Another Denial Against Kochava Re FTC Case; Number of Sanctions Doubled in 2024, CNIL Report

Want to receive these privacy recaps in your inbox each week? Subscribe here.

USA

Judge Again Denies Dismissal of FTC’s Case Against Kochava

An Idaho district court judge denied Kochava’s motion to dismiss the FTC’s second amended complaint alleging that consumers had been targeted and harmed by Kochava’s collection and sale of geolocation data and “audience segments” derived from such data (Case 2:22-cv-00377-BLW).

In rejecting Kochava’s arguments, the court held that Section 5 of the FTC Act is not limited to only tangible harms, that the invasion of privacy has long been cognizable as a substantial legal injury, that an unfairness claim does not require an underlying violation of a “well-established legal policy”, that the FTC has sufficiently plead facts to state a “plausible” claim for relief by demonstrating that harms have resulted from similar mobile device data (and therefore that Kochava’s practices are likely to cause consumer harm), and that the FTC has adequately alleged that the purported injury to consumers is not outweighed by the countervailing benefits to consumers of Kochava’s collection the specific types of sensitive data at issue. 

TAKEAWAY

Kochava was only one of several actions by the FTC in recent years claiming unfair handling of location data, including actions against data broker X-mode, data aggregator Inmarket, data broker Mobilewalla, location analytics company Gravy Analytics, and most recently, General Motors.

The FTC also previously issued a blog post warning that “Browsing and location data are sensitive. Full stop”, that “collecting, storing, using, and sharing people’s sensitive information without their informed consent violates their privacy”, and that the FTC would use all of its tools to continue to protect Americans from “abusive data practices and unlawful commercial surveillance”.

Kochava is the only one of these cases, however, that has been challenged to this degree in the courts. A Kochava spokesperson reportedly stated that the company would continue to defend itself against the FTC claims.  

Watch our webinar on-demand to learn more about navigating sensitive data requirements in the U.S.

Europe

CNIL Report Reveals that Number of Sanctions Doubled in 2024

The French CNIL released a 2024 enforcement report showing that the Data Protection Authority issued a total of 331 decisions in 2024, including 87 sanctions (which it says is double the number in 2023) and €55,212,400 in cumulative fines.

Some areas highlighted by the CNIL in its report include commercial prospecting using data collecting from third parties (i.e., from data brokers) without ensuring the data was collected in accordance with the GDPR; the anonymization of health data (noting that data remains pseudonymous, and therefore personal, even when collected on a large scale by an entity that is unaware of the identify of the individuals concerned, when linked through an identifier); failing to respond to individuals’ exercise of rights; failure to minimize data; breach of personal data security; and not allowing users to refuse cookies as easily as to accept them (i.e., by making the cookie refusal mechanism more complex than the acceptance mechanism). 

TAKEAWAY

This report showing the CNIL’s increased enforcement comes shortly after a statement from the CNIL (issued in conjunction with a list of recommendations for mobile app privacy) that the CNIL will begin monitoring mobile applications beginning in Spring 2025, potentially providing insight into one area that may be reflected in the 2025 enforcement report. 

Watch our webinar about mobile app privacy with Baker McKenzie.

Want more of the privacy highlights that matter for consent management and digital marketing? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.