FTC Sues Kochava for Deceptive Use of Location Information

The Federal Trade Commission (FTC) filed a complaint against data broker, Kochava, for possible violations of the FTC Act. Kochava specifically sells precise geolocation data from hundreds of millions of mobile devices. It is used to trace the movements of individuals and also includes sensitive locations. 

Precise Location Information

The data that is sold has customized data feeds to assist its clients in advertising and analyzing foot traffic at stores or other locations. Included within the data is timestamped latitude and longitude coordinates showing the precise location of mobile devices. Access to these feeds are then sold in online marketplaces that are publicly accessible. Clients are normally charged a monthly fee of thousands of dollars but there is a free sample that is offered. 


While the data broker uses the information to help with advertising and to track foot traffic to stores it has been found that they also track sensitive locations. This includes:

  • Places of religious worship
  • Places that may be used to infer an LGBTQ+ identification
  • Domestic abuse shelters
  • Medical facilities 
    • Including reproductive health clinics 
  • Welfare and homeless shelters.

This information is not anonymized and when the geolocation data is combined with the mobile device’s geolocation it is possible to identify the device’s user. It is even possible to work out a user’s address as their device’s location during the night is most likely their home address. From this data it is easy to access a lot of information about who lives at the address from public records. Kochava has no controls to prohibit this kind of behaviour such as a blacklist that removes location signals from sensitive locations. 

When all this data is combined it poses great risk to any individual. It may result in them being exposed to discrimination, physical violence, emotional stress, and more. In addition, the company lacks any meaningful controls over who accesses its location data feed, including the data sample.

The consumers are also not made aware who has collected their location data or how it’s being used. Once the information has been collected it can be sold numerous times to companies that consumers have never heard of or interacted with. There is also no insight given to the consumers about how the data is used. For example, they are unaware that the information can be used to track and map their past movements and make inferences about them and their behaviour. It is therefore impossible for individuals to take any steps to avoid the potential risks.

FTC Act Violations

The FTC Act prohibits “unfair or deceptive acts or practices in or affecting commerce”. Acts and practices are considered unfair if they cause or are likely to cause substantial injury to consumers. The FTC has reason to believe that this company is violating or is about to violate the law.

Safeguards should be introduced to remove data associated with sensitive locations. The FTC believes this can be done at a reasonable cost and within Kochava’s resources. 

The Court has been asked to impose a permanent injunction to prevent future violations of the FTC Act by Kochava. It has also been asked to award any additional relief as the Court determines to be just and proper. 

See more about sensitive data in privacy laws.

Previous Post

ICO UK Fines NHS Trust Employee for Unlawfully Obtaining PHI

Next Post

CNIL Fines UBEEQO €175,000 for Excessive Data Collection

Related Posts