FTC Bans Data Broker Kochava from Selling Location Data Without Consent

In an era where our digital footprints are constantly being tracked, the recent action by the Federal Trade Commission (FTC) against data broker Kochava marks a crucial moment for personal privacy. This move directly impacts how your most sensitive personal information – your physical whereabouts – can be collected, sold, and used, making it more critical than ever to understand who has access to your data and why.

The Quick Take

• The FTC has banned data broker Kochava and its subsidiary, Collective Data Solutions (CDS), from selling location data without consumers' explicit consent.
• This settlement resolves charges that Kochava sold precise geolocation data collected from hundreds of millions of mobile devices.
• The ban specifically prohibits the sale of sensitive location data, such as visits to reproductive health clinics, places of worship, or domestic violence shelters.
• The FTC's action sets a precedent for how data brokers must handle consumer location information, emphasizing explicit consent.
• The ruling comes as part of a settlement, avoiding a full court battle, but establishes a clear regulatory stance.

What's Happening

The Federal Trade Commission has announced a landmark decision to ban data broker Kochava, along with its subsidiary Collective Data Solutions (CDS), from selling precise location data without obtaining explicit consent from consumers. This move comes as a settlement to charges filed by the FTC, alleging that Kochava engaged in unfair data practices by selling highly sensitive geolocation data collected from potentially hundreds of millions of mobile devices.

Kochava's business model involved collecting vast quantities of data from various apps and then packaging and selling this information. The FTC's primary concern revolved around the sale of precise geolocation data, which could reveal highly personal details about an individual's life, including visits to medical facilities, places of worship, or even domestic violence shelters. Such data, when combined with other public or commercially available information, can de-anonymize individuals and expose them to various risks.

The settlement not only bans the sale of location data without explicit consent but also mandates that Kochava delete any sensitive location data it had previously collected. This action signifies a clear warning to other data brokers that the FTC is prepared to enforce stronger privacy protections for consumers, particularly concerning highly sensitive personal information like location data.

Why It Matters

This FTC ban is a significant development for everyday users, deeply intertwined with the broader landscape of cybersecurity and digital privacy. For years, the opaque practices of data brokers have allowed companies to collect, aggregate, and sell personal information, including highly granular location data, often without users' knowledge or explicit permission. This data, once sold, can be used for targeted advertising, but also raises serious concerns about surveillance, discrimination, and even physical safety.

Precise geolocation data is considered one of the most sensitive types of personal information because it can reveal intimate details about a person's life, habits, associations, and beliefs. Knowing someone's regular routes, places of residence, work, or visits to specific establishments (like clinics or religious centers) creates a detailed profile that can be exploited. This makes it a cybersecurity issue not just in terms of data breaches, but in terms of the potential for misuse and harm when such sensitive data is openly traded.

The FTC's intervention sets a crucial precedent. It sends a strong message to the data broker industry that unregulated selling of sensitive location data will not be tolerated. While this specific ban applies to Kochava, it signals a shift towards stricter enforcement of consumer privacy rights, compelling other data brokers to re-evaluate their data collection and sales practices. For you, the everyday user, this means a potential future where your location data is treated with greater respect and requires your clear consent before being monetized.

What You Can Do

While regulatory actions like the FTC's provide a layer of protection, personal vigilance remains your strongest defense. Here are actionable steps you can take to protect your location data:

• Review App Permissions Regularly: Go into your phone's settings (iOS: Settings > Privacy & Security > Location Services; Android: Settings > Location > App permissions) and check which apps have access to your location. Limit access to “While Using App” or “Never” for any app that doesn't genuinely need your location to function.
• Disable Precise Location: Many apps offer an option to only provide "Precise Location" when absolutely necessary. For most apps, approximate location is sufficient. Disable precise location access where possible.
• Adjust Device-Level Location Sharing: Turn off location services entirely when you don't need them. Both iOS and Android allow you to toggle location services on or off for the entire device.
• Be Wary of "Free" Apps: Understand that if an app is free, you might be paying with your data. Read privacy policies (or at least skim for keywords like "location data," "third-party sharing") before granting extensive permissions.
• Use a Virtual Private Network (VPN): While a VPN won't stop apps from tracking your location via GPS, it can obscure your IP address, adding another layer of privacy to your online activities and making it harder to tie your digital identity to your physical location based on network data.
• Consider Data Broker Opt-Out Services: Some services exist to help you remove your data from common data brokers. While not foolproof, they can reduce your digital footprint. Research reputable options.

Common Questions

Q: What is a data broker?

A: A data broker is a company that collects personal information from various sources, aggregates it, and then sells it to other companies, organizations, or individuals. This data can include demographics, purchase history, web browsing activity, and location data.

Q: How does my location data get collected?

A: Your location data is primarily collected through your smartphone's GPS, Wi-Fi, and cellular network signals. Apps that you grant location permissions to, your mobile carrier, and even your web browser can collect and share this information.

Q: Does this ban affect all data brokers?

A: This specific ban directly applies to Kochava and its subsidiary CDS. However, it signals a stronger regulatory stance from the FTC that will likely influence how other data brokers operate, encouraging them to review and potentially change their own data handling practices to comply with future regulations or avoid similar enforcement actions.

Sources

Based on content from BleepingComputer.

Ciro's Take

For everyday users, creators, and small business owners, this FTC action isn't just another headline; it's a critical win in the ongoing battle for digital privacy. We live in a world where our personal data has become a valuable commodity, and our location data is arguably among the most revealing. The idea that a company could sell precise details about our movements without our explicit consent is frankly unsettling and opens the door to potential abuse. This ruling reinforces the idea that consent should be a fundamental requirement, not an afterthought.

While this ban targets one company, it sets a powerful precedent for the entire data broker industry. It tells us that regulators are beginning to take these issues seriously. However, it also underscores the enduring need for personal vigilance. Don't assume that a single regulatory action will magically solve all data privacy issues. Be proactive: regularly check your app permissions, understand what data you're sharing, and make informed choices. Your digital privacy is your responsibility, and every step you take to secure it contributes to a safer online environment for everyone.