|
June 2023
Consumer Protection and Privacy
Hey, Alexa! What are you doing with my data?
See FTC’s latest blog post on AI and privacy, referencing many of the cases discussed below.
The FTC issued a warning that the increasing use of consumers’ biometric information and related technologies, including those powered by machine learning, raises significant consumer privacy and data security concerns and the potential for bias and discrimination. Biometric information refers to data that depict or describe physical, biological, or behavioral traits, characteristics, or measurements of or relating to an identified or identifiable person’s body. In a policy statement, the Commission said the agency is committed to combating unfair or deceptive acts and practices related to the collection and use of consumers’ biometric information and the marketing and use of biometric information technologies.
|
The FTC charged that the developer of the fertility app Premom deceived users by sharing their sensitive personal information with third parties, including two China-based firms, disclosed users’ sensitive health data to AppsFlyer and Google, and failed to notify consumers of these unauthorized disclosures in violation of the Health Breach Notification Rule. As part of a proposed order filed by the Department of Justice on behalf of the FTC, Illinois-based Easy Healthcare Corporation, which operates the Premom app, would be barred from sharing users’ personal health data with third parties for advertising, required to obtain users’ consent before sharing health data for any other purpose, and must tell consumers how their personal data will be used. The proposed order must be approved by the federal court to go into effect. The Premom app, which is free to download and used by hundreds of thousands of people, helps users track ovulation, periods, and other health information, and also sells ovulation test kits.
|
The FTC charged home security camera company Ring with compromising its customers’ privacy by allowing any employee or contractor to access consumers’ private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers’ accounts, cameras, and videos.
Under a proposed order, which must be approved by a federal court before it can go into effect, Ring will be required to delete data products such as data, models, and algorithms derived from videos it unlawfully reviewed. It also will be required to implement a privacy and security program with novel safeguards on human review of videos as well as other stringent security controls, such as multi-factor authentication for both employee and customer accounts. In addition, the proposed order requires Ring to pay $5.8 million, which will be used for consumer refunds.
|
Microsoft will pay $20 million to settle FTC charges that it violated the Children’s Online Privacy Protection Act (COPPA) by collecting personal information from children who signed up to its Xbox gaming system without notifying their parents or obtaining their parents’ consent, and by illegally retaining children’s personal information. As part of a proposed order filed by the Department of Justice on behalf of the FTC, Microsoft will be required to take several steps to bolster privacy protections for child users of its Xbox system. For example, the order will extend COPPA protections to third-party gaming publishers with whom Microsoft shares children’s data. In addition, the order makes clear that avatars generated from a child’s image, and biometric and health information, are covered by the COPPA Rule when collected with other personal data. The order must be approved by a federal court before it can go into effect.
The COPPA Rule requires online services and websites directed to children under 13 to notify parents about the personal information they collect and to obtain verifiable parental consent before collecting and using any personal information collected from children.
|
The FTC has obtained an order against education technology provider Edmodo for collecting personal data from children without obtaining their parent’s consent and using that data for advertising, in violation of the Children’s Online Privacy Protection Act Rule (COPPA Rule), and for unlawfully outsourcing its COPPA compliance responsibilities to schools. Under the proposed order, filed by the Department of Justice on behalf of the FTC, Edmodo, Inc. will be prohibited from requiring students to hand over more personal data than is necessary in order to participate in an online educational activity. This follows a policy statement the FTC issued in May 2022, warning education technology companies about forcing parents and schools to provide personal data about children in order to participate in online education. During the course of the FTC’s investigation, Edmodo suspended operations in the United States. The order, if approved by the court, will bind the company, including protections for children’s data if the company resumes U.S. operations.
Amazon will be required to overhaul its deletion practices and implement stringent privacy safeguards to settle charges the company violated the Children’s Online Privacy Protection Act Rule (COPPA Rule) and deceived parents and users of the Alexa voice assistant service about its data deletion practices. The proposed settlement order also requires Amazon to pay a $25 million civil penalty.
According to a complaint filed by the Department of Justice on behalf of the FTC, Amazon prevented parents from exercising their deletion rights under the COPPA Rule, kept sensitive voice and geolocation data for years, and used it for its own purposes, while putting data at risk of harm from unnecessary access. Under the proposed order, Amazon will be required to delete inactive child accounts and certain voice recordings and geolocation information and will be prohibited from using such data to train its algorithms. The proposed order must be approved by the federal court to go into effect.
|
As a result of a lawsuit filed by the FTC and the Utah Division of Consumer Protection, the principals of a Utah-based real estate investment training company will pay $15 million and be banned from selling money-making opportunities under a court order to which they have agreed. In addition, two of the primary real estate celebrities who endorsed the training have agreed to orders that require them to pay $1.7 million.
