The FTC settled charges with data broker Kochava, Inc. and its subsidiary Collective Data Solutions (CDS) over allegations that they sold precise location data from hundreds of millions of mobile devices without consumer consent, enabling tracking of visits to sensitive locations like reproductive health clinics and places of worship. The settlement prohibits the companies from selling or sharing sensitive location data without affirmative express consumer consent, and imposes compliance requirements including a sensitive location data program, supplier consent assessments, incident reporting, and data retention schedules. No monetary penalty was imposed.
Kochava and CDS are banned from selling, licensing, transferring, sharing, or disclosing sensitive location data without consumers’ affirmative express consent, and only if the data is used to provide a consumer-requested service. The companies must implement a sensitive location data program to identify and block sale of data from sensitive locations, a supplier assessment program to verify consumer consent for all location data, submit incident reports to the FTC when third parties violate data sharing contracts, provide consumers with the ability to request the names of entities that purchased their data and withdraw consent, and establish a data retention schedule requiring deletion of data on a set timeline.
In-house legal teams at companies that collect, process, or share precise geolocation data—including mobile app providers, ad tech vendors, and data brokers—should review vendor and data processing agreements to ensure they require affirmative express consumer consent for the collection, sale, or sharing of precise location data, and explicitly prohibit the disclosure of sensitive location data (e.g., health facilities, places of worship) without consent. Vendor agreements with data brokers must include clauses mandating supplier assessment programs to verify consumer consent for all location data, incident reporting obligations for unauthorized third-party data sharing, and enforceable data retention schedules requiring timely deletion of location data. Customer-facing agreements and privacy policies should be updated to disclose location data collection practices, provide consumers with easy mechanisms to withdraw consent, and outline third-party data sharing. All contracts involving location data should also include audit rights and requirements to comply with applicable FTC enforcement orders.
Entity
Kochava, Inc. and Collective Data Solutions (CDS)
Industry
Data Broker"Kochava and its subsidiary, Collective Data Solutions (CDS), which has taken over Kochava’s data broker business"
"May 4, 2026"
"Federal Trade Commission"
"to settle allegations"
"sold location data from hundreds of millions of mobile devices that could be used to trace the movements of individuals"
"collection, use and disclosure of precise location data invaded consumers’ privacy by revealing their movements, including visits to sensitive locations such as health facilities and places of worship"
The FTC filed a complaint and obtained a temporary restraining order against six defendants operating a deceptive health care scheme that impersonated government and insurance carriers to sell fake comprehensive health plans. The defendants allegedly charged consumers without express informed consent, failed to disclose material terms including cancellation processes, and misled consumers into paying for inadequate coverage that left many with substantial medical debt. The FTC seeks refunds for affected consumers and alleges violations of the FTC Act, Telemarketing Sales Rule, Impersonation Rule, and Gramm-Leach-Bliley Act.
$140.0M
Following an FTC investigation, a federal court granted summary judgment against timeshare exit scheme operator Christopher Carroll, ordering him to pay $140 million total ($95 million in consumer redress, $45 million civil penalty) for defrauding consumers out of over $90 million. The scheme used deceptive direct mail and in-person pitches, falsely claimed affiliation with timeshare companies, failed to provide refunds, and violated the FTC’s Cooling-Off Rule by forcing consumers to sign non-cancellable contracts. Carroll is also permanently banned from marketing timeshare exit services or engaging in deceptive door-to-door sales.
This press release announces the FTC's testimony before the Senate Commerce, Science and Transportation Committee on April 15, 2026, outlining the agency's priorities including consumer privacy protection, competition enforcement, and implementation of the TAKE IT DOWN Act. No specific enforcement action against a private entity is announced in this release.
The FTC announced an Advance Notice of Proposed Rulemaking (ANPRM) seeking public comment on a potential nationwide rule to address unfair or deceptive fee practices by online food and grocery delivery platforms. The ANPRM covers requirements for disclosing total prices, fees, variable charges, price differentials, and promotion terms. Past FTC enforcement actions against Instacart and Grubhub for deceptive fee practices are cited as evidence of ongoing issues in the industry.
$868K
The FTC announced three separate settlements with companies making false 'Made in USA' claims: TouchTunes (electronic dartboards, $625k consumer redress), Americana Liberty and related parties (flags and flagpoles, $167,743 redress), and Oak Street Bootmakers (footwear, $75k redress). The companies violated the FTC Act, Made in USA Labeling Rule, and for Americana Liberty, the Textile Act and Rules, by making unqualified origin claims for products with significant imported components or wholly imported from China. Each settlement prohibits future misrepresentations of U.S. origin and requires consumer notices.
$750K
The FTC alleged that Vanilla Chip LLC (d/b/a TruHeight) deceptively advertised height-enhancing supplements for children and teens without competent scientific evidence, and used fake employee-written and incentivized 5-star reviews. The proposed settlement requires TruHeight and its principals to pay $750,000, bars false health claims, and prohibits misleading review practices. A $4 million total judgment is partially suspended due to the respondents' inability to pay the full amount.