The Federal Trade Commission has sued app analytics firm Kochava for selling sensitive geolocation data, including details that could unmask people seeking or performing abortions.
The lawsuit claims Kochava failed to add basic privacy protections to its location data, much of which is collected from phones without the owners’ knowledge. “Kochava’s data can reveal people’s visits to reproductive health clinics, places of worship, homeless and domestic violence shelters, and addiction recovery facilities,” the FTC said in a press release. “By selling data tracking people, Kochava is enabling others to identify individuals and exposing them to threats of stigma, stalking, discrimination, job loss, and even physical violence.” The agency demands Kochava cease selling sensitive data and delete any such information it’s collected.
1. Today @FTC sued data broker Kochava for selling geolocation data that can be used to track people at addiction recovery facilities, reproductive health clinics, places of worship, shelters, and other sensitive locations.https://t.co/um54nTOHCQ
— Lina Khan (@linakhanFTC) August 29, 2022
The suit follows an FTC promise to crack down on medical location data sharing, a widespread issue that’s become particularly fraught after the demise of Roe v. Wade. Outlets including Motherboard have reported on data brokers selling cheap access to geolocation data around reproductive health clinics — something that could compromise visitors’ privacy and open them up to harassment or legal action. Following pressure from Sen. Elizabeth Warren (D-MA) and others, data brokers SafeGraph and Placer.ai committed to ending the practice, and Google said it would automatically delete visits to clinics and other sensitive locations.
But the FTC says Kochava made it easy, and in some cases free, to track down sensitive data. While the company’s services typically cost thousands of dollars, it also offers a free trial with “minimal steps and no restrictions on usage.” According to the complaint, that sample let the FTC identify a visitor to a women’s reproductive health clinic, then tie it to a home address that would likely expose the visitor’s identity. In another case, it identified a phone whose owner spent the night in a shelter for at-risk pregnant women or new mothers. The agency calls on Kochava to add safeguards around sensitive locations, something it says could be done at a “reasonable” cost.
Kochava did not immediately reply to a request for comment.
Read the full article here