According to the complaint filed against Response Marketing Group, LLC and its principals, Response Marketing used false promises to sell consumers a series of expensive real estate investment training programs. The complaint also named two real estate celebrities as defendants – Scott Yancey, who was the star of the home-flipping show Flipping Vegas on A&E, and Dean R. Graziosi, the author of Millionaire Success Habits. Yancey and Graziosi promoted the training programs and were involved in efforts to bury online customer complaints that said Response Marketing failed to deliver on its promises or was a scam.
|
A federal court sided with the FTC, ruling that an individual defendant illegally owned and operated two pyramid schemes—Success By Health (SBH) and VOZ Travel—in violation of the FTC Act and that the defendant violated a previous federal court order barring him from pyramid schemes and from misrepresenting multilevel marketing participants’ income potential. The court ruling imposes a permanent multi-level marketing ban and a $7.3 million judgement.
Competition
The FTC and DOJ Antitrust Division released a summary of a two-day workshop that explored new approaches to enforcement of the antitrust laws in the pharmaceutical industry. The workshop summary provides an overview of panel discussions on market concentration in the pharmaceutical sector, merger remedies, innovation aspects of pharmaceutical mergers, and the intersection between conduct by pharmaceutical companies and merger analysis. The summary also includes an appendix of ideas stemming from the workshop discussions. The workshop served as a culmination of the Multilateral Pharmaceutical Merger Task Force, an effort to rethink competition agency approaches to pharmaceutical merger review formed by then-Acting Chairwoman Rebecca Kelly Slaughter. The Task Force, which launched in March 2021, included staff from the FTC, DOJ, offices of multiple state Attorneys General, Competition Bureau Canada, the European Commission Directorate-General for Competition, and the U.K. Competition and Markets Authority.
|
In response to investigations by FTC staff and international enforcement partners, Boston Scientific Corporation terminated its $230 million purchase agreement for a majority stake in M.I. Tech Co., Ltd., a non-vascular stent manufacturer.
|
Judge Grants FTC Request To Temporarily Block Microsoft/Activision
In December 2022, the FTC launched the process to block Microsoft Corp. from acquiring leading video game developer Activision Blizzard, Inc., alleging that the $69 billion deal would enable Microsoft to suppress competitors to its Xbox gaming consoles and its rapidly growing subscription content and cloud-gaming business. The transaction is being challenged in the FTC’s administrative court, with trial beginning in August. To prevent the parties from closing the transaction before a full trial, the FTC sought an injunction in federal court. On June 13, a U.S. judge granted the FTC’s request to temporarily block Microsoft's acquisition of Activision Blizzard and set a hearing on the request for an injunction for June 22-23, 2023.
As part of its ongoing inquiry into pharmacy benefit managers (PBMs) and their impact on the accessibility and affordability of prescription drugs, the FTC issued compulsory orders to a third group purchasing organization (GPO) that negotiates drug rebates on behalf of other PBMs after earlier issuing compulsory orders to two others. The compulsory orders will require these entities to provide information and records on their business practices. The FTC previously issued compulsory orders to the six largest PBMs in the U.S. healthcare industry. The FTC’s inquiry is aimed at shedding light on several PBM practices, including charging fees and clawbacks to unaffiliated pharmacies; steering patients towards PBM-owned pharmacies; potentially unfair auditing of unaffiliated pharmacies; the use of complicated and opaque pharmacy reimbursement methods; and negotiating rebates and fees with drug manufacturers that may skew the formulary incentives and impact the costs of prescription drugs to payers and patients.
In a comment to North Carolina House Health Committee members, the FTC staff opposed a bill pending before the state legislature attempting to prevent antitrust authorities from challenging the University of North Carolina Health Care System for engaging in anticompetitive mergers and conduct. According to the staff comment, North Carolina Senate Bill 743 would authorize the kinds of acquisitions, market allocation, information sharing, and joint contract negotiations that reduce competition among healthcare providers and lead to patient harm in the form of higher healthcare costs, lower quality, reduced innovation, and reduced access to care, as well as depressed wages for hospital employees.
