Among the first location data brokers to be publicly criticized by the Federal Trade Commission for allegedly selling sensitive reproductive health data is Kochava, Inc. In a lawsuit filed by the adtech company this week, Kochava has asked a federal court to intervene and stop the FTC. of an alleged overrun.
Kochava’s complaint revealed for the first time how the FTC could act to prevent consumer data from being used to support abortion lawsuits afterdeer America. In it, Kochava described a proposed FTC complaint against Kochava that alleges that the company’s data collection practices allow third parties and malicious actors to track users’ sensitive location data. The FTC suggests that mobile phone users were not reasonably informed that they were sharing this data with Kochava, making the practice unfair or deceptive and allegedly in violation of the Federal Trade Commission Act.
In a statement to Ars, Kochava defended its data collection practices: “Kochava operates consistently and proactively in compliance with all rules and laws, including those specific to privacy. Nonetheless, Kochava has been threatened by the FTC with a lawsuit and proposed settlement, the merits of which are not accurate. This is a manipulative attempt by the FTC to give the impression that it is protecting consumer privacy despite being based on completely false pretenses. Suing the FTC to block his lawsuit, Kochava noted in his complaint that the FTC has up to 60 days — by mid-October — to respond to a court summons.
What would Kochava have done?
According to his company’s website, Kochava is the “largest independent data marketplace for connected devices.” Based in Idaho, Kochava’s primary business is designing application development tools to track, organize, and visualize marketing data, often buying and selling data from third-party mobile devices to its customers as part of marketing data. a side business called Kochava Collective.
The FTC alleges that Kochava customers can “license premium data,” which it says dangerously includes “the precise location of a consumer’s mobile device,” sharing “time-stamped latitude and longitude coordinates.” indicating the location of mobile devices”. According to the FTC, this could allow malicious actors, law enforcement, or anyone with access to track consumers visiting sensitive locations such as “therapists’ offices, drug rehabilitation centers, medical facilities, and clinics.” reproductive health for women”.
The FTC alleged that Kochava’s data collection methods are “unfair or deceptive acts or practices in or affecting commerce” because “they cause or are likely to cause substantial harm to consumers that consumers do not can reasonably avoid themselves”. The FTC law applies because there is no critical or universal benefit to consumers or the competitive marketplace from collecting sensitive data.
Kochava says in its complaint that the FTC is wrong and does not understand their technology, saying it already uses “technical controls to prohibit its customers from identifying consumers or tracking” third-party users in sensitive locations. The company says the lawsuit is a waste of time, primarily because the “FTC has yet to issue a rule or statement with legal force and effect outlining the specific geolocation data practices it believes” have power. to prohibit or allow. Without this specific regulation, the FTC makes it difficult for companies to comply with the law, suggests Kochava.
Kochava also says allowing the FTC to bind the adtech company in a lengthy legal proceeding would inflict “irreparable and significant harm on Kochava.”
The FTC declined Ars’ request for comment.
Is the FTC going too far?
Kochava says in his complaint that the FTC sent his proposed complaint around July or August. Shortly after, the company announced a new policy that would apparently address the FTC’s complaint by installing what it calls a “privacy block” that “removes health services location data from the Kochava Collective market.” . The feature is used whether or not users consent to data sharing, and it also allows anyone in the healthcare industry to sign up to block their location.
In a press release, Kochava Collective chief executive Brian Cox suggested that Kochava is now ahead of U.S. regulators in building a much-needed “health service location blocklist” that gives the prioritizing user privacy by empowering to protect all staff and patients. in the hands of the health services industry.
“We believe it is important for the industry to be proactive and collaborate on a unified block list of health service locations,” Cox wrote, noting that “there is no federal or baseline regulation federal data repository that lists these locations to protect consumer privacy”.
A spokesperson for Kochava declined to tell Ars whether the “Privacy Block” feature was motivated by the FTC’s proposed lawsuit or already underway.
However, because Kochava has changed his ways, the complaint urges the federal court to agree that the FTC does not have the authority to “seek an injunction for past conduct that has ceased, in the absence of evidence that it is capable of reproducing”. Kochava also asked the court to consider the “fundamental disagreements” over the interpretation of FTC law that forms much of the basis of the FTC’s proposed complaint. Kochava alleges that the FTC’s proposed lawsuit would be an improper application of FTC law, which it says does not specify how its data collection practices are “unfair” or “deceptive.” Kochava also suggests that his due process rights have been violated by presidential excess urging the FTC to pursue such lawsuits in the absence of explicit legislation regulating the collection of health data.