Data Firm Sued By Federal Authorities For Allegedly Selling Geolocation Information That Could Track Users At Abortion Clinics 

Data Firm Sued By Federal Authorities For Allegedly Selling Geolocation Information That Could Track Users At Abortion Clinics 

The Federal Trade Commission filed a lawsuit Monday against an app analytics company that sold hundreds of millions of users’ geolocation data that could allegedly reveal user location at abortion clinics, recovery centers, and places of worship.

Kochava Inc, a data broker which hosts one of the largest independent data marketplaces, has been accused by federal authorities of allegedly revealing people’s visits to reproductive health clinics, places of worship, homeless and domestic violence shelters, and addiction recovery facilities. The Commission further accuses the company of enabling others to identify individuals and threaten their safety and credibility.

“Where consumers seek out health care, receive counseling, or celebrate their faith is private information that shouldn’t be sold to the highest bidder,” Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, said.

FTC officials allege that the Idaho-based app company has customized data that could track specific mobile device users at night by feeding purchasers a link between someone’s home address and identity.

“In fact, the data broker has touted identifying households as one of the possible uses of its data in some marketing materials,” federal officials said in a press release.

According to a data sample examined by the FTC, more than 61 million mobile devices had precise, timestamped location data collected in one week.

“In just the data Kochava made available in the Kochava Data Sample, it is possible to identify a mobile device that visited a women’s reproductive health clinic and trace that mobile device to a single-family residence,” the FTC wrote in its suit according to the New York Post. “The data may also be used to identify medical professionals who perform, or assist in the performance, of abortion services.”

Brian Cox, Kochava’s general manager, called the press release “flamboyant” while denying such allegations as “frivolous litigation” in a statement to the New York Post.

“The FTC has a fundamental misunderstanding of Kochava’s data marketplace business and other data businesses,” Cox said. “Kochava operates consistently and proactively in compliance with all rules and laws, including those specific to privacy … It’s disappointing that the agency continues to circumvent the lawmaking process and perpetuate misinformation surrounding data privacy.”

Cox also said that the company announced a “capability to block data from sensitive locations.”

Lina Khan, chair of the FTC, said in a tweet that the commission complaint against Kochava comes as part of the agency’s work to use all of its tools to protect Americans’ privacy and explore rules to crack down on unlawful commercial surveillance and lax data security practices.

“Firms track & collect data on Americans at a stunning scale—on our location, our health, what we read online, who we know, what we buy,” Khan said.

The Commission authorized the staff to file the complaint in the U.S. District Court for the District of Idaho against Kochava, 4-1, with Commissioner Noah Joshua Phillips dissenting.

Politico reported earlier this month that Phillips, one of two Republican commissioners at the agency, said he plans to resign in the fall, citing a prioritization of family. However, he also noted that “other commissioners weren’t open to discussion and compromise.”

Phillips has openly pushed back against FTC chair Khan, who was appointed by President Biden, over her policy, enforcement priorities, and management.

Reuters reports that Democratic Senator Ron Wyden praised the FTC action, adding he has been working “to protect Americans from shady data brokers trying to sell private reproductive data for a profit in post-Roe America.”

FTC officials said the lawsuit would seek to stop the app company from selling sensitive data and further require it to delete the geolocation information it collected.