Posted By HIPAA Journal on Aug 18, 2022
A lawsuit has been filed against the Federal Trade Commission by an Idaho-based digital marketing and analytics company, which is alleged to have violated the Federal Trade Commission (FTC) Act with its data practices.
Kochava’s primary business unit provides mobile advertising attribution through customizable software tools, which are provided under the software-as-a-service model. The software allows its customers to obtain data points and analytics for digital marketing campaigns and applications. The second business unit is an aggregator of third-party provided mobile device data, which Kochava makes available through its data marketplace, the Kochava Collective.
Following the Supreme Court’s decision to overturn Wade v. Roe, privacy advocates have voiced their concern about the potential for data brokers and law enforcement in some states to collect information about individuals who visit reproductive health clinics to seek advice about abortions. Shortly after the Supreme Court’s decision, the FTC announced its commitment to fully enforce the law against the illegal use and sharing of highly sensitive data, such as the collection and use of consumer location data and illegal privacy practices with respect to reproductive healthcare data.
The Kochava Collective provides data feeds and audience targeting to clients for marketing purposes. The FTC alleges the Kochava Collective provides precise geolocation data that is associated with Mobile Advertising Identifiers (MAIDs), which means it is possible to identify and track consumers when they visit sensitive locations such as reproductive health clinics, therapist’s offices, medical facilities, and addiction recovery centers. The FTC also alleges that the data is time-stamped, so it is possible to tell exactly when an individual visited a location and that there are no technical controls in place to prohibit Kochava’s customers from tracking consumers when they visit those locations. The collection of latitude and longitude, IP address, and mobile advertising identifier information associated with consumers’ devices is a violation of the FTC Act, according to the FTC, which is seeking a permanent injunction against Kochava to prevent future FTC Act violations.
Kochava denies that its data can be used by its customers to identify and track individuals and claims that the FTC has misunderstood the services it provides. Kochava maintains that while the FTC is correct with respect to the collection of latitude and longitude, IP addresses, and MAIDS associated with consumer devices, those data elements are not received until days afterward, and the specific locations and consumers associated with MAIDs are not linked. Further, Kochava explains in the lawsuit that the FTC is wrong in its view that there are no technical controls in place to prevent its customers from tracking consumers when they visit sensitive locations. Kochava said it introduced a new capability on August 10, 2022, called Privacy Block, which allows its clients to shut off the collection of sensitive location data such as visits to healthcare providers.
Kochava maintains that it “operates consistently and proactively in compliance with all rules and laws, including those specific to privacy,” and that the FTC has threatened the company with a District Court lawsuit and a proposed settlement when both the lawsuit and settlement are based on inaccurate information. Kochava also alleges the FTC is overstepping its legal authority to enforce the FTC Act and is attempting to make the company a scapegoat in order to set a precedent across the ad tech industry. Kochava files the lawsuit to get the Idaho Federal Court to intervene.
Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.
Immediate PDF Download
HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines. HIPAA Journal’s goal is to assist HIPAA-covered entities achieve and maintain compliance with state and federal regulations governing the use, storage and disclosure of PHI and PII.
Receive weekly HIPAA news directly via email
Email Never Shared
Cancel Any Time
Copyright © 2014-2022 HIPAA Journal. All rights reserved.