcare sector to block their location.
In a press release, Kochava Collective general manager Brian Cox suggested that Kochava is now ahead of US regulators in creating a much-needed “blacklist for health service sites” that puts user privacy first Restore authority by restoring the power to protect all staff and patients in the hands of the healthcare industry.
“We believe it’s important for the industry to be proactive and collaborate on a unified blacklist for healthcare service locations,” Cox wrote, noting that “there is no federal regulation or federal database cataloging these locations to protect privacy.” to protect consumers.”
A spokesman for Kochava declined to tell Ars whether the “privacy block” feature was prompted by the FTC’s proposed lawsuit or is already in the works.
However, because Kochava has changed its course of action, the complaint asks the federal court to agree that the FTC does not have the authority to “seek injunctive relief for past conduct that has ceased without evidence that it is likely to recur.” Kochava also asked the court to consider “fundamental disagreements” about the interpretation of the FTC statute, which largely form the basis of the FTC’s proposed complaint. Kochava alleges that the FTC’s proposed lawsuit would be an improper application of FTC law, which he says does not specify how its data collection practices are “unfair” or “deceptive.” Kochava also suggests that his due process rights were violated by a presidential hyperbole calling for the FTC to pursue such lawsuits without express legislation governing health data collection.