Analytics Co. Sues FTC, Denies Allegations of Improper Data Privacy Practices

Idaho-based Kochava, a data marketing and analytics company, filed a lawsuit against the US Federal Trade Commission (FTC) and denied the Commission's allegations of the company’s improper location data privacy practices.

According to Kochava's filing, the FTC alleged that the Kochava Collective, a mobile data marketplace that provides data feeds and audience targeting to marketers, can be used to identify individuals and track them to sensitive locations, including reproductive health clinics. 

“Specifically, the FTC claims that the Kochava Collective’s precise geolocation data is associated with MAIDs [Mobile Advertising Identifiers] and this combination makes it possible to track consumers to sensitive locations, such as therapists’ offices, addiction recovery centers, medical facilities, and women’s reproductive health clinics,” the filing stated.

“The FTC also claims that because each set of coordinates is time-stamped, it is also possible to identify when a mobile device visited the location. The FTC further (wrongly) claims that Kochava employs no technical controls to prohibit its customers from identifying consumers or tracking them to sensitive locations.”

Kochava argued that the FTC’s allegations implied a misunderstanding of the company’s services. Kochava said that it does in fact collect latitude and longitude, IP addresses, and MAIDs associated with consumer devices. However, the company does not receive the data elements until days after, nor does it link a specific location to the latitude and longitude, or identify the consumer associated with the MAID, the lawsuit stated.

Kochava’s lawsuit against the FTC is the latest development in a string of data privacy-related actions that have emerged in the wake of the Supreme Court’s decision to overturn Roe v. Wade.

Shortly after the decision was released in June, the FTC expressed its intentions to enforce against improper and illegal consumer location and health data privacy practices in a blog post by the acting associate director of the FTC’s division of privacy and identity protection.

The post emphasized that the FTC “does not tolerate companies that over-collect, indefinitely retain, or misuse consumer data.”

Tensions surrounding the improper collection and use of personal data triggered concern even before the Supreme Court’s decision, but the decision raised the risk level associated with location and health data. In early June, 40 Congressional Democrats wrote a letter to Google asking it to stop collecting and retaining location information in anticipation of the ruling.

The lawmakers cited numerous concerns, including the fear that “Google’s current practice of collecting and retaining extensive records of cell phone location data will allow it to become a tool for far-right extremists looking to crack down on people seeking reproductive health care.”

In July, Google announced plans to heighten its data privacy practices and committed to deleting location history when users visit abortion clinics, domestic violence shelters, fertility centers, weight loss clinics, addiction treatment centers, and other facilities.

As tensions continue to mount, tech companies and any organization that collects and maintains health and location data will likely continue to be the focus of the FTC’s investigations.