The Federal Trade Commission (FTC)’s heightened interest in Protecting your Privacy fron Data Brokers.
The FTC has pursued Two Eenforcement Actions since 2020. Most recently, it filed a Lawsuit against Data Broker Kochava, in August 2022, in a Federal District Court in Idaho, where the Firm is based, after it Sold Data the FTC said could identify if a Person had been to an Abortion Clinic.
In 2020, the Commission took an Enforcement Action against Period Tracking App, Flo Health. after it allegedly Shared User Health Data with Facebook and Google, after telling Customers it would keep that Data Private. Flo Health settled with the FTC in 2021, while Kochava filed a Preemptive Suit against the FTC, Challenging Enforcement.
Both of those Cases rely on the FTC’s long-established Power to Police Unfair and Deceptive Trade Practices. The FTC is outlining a New Approach to Regulating Data Collection relying on a 2009 Rule.
Chair Lina Khan, has signaled the FTC plans further Rulemaking to Increase its Power over Data-Sharing Online. Since her Senate Confirmation in 2021, Khan has pushed the idea that the way Personal Data is Collected on Websites and on Internet-connected Devices by Marketers and Data Brokers, is itself Unfair and often Deceptive, opening these Practices up to Scrutiny by the FTC.
“The expanding contexts in which users’ personal data is used — from health care and housing to employment and education — mean that what’s at stake with unlawful collection, use, retention, or disclosure is not just one’s subjective preference for privacy, but one’s access to opportunities in our economy and society, as well as core civil liberties and civil rights,” Khan wrote last August, following the FTC’s Release of an Advanced Notice of proposed Rulemaking asking for Public Input on whether the FTC should write New Rules governing Commercial Surveillance and Data Security.
The 2009 Economic Stimulus Law, directed the FTC to create a Rule in Collaboration with the Department of Health and Human Services (HHS) to Protect Health Data Not governed by HHS or Health Insurance Portability and Accountability Act (HIPAA), which sets Privacy Rules for Medical Providers. The resulting Data Bbreach Rule states that any Entity Not covered by HIPAA, that collects Personally identifiable Health Information, must tell Consumers when there’s been a Breach of their Data or Face Action from the FTC. Since then, the FTC has Never Enforced it.
However, in the last 18 months the FTC has issued Three Statements, indicating that it is broadening its Interpretation of the Rule’s scope beyond companies’ Cybersecurity Practices to their Marketing and Advertising Strategies.
In September 2021, the FTC published a Policy Statement clarifying that Mobile Apps and other Connected Devices, like wearables, could be considered Health Care Providers, under the Rule, since they offer Health Care Services. Subsequently, the Commission released further Guidance, saying the Rule applies to Fitness Trackers, Mobile Apps, connected Health Devices, and any other Collector of Health Data, and explained what they should do to Comply.
That not only implicates companies selling Health Services and Tools like Telehealth Providers, Diet Apps, Pharmacies, or Purveyors of Bluetooth-connected Blood Pressure cuffs, but also Third Parties like Google and Facebook.
In a Statement, Google said it already “prohibits personalized advertising based on sensitive data like health conditions or prescription medications. We also have strict policies that advertisers and developers must comply with regarding personally identifiable information being shared with us.”
NYC Wins When Everyone Can Vote! Michael H. Drucker
No comments:
Post a Comment