FTC expectations (IAPP articles from 2014)

“How Do Industry Standards for Data Security Match Up with the FTC’s Implied “Reasonable” Standards—And What Might This Mean for Liability Avoidance?”

https://iapp.org/news/a/how-do-industry-standards-for-data-security-match-up-with-the-ftcs-implied-reasonable-standards-and-what-might-this-mean-for-liability-avoidance/

“Study: What FTC Enforcement Actions Teach Us About the Features of Reasonable Privacy and Data Security Practices”

https://iapp.org/news/a/study-what-ftc-enforcement-actions-teach-us-about-the-features-of-reasonable-privacy-and-data-security-practices/

FTC Finalizes Order with Flo Health, a Fertility-Tracking App that Shared Sensitive Health Data with Facebook, Google, and Others

https://www.ftc.gov/news-events/press-releases/2021/06/ftc-finalizes-order-flo-health-fertility-tracking-app-shared

The Federal Trade Commission finalized a settlement that will require Flo Health Inc. to obtain the affirmative consent of users of the company’s fertility-tracking app before sharing their personal health information with others and to obtain an independent review of their privacy practices.

In a complaint first announced in January, the FTC alleges that despite promising to keep users’ health data private, Flo shared sensitive health data from millions of users of its Flo Period & Ovulation Tracker app with marketing and analytics firms, including Facebook and Google.

As part of the settlement, Flo Health must notify affected users about the disclosure of their health information and instruct any third party that received users’ health information to destroy that data. Flo also is prohibited from misrepresenting:

  • the purposes for which it (or entities to whom it discloses data) collect, maintain, use, or disclose the data;
  • how much consumers can control these data uses;
  • its compliance with any privacy, security, or compliance program; and
  • how it collects, maintains, uses, discloses, deletes, or protects users’ personal information.