U.S. Privacy and Data Protection | Insights | June 2024 (Federal Law)

U.S. Privacy and Data Protection | Insights | June 2024 (Federal Law)

The Federal Trade Commission (FTC) continues to target data privacy and security issues. For example, the FTC has recently taken action against Monument, an alcohol addiction treatment service, for allegedly sharing the personal health data of its users with third-party platforms, such as Meta and Google, without consent.

As alleged by the FTC, Monument offers online support and therapy for alcohol addiction and collects personal information of users, including names, email addresses, birth dates, information about user alcohol consumption, and medical history.

The FTC’s complaint highlights that between 2020 and 2022, there were purported continuous assurances that users’ information would remain “100% confidential” and would not be disclosed without users’ consent. While promising privacy to users, the FTC claims the business contradicted their policies and allegedly shared sensitive user data, such as intimate details about their addiction treatment, for targeted advertising.

Requirements Moving Forward

The FTC alleges Monument's practices violated the 2018 Opioid Addiction Recovery Fraud Prevention Act (OARFPA). As a consequence, the proposed order seeks:

• Payment of $2.5 million civil penalty for violating OARFPA (suspended due to the company's inability to pay);
• A ban on sharing data for advertising unless users give explicit permission;
• Requirements for data deletion and consumer notification; and
• Implementing a robust privacy program.

As a business, it is critical to assess what categories of consumer data are collected and shared with third parties, and what representations are being made to consumers about the use of their data. A robust privacy compliance program can significantly help mitigate the risk of the misuse of consumer data and be used as a framework and defense if an issue arises.

How Can Kronenberger Rosenfeld Help?

Kronenberger Rosenfeld, LLP regularly assists businesses with data privacy and security issues, including proactive compliance and experienced advice if any legal issues arise. If you need assistance for your business, contact our firm using our online case submission form here.