The makers of the popular fertility-tracking app Premom, Easy Healthcare, have been accused of repeatedly misleading users by sharing sensitive health data to third-party advertisers without their permission, according to a recent Federal Trade Commission (FTC) complaint. This health data included sexual and reproductive health information, pregnancy status, precise geolocation data, and mobile device identifiers. Several third parties, including marketing firm AppsFlyer and two Chinese advertising firms, received users’ data and used it to target ads. This breach first came to light in 2020 when it was highlighted that the Premom Android app collected and shared user device data with three Chinese advertising companies without user consent.
The FTC order prohibits Easy Healthcare from further sharing personal health data with third parties for advertising purposes. The company has agreed to pay a $100,000 civil penalty for violating the FTC‘s health breach notification rule. Moreover, Easy Healthcare has decided to implement new security and privacy programs and provide regular privacy and security audits to the regulatory authorities.
The FTC complaint highlights the inadequate data encryption practices of Premom that made it vulnerable to interception, thus endangering the private data of millions of users. The proposed settlement filed by the U.S. Justice Department declares the company’s agreement to refrain from sharing personal health data with third parties for advertising, pay $100,000 to the affiliated state attorneys general, and pay another $100,000 civil penalty for violating the FTC‘s Health Breach Notification Rule.
The FTC investigation took place in collaboration with the attorneys general of Connecticut, Washington, D.C., and Oregon. Commenting on the matter, D.C. Attorney General Brian Schwalb stated, “Now more than ever, with reproductive rights under attack across the country, it is essential that the privacy of healthcare decisions is vigorously protected.”
This is not the first time the agency has charged a company with violating the Health Breach Notification Rule. In an earlier case this year, it reached a settlement with telehealth and prescription drug discount corporation GoodRx for failing to disclose that it shared personally identifiable health information with third parties, including Facebook and Google.
The FTC‘s proposed amendments to the Health Breach Notification Rule are scheduled for discussion at a meeting on Thursday. This case once again details the importance of stringent data protection protocols that must be followed in our modern digital age. Thus, it is incumbent on companies to implement robust security mechanisms concerning the handling of sensitive personal data, keeping in mind the corresponding legal and ethical obligations.
<< photo by Claudio Schwarz >>
You might want to read !
- “Lack of Understanding: Mobile Phone Users Unaware of Shared Data Risks”
- “The Smart Divide: Examining Public Perceptions and Mistrust of Smart City Technology”
- “The rise of smart homes: Privacy concerns and the impact on personal data”
- The TL;DR Version of the Twitter Whistleblower Complaint
- Examining the Consequences: Former Uber CISO Avoids Jail Time for 2016 Data Breach
- Why a Delaware Judge Thinks Facebook Should Keep Facing Shareholder Suit on User Data Privacy Breaches
