The Debrief
L7L14L30L90All
PaidSearchIndustryTechDataBrandConversion
Data · 2 min read5 May 2026

The FTC Just Banned a Data Broker From Selling Location Data Tied to Clinics, Churches and Shelters. Every Marketer Using Location Targeting Should Pay Attention.

The FTC has barred data broker Kochava from selling sensitive location data without consent. The settlement redefines what counts as sensitive data and forces new compliance standards across the adtech supply chain.

The FTC did not simply fine Kochava. It fundamentally changed what the company is allowed to do with the data it collects.

2 min read

The Federal Trade Commission has settled its case against data broker Kochava and its subsidiary Collective Data Solutions. The terms are blunt: no more selling, licensing or sharing sensitive location data without explicit consumer consent.

The settlement defines "sensitive" locations as medical facilities, religious organisations, schools, childcare centres, homeless shelters, domestic violence shelters and military sites. Kochava was tracking millions of mobile devices visiting these locations and selling that data to advertisers.

The original complaint was filed in 2022. It alleged Kochava sold geolocation data that could identify individuals visiting reproductive health clinics. Four years later, the settlement imposes a privacy block on all sensitive location categories for at least two years, requires Kochava to build a comprehensive list of sensitive locations, run supplier assessments to confirm consent, file incident reports when third parties breach contractual requirements and allow consumers to request disclosure of where their data was sold.

30%

An estimated 30% of all location data sold by brokers in 2025 was tied to sensitive locations, according to privacy researchers

Why it matters

This is not just a Kochava problem. The settlement establishes a template that the FTC can apply to any data broker in the location intelligence supply chain. If your media buying relies on location-based audience segments, the data behind those segments is now under regulatory scrutiny.

For Australian marketers, the implications are indirect but real. US regulatory precedent shapes platform behaviour globally. Google, Meta and programmatic DSPs all source location data from third-party brokers. When those brokers face consent requirements, the downstream targeting options shrink.

The Australian Privacy Act review is heading in the same direction. The Attorney-General's department has flagged location data as a priority area for reform. What the FTC just did to Kochava is a preview of where Australian regulation is heading.

What to do about it

Audit your location-based audience segments. Ask your media agency or DSP provider where the underlying location data comes from and whether consent was obtained at the point of collection.
Shift toward first-party location signals. CRM data, store visit data and app-based location permissions are all consent-based by design.
Watch the Australian Privacy Act amendments. The next round of reforms is expected to tighten rules around geolocation data. Build your targeting strategy on foundations that will survive the change.
Review your data processing agreements with any third-party data providers. If they cannot demonstrate consent for sensitive location categories, that is a liability you are inheriting.
Share this brief
Send it to a colleague who'll find it useful.
LinkedInX
Filip Ivanković
The Debrief / From Filip Ivanković
One every morning. Six months in, you'll see the patterns most don't.
Strategy, benchmarks, and what's actually moving in Australian marketing. Four-minute read. The reps compound.
Filip Ivanković·Founder, New RebellionAboutLinkedIn