The FTC settled charges with data broker Kochava, Inc. and its subsidiary Collective Data Solutions (CDS) over allegations that they sold precise location data from hundreds of millions of mobile devices without consumer consent, enabling tracking of visits to sensitive locations like reproductive health clinics and places of worship. The settlement prohibits the companies from selling or sharing sensitive location data without affirmative express consumer consent, and imposes compliance requirements including a sensitive location data program, supplier consent assessments, incident reporting, and data retention schedules. No monetary penalty was imposed.
Kochava and CDS are banned from selling, licensing, transferring, sharing, or disclosing sensitive location data without consumers’ affirmative express consent, and only if the data is used to provide a consumer-requested service. The companies must implement a sensitive location data program to identify and block sale of data from sensitive locations, a supplier assessment program to verify consumer consent for all location data, submit incident reports to the FTC when third parties violate data sharing contracts, provide consumers with the ability to request the names of entities that purchased their data and withdraw consent, and establish a data retention schedule requiring deletion of data on a set timeline.
In-house legal teams at companies that collect, process, or share precise geolocation data—including mobile app providers, ad tech vendors, and data brokers—should review vendor and data processing agreements to ensure they require affirmative express consumer consent for the collection, sale, or sharing of precise location data, and explicitly prohibit the disclosure of sensitive location data (e.g., health facilities, places of worship) without consent. Vendor agreements with data brokers must include clauses mandating supplier assessment programs to verify consumer consent for all location data, incident reporting obligations for unauthorized third-party data sharing, and enforceable data retention schedules requiring timely deletion of location data. Customer-facing agreements and privacy policies should be updated to disclose location data collection practices, provide consumers with easy mechanisms to withdraw consent, and outline third-party data sharing. All contracts involving location data should also include audit rights and requirements to comply with applicable FTC enforcement orders.
Entity
Kochava, Inc. and Collective Data Solutions (CDS)
Industry
Data Broker"Kochava and its subsidiary, Collective Data Solutions (CDS), which has taken over Kochava’s data broker business"
"May 4, 2026"
"Federal Trade Commission"
"to settle allegations"
"sold location data from hundreds of millions of mobile devices that could be used to trace the movements of individuals"
"collection, use and disclosure of precise location data invaded consumers’ privacy by revealing their movements, including visits to sensitive locations such as health facilities and places of worship"
The FTC sent warning letters to 12 companies offering 'nudify' tools that generate nonconsensual intimate images, for failing to comply with the TAKE IT DOWN Act (TIDA) by not providing a mechanism for victims to request removal of such content. The letters urge immediate compliance with TIDA, which requires platforms to remove nonconsensual intimate images within 48 hours of a valid request. Noncompliant companies may face future legal action and civil penalties of up to $53,088 per violation.
The FTC began enforcing the TAKE IT DOWN Act on May 19, 2026, a law requiring covered platforms to establish a process for victims to request removal of nonconsensual intimate images and delete such content within 48 hours of a valid request. The agency launched a consumer complaint portal, issued compliance guidance for businesses and consumers, and sent reminder letters to major platforms including Meta, TikTok, and X about their obligations under the law. No specific penalties or enforcement actions against individual companies were announced in this release.
$6.5M
A federal court held Cliq Inc. and its executives Andrew Phillips and John Blaugrund in civil contempt for multiple violations of a 2015 FTC order requiring the payment processor to prevent enabling consumer fraud. The court found the defendants facilitated fraud by processing transactions for high-risk merchants, avoiding fraud monitoring, failing to conduct required underwriting, and ignoring chargeback thresholds. The court imposed $6.5 million in civil contempt sanctions against the defendants.
$795.8M
The FTC and State of Nevada settled charges with lead defendants of the IM Mastery Academy MLM scheme, including Chris and Isis Terry and their affiliated companies, over false earnings claims used to promote financial training programs and a multi-level marketing venture. The stipulated order imposes a $795.8 million judgment, with defendants surrendering nearly $90 million in assets including luxury real estate, vehicles, jewelry, and a yacht, totaling over $100 million with prior judgments from other involved defendants. The order also bans defendants from selling trading-training services, prohibits false earnings claims, and restricts deceptive practices including negative-option misrepresentations and telemarketing violations.
The FTC and State of Illinois, via the Department of Justice, filed a complaint against B.E.S.T. GDR LLC (d/b/a Premium Home Service) and its owner Yosef Bernath for creating thousands of fake home repair business listings with fabricated five-star reviews to deceive consumers. The defendants allegedly routed consumer calls to unqualified representatives, arranged for unlicensed technicians, and violated the FTC Act, Reviews and Testimonials Rule, Gramm-Leach-Bliley Act, and Illinois consumer protection laws. No monetary penalty has been imposed yet as the case is in initial filing stages.
Federal Trade Commission Chairman Andrew N. Ferguson sent letters to over a dozen major technology companies reminding them of their obligation to comply with the Take It Down Act (TIDA) by May 19, 2026. TIDA requires covered platforms to establish a process for victims, including children, to request removal of nonconsensual intimate images, with takedown of content and all identical copies required within 48 hours of a valid request. The FTC also issued supplemental guidance to help companies prepare for compliance and warned that it will monitor and enforce violations of the law.