The **FTC** initially sued **Kochava** in August 2022, accusing the company of gathering and selling geolocation data from hundreds of millions of mobile devices. This data allegedly allowed clients to monitor users' movements to and from sensitive locations such as mental health facilities, reproductive health clinics, and domestic violence shelters. According to the complaint, **Kochava** provided access to this data via the **Amazon Web Services (AWS)** Marketplace for a $25,000 subscription fee. The company claimed to deliver "rich geo data spanning billions of devices worldwide," processing over 94 billion geo transactions per month. **Kochava** also claimed its location data feed included 125 million monthly active users and 35 million daily active users, averaging more than 90 daily transactions per device. The **FTC** argued that affected consumers were unaware of this data sharing and had no means to prevent potential harms like stalking, discrimination, and physical violence. **Kochava** responded by suing the **FTC**, claiming overreach. Simultaneously, they announced "Privacy Block," a feature designed to prevent the tracking of health services locations.  _Location data sold by Kochava (FTC)_ ### Terms of the Proposed Order Under the proposed order, **Kochava** and **CDS** are prohibited from selling, licensing, transferring, or disclosing precise location data without affirmative express consent. The data can only be used to provide a service directly requested by the consumer. In addition, the companies must: * Establish a sensitive location data program. * Implement a supplier assessment program to verify consumer consent. * Allow consumers to request disclosure of who received their data and withdraw consent. * Submit incident reports to the **FTC** when third parties misuse location data. * Create a data retention and deletion schedule. This order will become legally binding upon approval by the U.S. District Court for the District of Idaho. The **FTC** has been actively cracking down on commercial surveillance. In August 2022, they announced plans to create new rules targeting businesses that collect, analyze, and monetize consumer data. They had previously warned companies against illegally sharing or using sensitive consumer information. In 2024, the agency banned data brokers **InMarket Media**, **Outlogic** (formerly **X-Mode Social**), **Gravy Analytics**, and **Mobilewalla** from selling Americans' location tracking data. <a rel="noopener nofollow" href="https://hubs.li/Q04crVgD0"><img alt="article image" src="https://www.bleepstatic.com/c/p/autonomous-validation2.jpg"></a> <div> <h2><a rel="noopener nofollow" href="https://hubs.li/Q04crVgD0">99% of What Mythos Found Is Still Unpatched.</a></h2> <p>AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.</p> <p>At the Autonomous Validation Summit (May 12 &amp; 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop.</p> <p><a rel="noopener nofollow" href="https://hubs.li/Q04crVgD0">Claim Your Spot</a></p> </div>