June 26, 2024

U.S. Privacy and Data Protection | Insights | June 2024 (Federal Law)

Portrait Kelly Mulcahy
By Kelly Mulcahy

Senior Associate

U.S. Privacy and Data Protection | Insights | June 2024 (Federal Law)

The Federal Trade Commission (FTC) continues to target data privacy and security issues. For example, the FTC has recently taken action against Monument, an alcohol addiction treatment service, for allegedly sharing the personal health data of its users with third-party platforms, such as Meta and Google, without consent.

As alleged by the FTC, Monument offers online support and therapy for alcohol addiction and collects personal information of users, including names, email addresses, birth dates, information about user alcohol consumption, and medical history.

The FTC’s complaint highlights that between 2020 and 2022, there were purported continuous assurances that users’ information would remain “100% confidential” and would not be disclosed without users’ consent. While promising privacy to users, the FTC claims the business contradicted their policies and allegedly shared sensitive user data, such as intimate details about their addiction treatment, for targeted advertising.

Requirements Moving Forward

The FTC alleges Monument's practices violated the 2018 Opioid Addiction Recovery Fraud Prevention Act (OARFPA). As a consequence, the proposed order seeks:

  • Payment of $2.5 million civil penalty for violating OARFPA (suspended due to the company's inability to pay);
  • A ban on sharing data for advertising unless users give explicit permission;
  • Requirements for data deletion and consumer notification; and
  • Implementing a robust privacy program.

As a business, it is critical to assess what categories of consumer data are collected and shared with third parties, and what representations are being made to consumers about the use of their data. A robust privacy compliance program can significantly help mitigate the risk of the misuse of consumer data and be used as a framework and defense if an issue arises.

How Can Kronenberger Rosenfeld Help?

Kronenberger Rosenfeld, LLP regularly assists businesses with data privacy and security issues, including proactive compliance and experienced advice if any legal issues arise. If you need assistance for your business, contact our firm using our online case submission form here.

This entry was posted on Wednesday, June 26, 2024 and is filed under Privacy and Data Protection Updates, Internet Law News.



Related articles

Privacy & Cybersecurity

CCPA Opt-out Buttons as Options for CCPA Compliance

The proverbial dust from the implementation of the California Consumer Protection Act (“CCPA”) has settled. And at this point, most businesses are aware that under the CCPA, California residents have...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

The Federal Trade Commission ("FTC") has continued to be active in the realm of data privacy and security. As an initial matter, it is important to acknowledge that data is...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

On March 15, 2024, the California Privacy Protection Agency released its 2024-2027 Strategic Plan, which outline the privacy agency’s values and objectives in California. Background The passing of the California...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

U.S. Privacy and Data Protection | Insights | June 2024 (Federal Law) The Federal Trade Commission (FTC) continues to target data privacy and security issues. For example, the FTC has...

Read Article
Get the help you need.

We offer legal advice on a wide range of online topics

Get legal help now

Not seeing what you’re looking for?

Submit your case in 3 minutes and get legal help fast.

Submit your case online

OR

Give us a call
Join our mailing list

Stay ahead of legal matters

The internet moves fast. We'll keep you informed.