Legal Library: Cases and Proceedings

The Federal Trade Commission filed a lawsuit against data broker Kochava Inc. for selling geolocation data from hundreds of millions of mobile devices that can be used to trace the movements of individuals to and from sensitive locations. Kochava’s data can reveal people’s visits to reproductive health clinics, places of worship, homeless and domestic violence shelters, and addiction recovery facilities. The FTC alleges that by selling data tracking people, Kochava is enabling others to identify individuals and exposing them to threats of stigma, stalking, discrimination, job loss, and even physical violence. The FTC’s lawsuit seeks to halt Kochava’s sale of sensitive geolocation data and require the company to delete the sensitive geolocation information it has collected.

The FTC has taken action against an alcohol addiction treatment service for allegedly disclosing users’ personal health data to third-party advertising platforms, including Meta and Google, for advertising without consumer consent, after promising to keep such information confidential.

The Federal Trade Commission has issued a proposed order to settle charges that online counseling service BetterHelp revealed consumers’ sensitive data with third parties such as Facebook and Snapchat for advertising after promising to keep such data private.

The FTC reached a settlement with 1Health.io over allegations that it left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted and changed its privacy policy retroactively without adequately notifying and obtaining consent from consumers whose data the company had already collected.

The FTC reached a settlement with the developer of the fertility app Premom over allegations it deceived users by sharing their sensitive personal information with third parties, including two China-based firms, disclosed users’ sensitive health data to AppsFlyer and Google, and failed to notify consumers of these unauthorized disclosures in violation of the Health Breach Notification Rule (HBNR).

The Federal Trade Commission has taken enforcement action for the first time under its Health Breach Notification Rule against the telehealth and prescription drug discount provider GoodRx Holdings Inc., for failing to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to Facebook, Google, and other companies.

Flo Health has settled Federal Trade Commission allegations that the company shared health information of its users with outside data analytics providers after promising such information would be kept private.

SkyMed must put in place a comprehensive information security program as part of a settlement with the FTC over allegations the company failed to take reasonable steps to secure sensitive consumer information such as health records.

Rite Aid is prohibited from using facial recognition technology for security or surveillance purposes for five years to settle Federal Trade Commission charges that the retailer failed to implement reasonable procedures and prevent harm to consumers in its use of facial recognition technology in hundreds of stores.

The order requires Rite Aid to implement comprehensive safeguards to prevent these types of harm to consumers when deploying automated systems that use biometric information to track them or flag them as security risks. It also requires Rite Aid to discontinue using any such technology if it cannot control potential risks to consumers. To settle charges it violated a 2010 Commission data security order by failing to adequately oversee its service providers, Rite Aid is also required to implement a robust information security program, which must be overseen by the company’s top executives.