Earlier this week the US Federal Trade Commission’s Bureau of Consumer Protection released a business alert concerning the handling, illegal use, and sharing of location, health and other sensitive data by businesses. The FTC Alert discusses the marketplace that compiles consumer’s data on health and location, and how that information is retrieved, distributed and exchanged between businesses, and the risks associated with such activities.
The risks pertain to the handling of sensitive personal data concerning reproductive health and apps that track menstruation, fertility and contraceptive use, for example. When such data is combined with location tracking, the information can be used to “reveal a lot about people, including where we work, sleep, socialize, worship, and seek medical treatment,” according to the FTC.
The Alert made it clear that the FTC “is committed to using the full scope of its legal authorities to protect consumers’ privacy” and that it will “vigorously enforce the law if it uncovers “illegal conduct that exploits Americans’ location, health, or other sensitive data.”
The Commission points to its past enforcement actions to provide a “road map for firms seeking to comply with the law.” The Alert also describes three areas of focus that companies should consider for maintaining compliance with the law:
First, the FTC reminds the public that sensitive personal data is protected by numerous federal and state laws that “govern the collection, use, and sharing of sensitive consumer data, including many enforced by the Commission.”
Second, claims that data is “anonymous” or ‘has been “anonymized” are often deceptive, according to the FTC. Here, the FTC cautions consumers about businesses that claim their data is anonymous and should be on guard that these claims can be a deceptive trade practice that violates the FTC Act when untrue.
Finally, the FTC is continuing its crackdown on companies that misuse consumers’ data. Specifically, the FTC “does not tolerate companies that over-collect, indefinitely retain, or misuse consumer data.” As an example, the FTC highlighted a recent enforcement action against the ad exchange OpenX, which recently paid $2 Million (U.S.) “for collecting children’s location data without parental consent.” Another company, Kuro/Weight Watchers recently settled an FTC enforcement action when it agreed to pay a $1.5 million (U.S.) fine for violating the Children’s Online Privacy Protection Act. The settlement also required the company to “delete all illegally collected data, and any work product that algorithms created using that data.”
OGCSolutions can help your company maintain compliance with state or federal privacy and consumer data protection laws and reduce the risk of governmental action against your company.
For more information about the July 11, 2022 FTC Alert or other compliance issues, please contact OGCSolutions’s Marco A. Gonzalez, Jr. at email@example.com.
Write a comment: