The Federal Trade Commission (FTC) has sued the data broker Kochava for allegedly selling sensitive geolocation data.
The commission alleged, in the complaint it filed today, that Kochava sold precise location data that revealed sensitive information about consumers, including visits to “locations associated with medical care, reproductive health, religious worship, mental health, temporary shelters, such as shelters for the homeless, domestic violence survivors, or other at-risk populations, and addiction recovery.”
The allegations about reproductive healthcare data are especially salient in the aftermath of the US Supreme Court’s Dobbs decision, which overturned decades of precedent under Roe v. Wade and allowed more than a dozen states to criminalize abortion.
Data privacy after DobbsPublic health advocates opposing the restrictive bans, have urged individuals to be cautious about their digital footprints if they’re seeking an abortion in a state where it’s illegal.
If someone is wary that their digital data could be subpoenaed and used against them in court, they should not only delete menstrual cycle tracking applications, but also be wary of their own text messages and geolocation data, experts told The New York Times in July. (The FTC settled with the fertility app Flo Health in July 2021 for its unauthorized sharing users’ health information with Facebook and Google.)
While the Kochava lawsuit isn’t solely about abortion—and touches on other important ways that personal data can be misused—the FTC appears to be signaling a renewed interest in protecting Americans’ reproductive health data. The bipartisan commission voted four-to-one—with Republican commissioner Noah J. Phillips as the lone vote against—to sue Kochava in federal court in Idaho, where the company is headquartered.
Kochava preemptively sued the FTC last week, calling its investigation a “manipulative attempt…to give the appearance that it is protecting consumer privacy despite being based on completely false pretenses.”
In a statement, Kochava general manager Brian Cox said the FTC has a “fundamental misunderstanding of Kochava’s data marketplace business” and called the lawsuit “frivolous.” Cox wrote that all of the geolocation data the company sells comes from consenting consumers.
“Consumer privacy is not just an abstract issue”In a recent press conference, FTC consumer protection chief Sam Levine said, “Some of the discussion around the recent Dobbs decision just underscores what many people have been saying for a long time: Consumer privacy is not just an abstract issue.”
Jolynn Dellinger, a privacy law and ethics professor at Duke University School of Law, said that Dobbs and the new abortion restrictions that followed have “highlighted the substantial risks that data brokers, and their collection and sale of health and location data, pose for women and providers, particularly in forced-birth states.”
She noted that law enforcement have been found to purchase personal data from brokers, a practice that the Center for Democracy & Technology, a nonprofit advocacy group, has called an “end-run around the fourth amendment of the Constitution and statutes such as the Electronic Communications Privacy Act (ECPA).”
“The fact that law enforcement actually buys data from data brokers that it would otherwise need a warrant to obtain also underscores the urgency of the protections needed for this data in light of the criminalization of abortion,” Dellinger said.
This article has been updated with a statement from Kochava.