Kochava Loses Request for Sanctions Against United States FTC ⇥ arstechnica.com

A little over a year ago, the U.S. Federal Trade Commission sued Kochava, a data broker, for doing things deemed too creepy even for regulators in the United States. In May, a judge required the FTC to narrow its case.

Ashley Belanger, Ars Technica:

One of the world’s largest mobile data brokers, Kochava, has lost its battle to stop the Federal Trade Commission from revealing what the FTC has alleged is a disturbing, widespread pattern of unfair use and sale of sensitive data without consent from hundreds of millions of people.

US District Judge B. Lynn Winmill recently unsealed a court filing, an amended complaint that perhaps contains the most evidence yet gathered by the FTC in its long-standing mission to crack down on data brokers allegedly “substantially” harming consumers by invading their privacy.

[…]

Winmill said that for now, the FTC has provided enough support for its allegations against Kochava for the lawsuit to proceed.

And what a complaint it is. Even with the understanding that its claims are unproven and many are based on Kochava’s marketing documents, it is yet another reminder of how much user data is captured and resold by brokers like these with virtually no oversight or restrictions.

I noticed something notable on page 31 of the complaint. The FTC shows a screenshot of an app with a standard iOS location services consent dialog overtop. The name of the app is redacted, but it appears to be Ibotta based on a screenshot in this blog post. The FTC describes this as a “consent screen that Kochava provided”, and later says it is “not a Kochava app, nor is Kochava mentioned anywhere on the consent screen”. The FTC alleges location data collected through this app still made its way to Kochava without users’ awareness. While the FTC muddles the description of this consent screen, it is worth mentioning that a standard iOS consent screen appears to be, in this framing, inadequately informative.