• by Wendy Davis  @wendyndavis, October 15, 2024

Mobile data broker Kochava on Tuesday told a federal judge that it had settled three class-action complaints brought by smartphone users who claimed the company wrongly sold their geolocation data.

The settlement agreement “is a detailed and complex document” that is expected to resolve lawsuits in Idaho, California and Massachusetts, attorneys for Kochava and consumers said in a status report submitted to U.S. District Court Judge Indira Talwani in Boston.

The attorneys said they expected to give Talwani a further update in 30 days. No other details about the settlement agreement were available as of Tuesday.

A Kochava spokesperson said, “We are glad to reach a settlement with the plaintiffs and look forward to the court’s approval on this matter.”

If approved, the deal will bring an end to lawsuits brought in 2022 and 2023 over Kochava's alleged practice of obtaining and selling precise location data that originates with mobile apps.

All three suits came after the Federal Trade Commission charged Kochava with acting unfairly by allegedly selling the kind of location data that could expose sensitive information, such as whether people visited doctors' offices or religious institutions.

Among other allegations, the FTC alleged that Kochava sells precise geolocation data as well as mobile advertising IDs -- unique, 32-character identifiers that persist, unless consumers reset them.

Kochava, based in Sandpoint, Idaho, has argued that data it sells isn't personally identifiable, and that the FTC's allegations -- even if proven true -- wouldn't amount to unfair conduct.

Earlier this year, U.S. District Court Judge B. Lynn Winmill in Idaho allowed the FTC to proceed with its complaint. Winmill essentially said at the time that the allegations against the company, if proven true, could support the claim that it engaged in activity that could cause “substantial injury” to consumers, and wasn't reasonably avoidable or outweighed by benefits.

“Kochava allegedly provides its customers with vast amounts of essentially non-anonymized information about millions of mobile device users’ past physical locations, personal characteristics (including age, ethnicity, and gender), religious and political affiliations, marital and parental statuses, economic statuses, and more,” Winmill wrote in February.

Kochava founder and CEO Charles Manning said at the time that the company was “confident” it would prevail on the merits. He also noted that Kochava's “privacy block” -- a two-year-old feature that removes known health services locations from the company's marketplace -- had blocked over 2.1 million locations as of February.

Last week, the company reiterated its request that Winmill dismiss the FTC's complaint, contending that even if the allegations were proven true, they wouldn't give the FTC grounds to prosecute the company.

Kochava raised several arguments, including that the FTC lacks authority to bring charges over “an intangible harm such as an invasion of privacy.”

The company also says that even if the FTC could sue over an “intangible” privacy violation, it could only do so if the breach was “highly offensive” due to the nature of the data disclosed.

“The FTC cannot meet the high bar required to plead an invasion of privacy because the FTC fails to allege that the data at issue is so private that its disclosure would be highly offensive to a reasonable person,” Kochava argues.

The FTC hasn't yet responded to Kochava's latest argument.