The NBA, MLB and LaLiga place bets on NFTs

“You go to [Kochava] if you don’t trust your partners and you want the raw data to be tracked [mobile app installs and advertising],” said a digital ad tech who worked with Kochava on behalf of an advertising client in the past, asking not to be named in the story.

Now the FTC is cracking down on the unintended consequences of the veiled chaos.

In its complaint against Kochava, the FTC alleged that location data sold by the company — which was readily available for purchase at places including Amazon’s AWS data marketplace — was provided in a form that could identify people visiting sensitive sites such as reproductive health or addiction recovery centers, places of religious worship or homeless shelters or domestic violence.

Plausible data deniability

Kochava says its advertising and app measurement services are distinct from its data marketing business, which is at the heart of the FTC complaint. The company says each business lives in a distinct cloud instance managed under separate accounts.

Kochava would not disclose where the data sold on that marketplace comes from, according to a source familiar with the company’s strategy. In fact, in some cases, even the company itself does not know.

As is de rigueur in the opaque mobile location data industry, partnerships are almost always shrouded in non-disclosure agreements. Companies that sell location data or provide other types of data services often do not disclose the original sources of the information they collect, package and sell.

When Kochava introduced its marketplace business in 2017, the company said the data sold there would come through its free app analytics service, from mobile ad networks and from app publishers and other partners. At the time, the company mentioned only one data provider that aimed to monetize its data by partnering with Kochava: AreaMetrics, a consumer-facing mobile app that offered location-based restaurant reviews.

But Kochava said it only obtains the accurate location data sold on the marketplace from data brokers and does not obtain accurate location data sold on the marketplace from direct data provider relationships with app publishers or through its free analytics product.

Still, Kochava wants legal protection for taking these steps. It currently requires companies that use the free analytics product to agree to a license and service contract that requires them to include verbatim language in their privacy policies that say they collect and may sell personal information, including identifiers, geolocation data and inferences from those categories. Kochava also requires companies using its free analytics service to obtain user consent to collect accurate location data and share or sell it with third parties.

There are big incentives for media companies and app developers to give location data vendors access to the data obtained through their apps. First, providing access to the information helps determine where people are or have been, making the ad inventory that app publishers sell more valuable to advertisers who pay more for location-targeted ads.

Allowing access to this data can also provide additional revenue streams with little extra work for the publisher. Typically, location data providers pay publishers according to the number of unique data signals they provide. For example, they may pay a flat fee for location data points associated with 1,000 app users.

FTC cracks down on unintended data use

After the Supreme Court overturned Roe v. Wade earlier this year, more people began to realize that location data is often packaged and sold, and can be used to identify people. Now that states across the country are punishing people for obtaining abortions, the digital footprints their phones make when they visit health clinics and other sensitive locations have serious real-world legal implications.

With location data under increased scrutiny, digital ad groups and data providers have begun to respond by restricting its use. Location data sellers SafeGraph and Placer.ai said they would stop selling data related to reproductive health centers. Google now also deletes location data from sensitive locations, including abortion clinics.

Last month, Kochava itself said it would begin removing precise geo-location data related to healthcare locations from the end of the third quarter of this year. The company will also allow people to register to block sensitive location data from being used, shared or bought on the data marketplace.

Kochava’s system connects with big names in Big Tech including Amazon, Facebook, Google, Snapchat and TikTok to enable advertising and ad-related services on their properties. For example, Google counts Kochava as an integrated app attribution partner.

Meanwhile, companies that make apps with millions of daily users, including Disney, Instagram and Major League Baseball, are all listed publicly by Kochava as integrated partners. But rather than representing Kochava clients or contractual partnerships, the list of “partners” represents only the ad technology providers and media companies Kochava’s measurement system can recognize and report on when it receives information about how well advertising performed from its advertiser clients.

Still, the list of hundreds of companies, most of which send data between multiple ad systems to enable targeted advertising, is a visible symbol of a labyrinthine mobile ad ecosystem — one of the FTC’s ties as part of the digital data surveillance industry it targets. to chain. In its complaint, the agency included information from Kochava’s own data sales materials showing that it has sold precise latitude and longitude map coordinates aggregated at a specific time and associated with device IDs showing when a device was present at a given location.

“What the FTC has proposed about Kochava is technologically completely plausible,” said another vice president of the ad tech company who asked not to be named for this story.

While advertisers have entirely different uses for this kind of data—for example, to understand how their ad campaigns helped drive incremental app downloads or product sales, or whether people from a particular area drove past a billboard—the FTC aims to highlight unintended uses for precise location data that comes with time stamps and can be attached to device IDs, especially when made readily available for sale to the public.

“The sale of such data constitutes an unwarranted intrusion into the most private areas of consumers’ lives and causes or is likely to cause substantial harm to consumers,” the FTC complaint states.

The complaint described a process that can be used to decipher someone’s identity when location data includes the times devices appeared in a particular location, as Kochava’s data does.

First, the home address associated with a mobile device is discovered through data patterns that show a device has lingered in a specific location for several hours overnight, indicating that it is a residence. This residential address can then be matched with a person’s name, contact details and other demographic information. Through this series of data hits, visits to a specific location can then be linked to an identified person.

“What the FTC has proposed about Kochava is technologically completely plausible,” said another vice president of the ad tech company who asked not to be named for this story.

Kochava fights

The identification process described by the FTC involves some searching. But before the FTC announced its complaint against the company last week, Kochava filed his own lawsuit against the agency, arguing that the company is not liable if data it sells is used to identify someone. Instead, it argues that it is consumers’ responsibility to protect their data.

Kochava’s suit states: “the consumer agreed to share their location data with an app developer. As such, the consumer should reasonably expect that this data will contain the consumer’s locations, including locations that the consumer considers sensitive. Prior to data collection, a disclaimer or warning was also provided to a consumer regarding the collection of data from all locations, including sensitive ones.”

Essentially, Kochava believes it shouldn’t be wrong if people combine the data they’re selling with other information.

“We do not take it lightly to be launched into a political fight for which we have no reason to be in the ring. We know that the regulatory road ahead is likely to be long and tortuous. We take regulatory compliance very seriously at Kochava, and we will not sit idly by and let our company and community reputation be damaged. We will not stand for that, and we are grateful to have all of our supporters in our corner as long as we are in this fight,” Kochava CEO Charles Manning wrote in a Sept. 1 blog post.

With Congress failing to rein in the digital data use that fuels ad-driven business models and facilitates what many call the “surveillance economy,” the FTC is expected to continue its aggressive approach to regulating data use.

The commission will hold a public forum on commercial surveillance on Thursday.

“Mass surveillance has increased the risk and effort of error, deception, manipulation and other abuses,” the agency said. “The Federal Trade Commission is asking the public to consider whether new rules are necessary to protect people’s privacy and information in the commercial surveillance economy.”

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *