FTC Archives - IPOsgoode /osgoode/iposgoode/tag/ftc/ An Authoritive Leader in IP Wed, 22 Mar 2023 16:00:00 +0000 en-CA hourly 1 https://wordpress.org/?v=6.9.4 FTC Punishes BetterHelp for Sharing Mental Health Information with Advertisers /osgoode/iposgoode/2023/03/22/ftc-punishes-betterhelp-for-sharing-mental-health-information-with-advertisers/ Wed, 22 Mar 2023 16:00:00 +0000 https://www.iposgoode.ca/?p=40698 The post FTC Punishes BetterHelp for Sharing Mental Health Information with Advertisers appeared first on IPOsgoode.

]]>

Gregory Hong is an IPilogue Writer and a 1L JD candidate at Osgoode Hall Law School


BetterHelp is a mental health platform that provides online mental health services, “the largest therapy platform in the world. We change the way people approach their mental health and help them tackle life’s challenges by providing accessible and affordable care. With BetterHelp, you can message a professional therapist anytime, anywhere”. reads: “Making professional therapy accessible, affordable, and convenient — so anyone who struggles with life's challenges can get help, anytime and anywhere”. Their primary business is online counseling and therapy provided online through web-based interaction and phone/text communication with professional counselors.

Privacy Misrepresentation

According to the , BetterHelp requires a questionnaire that asks for sensitive mental health information – “such as whether they have experienced depression or suicidal thoughts and are on any medications” – along with personal information. details BetterHelp’s dubious privacy practices, many of which display an egregious lack of concern for privacy interests. The complaint also details the privacy representations made by BetterHelp, some of which have been altered over time. An example of these changes was seen in the intake questionnaire, where a question asking “Are you currently taking any medication?” included a privacy statement that went through a few iterations (emphasis on alteration added in the complaint):

Up to Dec 2020: “Rest assured—any information provided in this questionnaire will stay private between you and your counselor.”

Dec 2020: “Rest assured—this information will stay private between you and your counselor”

Jan 2021: “Rest assured—your health information will stay private between you and your counselor”

Oct 2021: The statement was removed altogether

Revealing Private Information to Advertisers

The FTC release indicates that BetterHelp “did not obtain consumers’ affirmative express consent before disclosing their health data” and “failed to place any limits on how third parties could use consumers’ health information—allowing Facebook and other third parties to use that information for their own internal purposes, including for research and development or to improve advertising”. According to the complaint, BetterHelp used and revealed consumers’ email addresses, IP addresses, and health questionnaire information to Facebook, Snapchat, Criteo, and Pinterest for advertising purposes”, including “identify[ing] similar consumers and target[ing] them with advertisements for BetterHelp’s counseling service.”

The Punishment

The FTC has issued a (a legal document that outlines the terms and conditions for resolving a complaint or an investigation related to unfair or deceptive business practices) requiring that BetterHelp return funds – amounting to $7.8 million – to customers whose health data was compromised.  The proposed order also bans BetterHelp from disclosing health information for advertising, prohibits misrepresenting its sharing practices and requires several changes to company practices regarding health and personal data. BetterHelp writes in that this settlement is “no admission of wrongdoing” and that their “industry-standard practice is routinely used by some of the largest health providers, health systems, and healthcare brands”. The says that this enforcement action is not the first of its kind, as it follows the , and that “the FTC has made it clear of its intent to crack down on the trafficking in sensitive health data by businesses not strictly classified as health care providers and thus not covered by HIPAA, the federal privacy rules that govern the health care industry”. Hopefully, this sets a precedent for more stringent enforcement of good privacy practices, particularly regarding the sale of personal and health information.

The post FTC Punishes BetterHelp for Sharing Mental Health Information with Advertisers appeared first on IPOsgoode.

]]>
Social Media Privacy: Legalities of Personal Data Collection /osgoode/iposgoode/2021/04/05/social-media-privacy-legalities-of-personal-data-collection/ Mon, 05 Apr 2021 16:00:02 +0000 https://www.iposgoode.ca/?p=36922 The post Social Media Privacy: Legalities of Personal Data Collection appeared first on IPOsgoode.

]]>
Social media platforms are connecting friends, family, and colleagues in new ways. With over using social media in 2020, these platforms are all-encompassing. Each of these billions of users produces data in some form — pictures, videos, text, interactions, purchases — all collectively showing their social media usage over the years.

