:

FTC BANS KOCHAVA FROM SELLING LOCATION DATA

INDUSTRY DESK1 MIN READ
TUE, MAY 5, 2026

■ AI-SUMMARIZED FROM 3 SOURCES ▸ TIMELINE

The Federal Trade Commission will prohibit data broker Kochava and its subsidiary Collective Data Solutions from selling Americans' location data without explicit consent. The settlement resolves 2022 charges that the companies sold precise geolocation information from hundreds of millions of mobile devices.

Kochava and CDS collected location data from mobile apps and devices, then sold it to clients without consumers' knowledge or permission. The FTC alleged the practice violated consumer protection laws by enabling tracking of individuals' movements and sensitive locations. Under the settlement, the companies must obtain affirmative consent before selling location data and implement a data retention policy limiting how long they store geolocation information. They are also required to delete previously collected location data. The ban marks the FTC's continued enforcement against data brokers operating in the shadows of the digital economy. Location data has become a flashpoint for privacy advocates, as it can reveal detailed information about individuals' routines, health conditions, and personal relationships. Kochava is one of the largest location data providers in the U.S., aggregating information from hundreds of millions of devices. The settlement sends a clear message that the agency will target companies profiting from unregulated collection and sale of sensitive consumer data.

■ SOURCES

TechmemeBleeping ComputerTechmeme

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Federal prosecutors have unsealed a 2024 indictment charging three Russian nationals and two web hosting services with facilitating cyberattacks and money laundering that victimized cybercrime targets of $62 million.

JUST NOWSecurity Desk

A hacker accessed Suno's source code using stolen employee credentials, revealing that the AI music generator scraped decades of audio from YouTube to train its model.

JUST NOWAI Desk

Criminals can now clone voices with AI in mere seconds, outpacing traditional authentication defenses that banks and financial institutions rely on to prevent fraud.

JUST NOWAI Desk

Five malicious versions of AsyncAPI packages were published to npm, delivering a remote access trojan capable of stealing credentials and sensitive data from developer systems.

JUST NOWDev Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.