FTC Health Data Privacy Crackdown Continues

Klein Moynihan Turco LLP
Contact

Klein Moynihan Turco LLP

On April 11, 2024, Monument, Inc. (“Monument”), settled claims brought by the Federal Trade Commission (“FTC”) alleging that it had committed certain health data privacy law violations. Monument provides online addiction treatment services, offering its clients access to online support groups, community forums, online therapy, and physician access. The Complaint, filed by the United States Department of Justice (“DOJ”) upon notice and referral by the FTC, alleged that Monument violated its customers’ health data privacy rights by disclosing their information to third parties without their knowledge and consent. Monument’s conduct, the FTC alleged, violated various statutes, including Section 5(a) of the FTC Act, 15 U.S.C. § 45(a).

As our readers are aware, the FTC has been actively cracking down on businesses that infringe upon consumer privacy rights. Pursuant to the terms of the settlement, Monument must, among other things, notify consumers of the unauthorized disclosure of their data, implement an extensive data privacy program, and pay a significant civil penalty.

What Were the Alleged Health Data Privacy Violations?

Section 5(a) of the FTC Act, 15 U.S.C. § 45(a), prohibits “unfair or deceptive acts or practices in or affecting commerce.” Misrepresentations or deceptive omissions of material fact constitute “deceptive acts or practices.” According to the FTC, Monument mislead and deceived its customers by guaranteeing the privacy of their health data, and then sharing it with third parties without their knowledge or consent.

During the account creation process, Monument assured its clients that its services were “100% confidential” and “HIPAA compliant” and that Monument would not disclose user confidential data to third parties without their knowledge and consent. Notwithstanding its health data privacy assurances, Monument disclosed sensitive user health information to third-party advertising platforms, including Meta and Google. This health data was gathered through the use of pixel tracking technology on Monument’s website. According to the FTC, this pixel software tracked the healthcare services that consumers utilized, and Monument then disclosed this activity, along with the consumers’ IP addresses, email addresses, first names, and other identifying information to Meta, Google, and other third parties.

According to the Complaint, Monument violated the health data privacy rights of as many as 84,468 consumers. Pursuant to the terms of the settlement agreement, Monument agreed to:

Disclose to its consumers the extent to which it collects and shares sensitive information;

Obtain affirmative express consent from consumers before sharing their health data;

Cease sharing health information for advertising purposes; and

Pay a civil penalty of $2,500,000, which was suspended due to inability to pay.

How does the Monument Case Affect your Business?

This proceeding serves as yet another reminder that businesses that come into possession of sensitive consumer information must carefully protect it, uphold promises to customers, and acquire consent before any third party disclosure. This is only the latest in a long list of FTC efforts to police the data privacy practices of United States businesses.

In light of recent governmental enforcement action, companies should retain attorneys that are experienced in marketing and consumer data privacy law compliance.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Klein Moynihan Turco LLP

Written by:

Klein Moynihan Turco LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Klein Moynihan Turco LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide