In a first-of-its-kind Enforcement action, the Federal Trade Commission (FTC) on Wednesday, said it had reached Agreement with GoodRx, on a Fine and Remedies, after the Prescription Discount site and Telehealth Provider, shared Customers’ Health Data with Facebook, Google,and other Third Parties.
The FTC filed a proposed Order to levy a $1.5 million Fine, and Enforce the Remedies with the Federal Court in the Northern District of California, which still has to Approve the Agreement.
It is the First Enforcement, the FTC has taken against a company for allegedly Violating the FTC’s 2009 Health Breach Notification Rule. If the Court agrees, the Decision could upend the Business Models of Online Businesses that routinely Use or Sell Data to better Target Users with Services and Advertising.
“What they’re doing is sending a warning shot across the digital bow of the online advertising industry saying, ‘Hey, these things are unfair, we’re watching, and you should not be using this health information in the way it’s being used,’” said Jeff Chester, Executive Director of the Center for Digital Democracy, a Washington, D.C.-based Nonprofit that Advocates for Digital Privacy and Consumer Protections online.
The Commission said GoodRx engaged in Unfair and Deceptive Practices by telling its Customers that it complied with a Federal Health Privacy Law, Health Insurance Portability and Accountability Act (HIPAA), that doesn’t apply to it, and by Pledging Not to Share User Data with Third Parties for Advertising Purposes, when it did.
The Commission also said the company Failed to Erect Internal Processes to Protect Consumer Health Data, or to Limit how much Access Third Parties had to that Data.
GoodRx, based in Santa Monica, Calif., has Agreed to Settle, but the company said it does Not admit Wrongdoing, and does Not believe the Requirements detailed in the Order will materially impact its business. “We believe this is a novel application of the Health Breath Notification Rule by the FTC. We used Facebook tracking pixels to advertise in a way that we feel was compliant with regulations and that remains common practice for many websites,” the company said in a Statement.
If the Court Affirms the Settlement, GoodRx will be Prohibited from Disclosing User Health Data to Third Parties for Advertising purposes and will have to get Explicit Consent from its Customers, to Share their Data for any other purposes. The Order also Bans the use of Technology that Manipulates Users.
The FTC also wants to task GoodRx with ensuring that the Third Parties with which it shared Health Data Delete it, and with implementing New Privacy Protections for Users. The Agreement assesses the $1.5 million Civil Penalty for Violating the FTC Act, the Law that gives the Agency the Power to Police “Unfair” and “Deceptive” Trade Practices.
NYC Wins When Everyone Can Vote! Michael H. Drucker
No comments:
Post a Comment