The FTC has learned that the state of Maine recently enacted legislation repealing the state’s Hospital and Health Care Provider Cooperation Act, which allowed for certain hospital and health care provider agreements that may otherwise violate antitrust laws through the issuance of a Certificate of Public Advantage (COPA). In response, FTC Office of Policy Planning Director Elizabeth Wilkins issued this statement:
“We are heartened to learn that Maine has repealed its Certificate of Public Advantage law, and that the FTC’s COPA policy paper was influential in this outcome. FTC staff has spent significant time and effort studying the effects of COPAs in healthcare markets. We have found that COPAs can be difficult for states to implement and monitor over time, and are often unsuccessful in mitigating merger-related price and quality harms. We welcome the opportunity to work collaboratively with any state legislatures, health departments, or stakeholders who may be considering enacting or repealing COPA laws. Ultimately, we all want what is best for patients and healthcare workers, and the FTC recommends that states minimize the harms that can result from provider consolidation and avoid the use of COPAs that attempt to shield healthcare providers from antitrust liability.”
In Other News
FTC Is Accepting Nominations for the September/October and January/February Classes of Its International Fellows Program
The FTC is now accepting applications from counterpart agencies around the world for its International Fellows Program. Fellows work alongside staff of the Bureaus of Competition, Consumer Protection, and Economics, the Office of Policy Planning, and the Office of International Affairs. Since the program’s inception in 2007, 132 international colleagues from 41 jurisdictions have had an opportunity to work with FTC attorneys, economists, and investigators as International Fellows or Interns, gaining first-hand experience of how the FTC carries out its enforcement and policy work. The FTC is now accepting applications for September/October 2023 and January/February 2024. If you would like to apply or nominate someone from your agency, please email Michael Shore (mshore@ftc.gov) for more information.
|
The FTC is seeking public comments and suggestions on ways it can work more effectively with state attorneys general nationwide to help educate consumers about, and protect them from, potential fraud. The request for public information (RFI) comes at the direction of the FTC Collaboration Act of 2021, which President Biden signed into law last October.
A new analysis from the FTC shows that bogus bank fraud warnings were the most common form of text message scam reported to the agency, and that many of the most common text scams impersonate well-known businesses.
Consumers reported losing $330 million to text message scams in 2022, more than double what was reported in 2021. The analysis looked at a random sample of 1,000 text messages reported to the FTC, finding that fake bank security messages, often supposedly from large banks like Bank of America and Wells Fargo, were the most common type. These texts are designed to create a sense of urgency, often by asking people to verify a large transaction they did not make. Those who respond are connected to a fake bank representative. Reports of texts impersonating banks have increased nearly twentyfold since 2019.
|
The FTC is seeking comment on proposed changes to the Health Breach Notification Rule (HBNR) that include clarifying the rule’s applicability to health apps and other similar technologies. Since the rule’s issuance, health apps and other direct-to-consumer health technologies, such as fitness trackers, have become commonplace. The proposed changes to the rule come as business practices and technological developments increase both the amount of health data collected from consumers, and the incentive for companies to use or disclose that sensitive data for marketing and other purposes.
FTC law enforcement actions resulted in more than $392 million in refunds to consumers in 2022, the agency said in its annual report on refunds. More than 1.9 million consumers benefited from FTC refund payments. The report includes a list of cases in which the agency sent first distribution payments in 2022. For example, the largest first distribution resulted in $149 million sent to consumers allegedly harmed by AdvoCare’s illegal pyramid scheme. More than 90% of the $392 million that the FTC returned to consumers came from cases resolved before the Supreme Court’s 2021 ruling in AMG Capital Management, LLC v. FTC, which stripped the FTC of its ability to recover redress for consumers pursuant to Section 13(b) of the FTC Act. By comparison, in the four years preceding AMG, the FTC returned more than $11 billion to consumers using its Section 13(b) authority.
|
The FTC will hold a public workshop on September 7 seeking input on proposed changes to the Funeral Rule. The Commission issued an Advance Notice of Proposed Rule Making on November 2, 2022. The workshop will explore many of the issues raised in the notice, including whether and how funeral providers should be required to display or distribute their price information online or through electronic means.
The FTC filed a brief arguing that the Children’s Online Privacy Protection Act (COPPA) does not preempt state privacy laws that are consistent with COPPA. The brief was filed in support of a federal appeals court’s ruling in Jones v. Google, a case in which a group of children allege that Google collected data and surreptitiously tracked their online activity in violation of state laws. The FTC had previously alleged that Google and YouTube engaged in similar conduct in violation of COPPA. The companies agreed to pay $170 million as part of a settlement in 2019 with the FTC and the state of New York.
|
