Can Data Brokers Sell Your Location? The FTC's Kochava Ban, Explained
By Scott, Clearfront founder
Yes, and for years they have. Data brokers buy the location trail your phone gives off, precise enough to show a visit to a clinic, a place of worship, or a shelter, then sell it on to advertisers and others. In May 2026 the US Federal Trade Commission banned one of the biggest brokers, Kochava, from selling sensitive location data without your explicit consent. It is a real limit on one company, not the end of the market. Here is how the trade works, what the ban changed, and how to cut off the trail yourself.
How do data brokers get your location in the first place?
Most of it comes from ordinary apps. A free game, a weather app, or a coupon app bundles advertising code that reads your location, and that data flows into ad auctions and on to brokers who aggregate it against your device's advertising ID. You agreed to it, technically, in a permission prompt you probably do not remember.
- -Advertising code inside free apps that requests location access
- -The real-time ad auction, where your location is shared with bidders
- -Your mobile advertising ID, which ties separate sightings into one trail
- -Brokers who buy, merge, and resell those trails at scale
What did the FTC's Kochava ban actually do?
On 4 May 2026 the FTC announced an order barring Kochava and its subsidiary Collective Data Solutions from selling, sharing, or disclosing sensitive location data unless the person gives affirmative express consent, and even then only to provide a service they directly asked for. The FTC said Kochava had sold precise location data from hundreds of millions of devices.
The order treats location near sensitive places as off limits without real consent, including:
- -Health facilities, including mental health, addiction recovery, and reproductive clinics
- -Places of worship
- -Domestic abuse and homeless shelters
Kochava is not the first. In 2024 the FTC banned InMarket, Outlogic (formerly X-Mode Social), Gravy Analytics, and Mobilewalla from selling Americans' location data, so this is a pattern of enforcement rather than a one-off.
What the ban does not do
Be clear-eyed about the limits. It binds one broker and its subsidiary, not the whole industry. It is not retroactive, so data already sold is still out there. Plenty of other brokers and ad networks keep trading location, and outside the US your protection depends on your own country's law. The ban is a win, not a fix, which is why the practical steps below still matter.
How to stop your phone leaking your location
- 1.Go through app permissions and set location to Never or While Using for anything that does not need it. A flashlight does not need your location.
- 2.Turn off precise location for apps that only need a rough area.
- 3.Reset and limit your advertising ID: on iOS turn off tracking with App Tracking Transparency, on Android delete the advertising ID.
- 4.Check which apps hold background location and revoke it unless you rely on it.
- 5.Prefer paid or open-source apps for the tools you use constantly, since a free version often pays for itself with your data.
Locking down your location closes one channel. The rest of your exposure, the accounts, breaches, and records tied to your name, is worth seeing in full. Clearfront scans all of it in one sweep on your own machine and shows you what is public. Install Clearfront free to check your own footprint, or download the free removal guide for a step-by-step scrub.
Frequently asked questions
- Is it legal for apps to sell my location data?
- In much of the US it has been legal with weak consent, which is why the FTC has used its consumer-protection powers against specific brokers. Selling sensitive location data now requires affirmative express consent for Kochava, and laws like GDPR set a higher bar elsewhere.
- Does the FTC ban stop all location data sales?
- No. It applies to Kochava and its subsidiary, not the whole industry, and it is not retroactive. Other brokers still operate, so you should still lock down app permissions and your advertising ID.
- How do I stop my phone sharing location with brokers?
- Restrict location permissions per app, turn off precise location where a rough area will do, and reset or delete your advertising ID. Favour paid or open-source apps for the ones you use most.
Sources and further reading
I believe your personal data is yours to own and protect. I built Clearfront, a free, open-source tool for scanning and scrubbing your own digital footprint from public data, and I write here about OSINT, breach exposure, and personal privacy.
Scott
Clearfront founder
Related posts
- How to Find Out Which Data Brokers Have Your Information (and Remove It)
Data brokers sell your address, age, and relatives to anyone. Here is how to find which ones list you, opt out of the ones that matter, and use new laws that help.
- What Google Knows About You (and How to See and Delete It)
Google records what you search, watch, and where you go, and gives you the tools to see, delete, and stop most of it. Here is exactly where to look and what to switch off.
- Reverse Phone Lookup: What Your Phone Number Reveals About You
Your phone number links more of your accounts than you think. Here is what a reverse phone lookup reveals, how to check if your number leaked, and how to cut the exposure.