FTC Enforcement In opposition to Sharing Shopper Well being Data Continues

0
201

On March 2, 2023, the Federal Commerce Fee (“FTC”) introduced an enforcement motion towards California-based on-line counseling service BetterHelp, Inc. (“BetterHelp”) for allegedly sharing shoppers’ well being data, together with delicate details about psychological well being challenges, for promoting functions in violation of Part 5 of the FTC Act.

This newest enforcement motion comes only one month after the FTC introduced an enforcement motion towards GoodRx for allegedly violating Part 5 of the FTC Act and the Well being Breach Notification Rule (“HBNR”). The place the GoodRx enforcement motion marked the primary time the FTC enforced the HBNR, the BetterHelp enforcement motion equally units a brand new precedent for the FTC: That is the primary FTC enforcement motion returning funds to shoppers whose well being data was compromised by BetterHelp’s alleged misdeeds. The proposed order (“Proposed Order”) additionally units out intensive necessities to ban BetterHelp from disclosing well being data for promoting and misrepresenting its data sharing practices. The GoodRx and BetterHelp enforcement actions look like half of a bigger effort by the FTC to watch the practices of internet sites, apps, and linked units that seize shopper’s delicate well being data.

The Criticism

In response to the Criticism, BetterHelp presents on-line counseling companies by matching customers with BetterHelp therapists and facilitating counseling through BetterHelp’s varied web sites and apps. BetterHelp additionally presents specialised variations of its counseling companies for folks of the Christian religion, members of the LGBTQ neighborhood, and youngsters. To join BetterHelp’s companies, shoppers should fill out a questionnaire that asks delicate psychological well being questions, equivalent to whether or not they have skilled melancholy or suicidal ideas, have beforehand been in counseling, or take any medicines. Shoppers additionally present their identify, electronic mail deal with, delivery date, and different private data. In its press launch on the enforcement motion, FTC suggests that customers are “pushed’ to offer this data by “repeatedly exhibiting them privateness misrepresentations and nudging them with unavoidable prompts to join its counseling service.” Shoppers are then matched with a BetterHelp counselor and pay between $60 and $90 per week for counseling.

The Criticism alleges that in recognition of the quantity of delicate well being data shoppers present, BetterHelp “repeatedly promised” to maintain this data “personal and use it just for non-advertising functions equivalent to to facilitate shoppers’ remedy.” Nevertheless, over a interval of seven years from 2013 by way of 2020, BetterHelp purportedly “frequently broke these privateness guarantees, monetizing shoppers’ well being data to focus on them and others with commercials” for BetterHelp’s companies. For instance, BetterHelp allegedly shared its customers’ electronic mail addresses and the actual fact they had been in counseling with Fb, which in flip recognized comparable shoppers and focused them with BetterHelp commercials. BetterHelp additionally allegedly shared its customers’ data with different third-party promoting platforms, equivalent to Pinterest, Snapchat, and Criteo. These promoting efforts reportedly introduced in “tens of hundreds of latest paying customers, and tens of millions of {dollars} in income” to BetterHelp. BetterHelp additionally allowed these third-party corporations to make use of BetterHelp customers’ data for their very own analysis and product improvement, additional proof that BetterHelp didn’t contractually restrict how third events may use shoppers’ well being data.

The Criticism additionally alleges that BetterHelp “didn’t make use of affordable measures to safeguard the well being data it collected from shoppers.” BetterHelp is accused of not coaching its workers on how one can correctly shield person data when utilizing it for promoting functions and never overseeing its employees’s use of person data.

The Proposed Order

The Proposed Order imposes a $7.8 million wonderful on BetterHelp, to be paid right into a fund, to refund shoppers who signed up and paid for BetterHelp’s counseling companies between August 1, 2017, and December 31, 2020. The FTC studies that that is the primary enforcement motion looking for to return funds to shoppers whose well being data was compromised. Along with the financial penalty, the Proposed Order prohibits BetterHelp from sharing customers’ “individually identifiable data referring to the previous, current, or future bodily or psychological well being or situation(s)” with third-parties for promoting or re-targeting earlier customers. Additional, the Proposed Order requires BetterHelp to:

  • Acquire customers’ affirmative specific consent earlier than disclosing private data to third-parties for any function;
  • Set up, implement, and keep a complete privateness program that features sturdy safeguards to guard shopper data;
  • Direct third events to delete the patron well being data and different private data that BetterHelp revealed to them; and
  • Restrict how lengthy BetterHelp retains private and well being data in accordance to an information retention schedule. 

Takeaways

Digital well being corporations and different corporations that function web sites, apps, or linked units that seize shopper’s delicate well being data ought to take heed of the FTC’s enforcement actions towards each BetterHelp and GoodRx. As evidenced by the BetterHelp enforcement motion, corporations should safeguard person data and never endeavor to leverage this data for promoting alternatives in violation of guarantees made to shoppers. The BetterHelp enforcement motion additionally underscores the necessity for acceptable person notification mechanisms to acquire person consent earlier than disclosing their data to 3rd events. Additional, corporations ought to recall from the GoodRx enforcement motion that even corporations that aren’t topic to the necessities of the Well being Insurance coverage Portability and Accountability Act may nonetheless be topic to the HBNR. Whereas the FTC didn’t allege violations of the HBNR by BetterHelp, additional enforcement motion may nonetheless be looming.

The BetterHelp enforcement motion is particularly noteworthy as it’s the first time the FTC has endeavored to redress shopper accidents for these whose delicate well being data was inappropriately used and disclosed. That is the FTC’s second “first” within the space of well being data enforcement within the span of only one month, so corporations ought to be looking out for extra to return.

For extra data or recommendation relating to this enforcement motion or information privateness points typically, please contact the skilled(s) listed beneath or your common Crowell & Moring contact.

LEAVE A REPLY

Please enter your comment!
Please enter your name here