US FTC sued US data broker Kochava for selling sensitive and geolocation data

The U.S. FTC sued US data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices.

The U.S. Federal Trade Commission (FTC) filed a lawsuit against the US-based data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions of mobile devices.

“Defendant’s violations are in connection with acquiring consumers’ precise geolocation data and selling the data in a format that allows entities to track the consumers’ movements to and from sensitive locations, including, among others, locations associated with medical care, reproductive health, religious worship, mental health, temporary shelters, such as shelters for the homeless, domestic violence survivors, or other atrisk populations, and addiction recovery.” reads the complaint.

Collected data could allow Kochava’s clients to identify and monitor the movements of mobile users through a data feed available via online data marketplaces (i.e. AWS Marketplace) after paying for a $25,000 subscription. The FTC remarks that data provided by Kochava exposes individuals to threats of stigma, stalking, discrimination, job loss, and even physical violence.

The description of the service in the online marketplace provided by Kochava states that it offers “rich geo data spanning billions of devices globally.” The company also claimed that its location data feed “delivers raw latitude/longitude data with volumes around 94B+ geo transactions per month, 125 million monthly active users, and 35 million daily active users, on average observing more than 90 daily transactions per device.”

The lawsuit aims at blocking the sale of sensitive geolocation data and also require the company to delete the sensitive geolocation information it has collected.

FTC highlights that the location data provided by Kochava is not anonymized, thus allowing its customers to combine it with the mobile device’s MAID, to identify the mobile device’s user or owner.

“The harms described above are not outweighed by countervailing benefits to consumers or competition. Defendant could implement safeguards to remove data associated with sensitive locations from its data feeds. Such safeguards could be implemented at a reasonable cost and expenditure of resources.” concludes the FTC. “Based on the facts and violations of law alleged in this Complaint, the FTC has reason to believe that Defendant is violating or is about to violate laws enforced by the Commission.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, location data)

[adrotate banner=”5″]

[adrotate banner=”13″]