CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

FTC Enforcement Action Bans Kochava from Selling Precise Location Data Without Explicit Consent

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The U.S. Federal Trade Commission (FTC) has moved to prohibit Idaho-based data broker Kochava and its subsidiary Collective Data Solutions (CDS) from selling or licensing precise geolocation data without consumers’ affirmative express consent, following a near-four-year legal dispute initiated in August 2022. Under the proposed order filed in the U.S. District Court for the District of Idaho, Kochava must implement safeguards including a sensitive location data program, supplier consent verification, consumer access and consent withdrawal mechanisms, third-party misuse reporting, and a data retention and deletion schedule. The order, if approved, will have the force of law and introduces significant operational restrictions on the company’s data brokerage activities.

Timeline

  1. 05.05.2026 17:39 1 articles · 11h ago

    FTC proposes nationwide ban on Kochava’s sale of precise location data without consent

    The FTC has filed a proposed order in the U.S. District Court for the District of Idaho that would permanently bar Kochava and its subsidiary Collective Data Solutions from selling, licensing, or disclosing precise location data without consumers’ affirmative express consent. The order also mandates the creation of a sensitive location data program, supplier consent verification, consumer access and withdrawal mechanisms, third-party misuse reporting, and a data retention and deletion policy. The order will have the force of law upon judicial approval.

    Show sources
    Open in new tab

Information Snippets

  • The FTC filed suit against Kochava in August 2022, alleging the company collected and sold precise geolocation data from hundreds of millions of mobile devices via the AWS Marketplace without user consent.

    First reported: 05.05.2026 17:39
    1 source, 1 article
    Show sources

  • Kochava’s data feed reportedly provided clients with raw latitude/longitude data at scale, including approximately 94 billion geolocation transactions per month, 125 million monthly active users, and 35 million daily active users, with an average of over 90 transactions per device daily.

    First reported: 05.05.2026 17:39
    1 source, 1 article
    Show sources

  • The FTC’s complaint highlighted that Kochava’s clients could track individuals to and from sensitive locations such as mental health and addiction recovery facilities, reproductive health clinics, places of worship, homeless shelters, and domestic violence survivor shelters.

    First reported: 05.05.2026 17:39
    1 source, 1 article
    Show sources

  • Kochava introduced a "Privacy Block" feature to exclude health services locations from its marketplace, asserting a "privacy-first approach" one day before the FTC filed its complaint against the company.

    First reported: 05.05.2026 17:39
    1 source, 1 article
    Show sources

  • The proposed FTC order would prohibit Kochava and CDS from selling, licensing, transferring, or disclosing precise location data without affirmative express consent tied to a service directly requested by the consumer.

    First reported: 05.05.2026 17:39
    1 source, 1 article
    Show sources

  • The order requires Kochava and CDS to establish a sensitive location data program, implement supplier assessment for consumer consent, allow consumers to request disclosure of data recipients and withdraw consent, submit incident reports to the FTC for third-party misuse, and define a data retention and deletion schedule.

    First reported: 05.05.2026 17:39
    1 source, 1 article
    Show sources