FTC Commences Civil Action Against Data Broker for Selling Geolocation Data
Time 2 Minute Read
Categories: Enforcement, Health Privacy, Information Security, Marketing

On August 29, 2022, the Federal Trade Commission announced a civil action against digital marketing data broker Kochava Inc. for “selling geolocation data from hundreds of millions of mobile devices that can be used to trace the movements of individuals to and from sensitive locations.” The lawsuit seeks a permanent injunction to stop Kochava’s sale of geolocation data and to require the company to delete the geolocation data it has collected.  

According to the FTC’s complaint, the geolocation data Kochava collects allows its clients to track consumers’ visits to reproductive health clinics, places of worship, homeless and domestic violence shelters and addiction recovery facilities, among other sensitive locations. As a data broker, Kochava purchases location data collected from mobile devices, repackages that data into data feeds that match unique mobile device identification numbers with timestamped latitude and longitude coordinates and sells the data feeds to Kochava’s clients to assist them in advertising and analyzing foot traffic at their stores. Kochava’s data feeds also can be customized to allow clients to identify specific individuals. For example, geolocation data from a mobile device at night could be connected to an individual’s home, and that data in turn could be matched to local property records to reveal the homeowner’s identity.  The FTC alleged that Kochava’s sale of geolocation data puts consumers at risk and exposes them to threats of “stigma, stalking, discrimination, job loss, and even physical violence.”

Commenting on the lawsuit, the FTC’s Bureau of Consumer Protection Director Samuel Levine said, “Where consumers seek out health care, receive counseling, or celebrate their faith is private information that shouldn’t be sold to the highest bidder. The FTC is taking Kochava to court to protect people’s privacy and halt the sale of their sensitive geolocation information.”

The FTC filed its lawsuit in the U.S. District Court for the District of Idaho. The action currently is pending.

Tags: Advertisement, Consumer Protection, Federal Trade Commission, Geolocation, Mobile Device, Personal Information
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Oklahoma Enacts Comprehensive Consumer Privacy Law

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Publishes Guidance on Recognized Legitimate Interest Basis

On March 23, 2026, the UK Information Commissioner's Office released new guidance clarifying the use of the new recognized legitimate interest lawful basis for processing personal information under UK data protection law.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Alabama Enacts App Store Accountability Act Requiring Age Verification

On February 5, 2026, Alabama Governor Kay Ivey signed Alabama House Bill 161, the App Store Accountability Act, establishing age categorization, age verification and parental consent requirements for mobile application marketplace providers operating in Alabama, effective January 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page