In a complaint filed this week, the Federal Trade Commission (FTC) alleges that a data broker sold geolocation data from individuals showing their movements to and from sensitive locations, including reproductive health clinics, places of worship, and substance use disorder clinics. Kochava, the broker in question, allegedly collects and sells GPS location data from consumers via their mobile devices.

According to the complaint, Kochava both sells this information in customized data feeds on publicly accessible marketplaces and gives it away in unrestricted promotional samples. This data were not anonymized, and the complaint claims that it is possible to link these GPS data to persistent mobile device identifiers and street maps to compile a list of consumers who visited abortion clinics, substance use disorder clinics, and places of worship, and when those visits took place.

This FTC action comes on the heels of the Dobbs decision abrogating the constitutional right to seek abortion care. Since then, many commenters have raised concerns about the possibility of anti-choice prosecutors using publicly-available data to bring cases against patients and providers.  Following Texas’s example, some states also would allow private individuals to use these data to bring private “bounty” suits against patients and providers. This enforcement action, the first of its kind since Dobbs, is likely intended to mitigate that possibility.

While some state privacy laws protect consumer GPS data, federal law has not yet addressed the issue. The FTC currently relies on Section 5 of the FTC Act as authority to regulate unfair and deceptive trade practices, but the proposed American Data Privacy and Protection Act would explicitly empower the agency to regulate the use and sale of this and other sensitive personal information.

Click here to view the complaint in full.