FTC Sues Data Broker Over Location Data, But May Face Steep Uphill Climb
from the "anonymization"-isn't-actually-a-thing dept
The reversal of Roe is resulting in dramatic new pressures on privacy reform, given how easily consumer location data can be weaponized against abortion seekers and those helping them. Not just by authoritarian-leaning state governments, but potentially by vigilantes who’ll find little trouble buying such data on the cheap from a wide array of irresponsible data brokers.
Hoping to get ahead of the curve, the Federal Trade Commission (FTC) has sued Kochava, a large location data depository, for selling access to consumer location data gleaned from visits to places of worship, reproductive health clinics, and other “sensitive locations.” According to the FTC announcement, such data sales open consumers to “stigma, stalking, discrimination, job loss, and even physical violence.”
Like most data brokers, Kochava collects location data hoovered from hundreds of millions of different smartphones courtesy either of individual apps, services, or mobile carriers, then sells it to a wide variety of third parties. Most such brokers make only superficial efforts to screen who buys this data, or impose restrictions on how the data can be used.
Also like most data brokers, Kochava claims that this data is “anonymized,” therefore justifying any potential privacy violations. But, like countless studies before them have also shown, the FTC notes that “anonymization” is effectively a meaningless term, since individuals can be easily identified with just a little additional information:
the FTC alleges that the company’s customized data feeds allow purchasers to identify and track specific mobile device users. For example, the location of a mobile device at night is likely the user’s home address and could be combined with property records to uncover their identity. In fact, the data broker has touted identifying households as one of the possible uses of its data in some marketing materials.
It’s good that the FTC’s taking action given the widespread, documented abuse of such data. The FCC is also applying greater pressure on mobile carriers to disclose the collection of sale of user location data.
Such data is frequently gleaned without consumer awareness or consent, and we’ve seen a steady fifteen years parade of scandals where such data has been abused by stalkers, law enforcement, people pretending to be law enforcement, and an assortment of other nitwits. Adtech in general is a convoluted wild west of hubris and greed, and to call regulatory oversight pathetic would be kind.
While the FTC is well intentioned here, industry watchers seem inclined to think this case feels a little weaker than past FTC efforts, and is one the agency could easily lose. Expecting FTC action, Kochava filed a pre-emptive lawsuit of their own several weeks earlier. It also announced a new feature it’s calling Privacy Block, which removes health service location data from their data troves.
Some lawyers, like Megan Grey, think the FTC had hoped Kochava would settle, and were surprised when the company fought back instead:
In short it sounds like the (underfunded, understaffed, and routinely over-extended) FTC wanted to make what it hoped would be a flashy, pre-emptive settlement example of one of the industry’s biggest players to get other adtech ducks to fall in line. Now the agency risks losing a case that could encourage other data brokers to double down… for now.
The problem for the data broker space is their greed will make it difficult to self-regulate in any meaningful way. So it’s a matter of when, not if, abortion seeker location data is exploited in new, creative, and terrible ways by the nation’s surging authoritarians, at which point public pressure to crack down on the unaccountable wild west that is adtech will only grow exponentially.
For more than fifteen straight years people in tech (generally white, affluent men) brushed aside the location data concerns of privacy advocates as hyperbole. With the repeal of Roe and the rise of U.S. authoritarianism, the check for that hubris is coming due, sooner rather than later.
Filed Under: data brokers, ftc, health care, lawsuit, privacy, reproductive rights
Companies: kochava
Comments on “FTC Sues Data Broker Over Location Data, But May Face Steep Uphill Climb”
... what did they think was going to happen?
They’re trying to quash or seriously impact the source of money for the companies in the ‘personal data for sale’ industry, did they really think that the first company they’d go after would just roll over and say ‘fine, we’ll cripple our profits rather than fight back’?
EU GDPR the way to go?
The US simply lacks adequate data protection, the EU is leading the way in this at the moment, putting the rights of individuals and consent as the focus. But it’s a tough balance, and any legislation that has teeth can be shouted down by those who focus solely on freedom of information. There always needs to be a balance between these competing rights. Other authors on this site are very vocally against these sort of protections.