How to Safeguard Your Location Privacy: Lessons from the Kochava Case
Introduction
The Federal Trade Commission's recent action against data broker Kochava and its subsidiary Collective Data Solutions (CDS) highlights the serious risks of unregulated location data sales. The FTC alleged that Kochava sold precise geolocation data from hundreds of millions of mobile devices without adequate consumer consent, leading to a ban on such practices. This case underscores the need for both individuals and businesses to take proactive steps to protect location privacy. In this guide, you'll learn how to secure your location data, understand the regulatory landscape, and implement best practices to avoid similar pitfalls.
What You Need
- A smartphone or mobile device with location settings access
- Awareness of your installed apps and their permissions
- Access to privacy settings on your device (iOS, Android)
- Optional: A VPN service, privacy-focused apps
- For businesses: Knowledge of FTC guidelines on consumer consent and data handling
Step-by-Step Guide
Step 1: Understand What Location Data Is and Why It's Valuable
Location data includes GPS coordinates, Wi-Fi triangulation, and cell tower information that can pinpoint where a device (and its user) is at a given time. Data brokers like Kochava aggregate this data from apps and sell it to advertisers, insurance companies, and even government agencies. The Kochava case shows that without explicit consent, this trade violates consumer privacy rights. Educate yourself on how apps collect location data—often for features like weather, maps, or targeted ads—and the potential for misuse, such as tracking visits to healthcare facilities or political rallies.
Step 2: Review and Restrict Device Permissions
Go into your device settings and audit which apps have access to your location. For iOS: Settings > Privacy & Security > Location Services. For Android: Settings > Location > App permissions. Change permissions to While Using the App instead of Always for apps that don't need background tracking. Consider turning off precise location if an app only needs a general area. Deny location access to apps that have no clear need for it—like a calculator or notepad. This step directly reduces data available to brokers like Kochava.
Step 3: Opt Out of Data Broker Collections
Many data brokers offer opt-out options, though they can be cumbersome. Visit the Digital Advertising Alliance (DAA) or Network Advertising Initiative (NAI) opt-out pages to limit targeted advertising based on location. Some brokers, including Kochava, have an opt-out page (check their website). However, note that the FTC's ban on Kochava means they can no longer sell location data without consent—so opting out may not be necessary for that specific broker, but it's a good practice for others. Use privacy tools like DeleteMe or Incogni to automate opt-out requests.
Step 4: Use Privacy-Focused Tools and Services
Consider alternatives to mainstream apps that minimize location data sharing. For example, use DuckDuckGo for searches, OpenStreetMap for navigation, or Signal for messaging (which doesn't store location metadata). Enable VPN (Virtual Private Network) services on your device to obscure your IP address and general location, though note that VPNs don't stop GPS data collection. Review app privacy policies before installation—look for terms like "sell" or "share with third parties" regarding location. Install a privacy dashboard app that tracks which apps access your location and when.
Step 5: For Businesses—Implement Consent and Data Minimization
If you run a business that collects location data, follow the lessons from the Kochava case. The FTC requires explicit, informed consent before selling or sharing precise geolocation data. This means clear, prominent disclosures that are not buried in privacy policies. Use a consent management platform (CMP) to obtain user permission. Also, practice data minimization: only collect location data necessary for your core service, and delete it when no longer needed. Avoid selling raw location data; if you must share, anonymize and aggregate it to reduce re-identification risk.
Step 6: Stay Informed About Regulatory Changes
The FTC's action is part of a larger trend. Several states (e.g., California, Virginia, Colorado) have passed comprehensive privacy laws that restrict location data sales. Check if your state has a Consumer Privacy Act that grants you rights to access, delete, or opt out of sale of your data. Subscribe to FTC updates or follow privacy advocacy groups like the EFF (Electronic Frontier Foundation) for news. As new regulations emerge, adapt your personal or business practices accordingly.
Tips for Ongoing Protection
- Regularly review permissions: Set a quarterly reminder to audit which apps have location access.
- Use limited ad tracking: On iOS, enable "Limit Ad Tracking" and on Android, use "Opt out of Ads Personalization."
- Disable location history: Turn off Google Location History and similar features in your accounts.
- Be cautious with public Wi-Fi: Use a VPN when on public networks to prevent location leakage.
- Educate employees: If you run a business, train staff on data privacy best practices to avoid inadvertent sharing.
- File complaints: If you suspect a company is selling your location data without consent, report it to the FTC at ReportFraud.ftc.gov.
By following these steps, you can reduce your exposure to location data brokers and help ensure that your movements remain private. The Kochava case is a landmark reminder that vigilance is essential in an era of pervasive data collection.