On August 29, the Federal Trade Commission announced it had filed a landmark lawsuit against data broker Kochava for âselling geolocation data from hundreds of millions of mobile devicesâ that can be used to trace individualsâ time-stamped movements to sensitive locations. These include reproductive health clinics, places of worship, addiction recovery centers, and shelters for the unhoused and survivors of domestic violence. Kochava, the FTC alleges, âis enabling others to identify individuals and exposing them to threats of stigma, stalking, discrimination, job loss, and even physical violence.â
In response, the Idaho-based company claims that it âoperates consistently and proactively in compliance with all rules and laws, including those specific to privacy.â In other words, Kochava relied on a core defense in the data broker playbook: Well, itâs legal.
But this is like saying youâve read every book on the subject when all thatâs been written is a waiting-room brochure. In a colossal failure of US policymakingâand, in many cases, a product of deliberate attempts to undermine or neglect marginalized peopleâs privacyâthe US has weak privacy laws in general. Very few laws in the US even relate to data brokers, let alone constrain their actions. Nonetheless, the fact that Kochava is not breaking the law doesnât make its behavior harmlessâand it doesnât make the company immune from lawsuits, either. The FTCâs case could establish that this kind of data surveillance, monetization, and exploitation is an unfair or deceptive business practice, exposing brokers to punishment. And it has the argument to get there.
[…]
Source: The FTC May (Finally) Protect Americans From Data Brokers | WIRED