Article 6GCFK Unsealed FTC Complaint Shows Data Broker Kochava Hoovered Up Oceans Of Sensitive Data On Millions Of Americans

Unsealed FTC Complaint Shows Data Broker Kochava Hoovered Up Oceans Of Sensitive Data On Millions Of Americans

by
Karl Bode
from Techdirt on (#6GCFK)
Story Image

There's generally been two reasons the U.S. government hasn't tried to regulate data brokers or pass even a baseline privacy law, and it's not, contrary to conventional wisdom, because it's too hard.

One, there's an army of industries with near-bottomless lobbying budgets opposed to meaningful privacy protections, because empowered consumers would inevitably cost these companies billions in annual data monetization revenues. The U.S. government also isn't keen to restrict the flow of this data because it purchases much of it as an end-around to getting a fucking warrant.

That's not to say the FTC under Lina Khan hasn't been trying, sometimes sloppily learning as she goes, to disrupt this very broken but very profitable status quo.

Last year the FTC sued the data broker Kochava (see complaint) for selling access to consumer location data gleaned from visits to places of worship, reproductive health clinics, and other sensitive locations. Like most such brokers Kochava over-collected this data, then didn't adequately screen who had access to it.

A federal judgeinitially dismissed the FTC's case, claiming the agency hadn't provided enough evidence proving Kochava had violated the FTC Act. The FTC responded with more detail in an amended complaint, but sought to have the complaint sealed out of an abundance of caution" to protect trade secrets while the case was litigated.

Last week, U.S. District Judge B. Lynn Winmill not only unsealed the FTC's amended complaint containing more detail on what Kochava has been up to, but his order shot down Kochava's attempts to have the FTC sanctioned for overreach." Kochava insisted the FTC was making statements that were knowingly false," but Winmill said he couldn't find a single instance of that actually being, you know, true.

According to the amended complaint, the scope of the data Kochava was casually collecting and monetizing is massive. It includes detailed movement data of consumers down to the meter, as they visited sensitive locations like hospitals, temporary shelters, abortion clinics and places of worship. Kochava then made it easy for advertisers to target consumers based on sensitive metrics.

The end result are a chain of barely accountable companies that are tracking your daily life in stunning detail, providing insights into everything from your sexual preferences and religious affiliations, to whether you're expectant parents or have mental health challenges. Like many data brokers, Kochava insists this is all no big deal because much of this data is anonymized," an utterly meaningless term.

But the FTC's amended complaint is quick to note that Kochava didn't even bother to try and anonymize much of the data:

Kochava itself concedes that this data is not anonymous, but rather can be, and is, used to track and identify individual consumers. In many cases, Kochava provides data that directly links this precise geolocation data to identifying information about individual consumers, such as names, addresses, email addresses, and phone numbers."

In the post-Roe era the FTC's amended complaint is quick to point out that the potential safety, legal, national security, and political ramifications of these kinds of privacy violations at scale are massive:

Kochava's use and disclosure of this precise geolocation information invade consumers' privacy and cause or are likely to cause consumers substantial injury. In addition, Kochava collects, uses, and discloses enormous amounts of additional private and sensitive information about consumers. Kochava's use and disclosure of this data, whether alone or in conjunction with Kochava's geolocation data, also invade consumers' privacy and cause or are likely to cause consumers substantial injury."

The problem is Kochava is just one of dozens of such companies playing fast and loose with sensitive consumer data. And the FTC generally lacks the staff or funding to tackle them all. Normally this is where Congress would come in. But wide swaths of our corrupt Congress are too busy performatively hyperventilating about TikTok, consciously ignoring that the real problem goes much, much deeper.

Guys like Senator Josh Hawley or the FCC's Brendan Carr will suffer absolute embolisms over the faintest idea that the Chinese government might have insight into your TikTok habits, but couldn't care less about data brokers sell your most personal data details to any nitwit with a nickel (including Chinese intelligence). At some point you'd have to start wondering what's driving that curious myopia.

External Content
Source RSS or Atom Feed
Feed Location https://www.techdirt.com/techdirt_rss.xml
Feed Title Techdirt
Feed Link https://www.techdirt.com/
Reply 0 comments