This data contains personal information specific to each user. Without proper protection, social media companies may mishandle, lose, or leak the data to cybercriminals. Social media companies already widely – and legally – mine customer data for profit-boosting details or sell their information to third parties. To increase protection, governments often develop and enforce stricter regulations.

However, not all countries keep up with consumers’ wants and needs. For example, or protection regulations. Companies in China must obtain consent to interact with their users’ data. However, government officials often block access to sites or monitor how residents use them, raising surveillance concerns. Data privacy rules are further complicated as they vary across platforms.

Social Media Privacy Rules

Registration for any social media site initially requires you to accept their terms and conditions. These conditions detail how the platform will use your data, including your interactions and preferences. Even if your account is “private”, to your information.

No matter how you use social media, you should understand two applicable topics: copyright and how your relationship with a company dictates the way its representatives can collect data. Both of them will likely come up regularly as you learn more about social media privacy — or the lack thereof.

First, copyright is critical for creators and observers. A copyrighted work receives protection once the creator distributes it in a fixed format. For example, posting an original image on social media is enough to . Therefore, users can’t post any picture they find online without permission. Attributing the work is not synonymous with asking the creator for approval.

Most images used legally on the internet fall into several categories:

  • Pictures the poster owns and can use how they wish.
  • Rights-managed images, which allow people to purchase photos and use them per a specific license. This includes many items offered through the Creative Commons organization.
  • Royalty-free images, which enable people to use the pictures in unlimited, multiple and nonexclusive ways.
  • Public domain/Creative Commons Zero (CC0) images, which have no restrictions because creators waive their rights under copyright law.

Any original content posted on social media is royalty-free, but social media platforms generally offer users protection against infringement.

Instagram, for instance, provides instructions on on your copyrighted content. This protection means anything you originally create belongs to you, letting you pursue action against any violation of Instagram’s policy. Facebook, the owner of Instagram, has almost identical rules. Twitter may have some exceptions.

It is essential to protect your own data and avoid infringing on others’ original works. However, the second set of rules focuses on your relationship with the platform itself. Historically, data collection has been controversial around the world. Take Facebook, for instance. The big tech company had to clarify after countless scandals emerged. Thus, these instances sparked broader societal discussions about big tech’s growing power and its potential detriment to user privacy.

Personal Data Collection Controversies

Data protection regulation and compliance vary by country. Some territories have federal guidelines in place, like the European Union’s General Data Protection Regulation (GDPR).

The United States has no unifying federal law for cybersecurity compliance. However, the posts its own guidance, alongside each state’s own compliance rules.

Each set of regulations aims to ensure that tech companies protect consumer data and provide users with the correct rights. Unfortunately, despite these laws, data collection controversies continue to arise. Companies find loopholes and use the data in questionable ways. Facebook is notorious for attracting bad press, whether related to misinformation, social justice, or individual rights.

Another example is WhatsApp. After Facebook acquired WhatsApp, the messaging platform updated its conditions to indicate that the platforms would automatically link datasets. Facebook could then use this data for marketing purposes. The EU for violating the law and misleading users.

Facebook again found itself at the center of a data-centric legal case at the end of 2020. This time, the big tech company pursued an action against two smaller companies that it , or taking data from another source for their own use. While Facebook was not the accused, this case again raises the question of big tech’s power and responsibility.

TikTok has also received public and government backlash. After the platform grew exponentially, U.S. officials became wary of due to its Chinese ownership. They were mainly concerned about what TikTok might do with the data it gathered, raising possible national security threats to the United States. However, in September 2020, a deal split TikTok’s ownership between China and the U.S.

Moving forward, countries must re-examine how social media companies use data. Though individuals can take legal action against offending corporations in court, these companies often overpower them, meaning the government must step in. For example, Canada’s Privacy Commissioner can investigate how public and private-sector organizations handle data. They also try to resolve disputes through mediation, negotiation and reconciliation.

Changing Priorities

In the United States, the lack of an overarching federal cybersecurity compliance law has left a legal gap. The California Consumer Privacy Act (CCPA) is a good U.S.-based example that the government should follow. It gives a person the right to access all the information a company has about them or ask that it delete their details. Consumers can also request that companies do not sell their data to third parties or find out which categories of businesses have content about them.

Elsewhere, the GDPR has not effectively maintained these platforms as honest with users about data collection and usage as legislators may have hoped. A 2020 study of central government data protection officers in the United Kingdom found that many of them to deal with the growing number of data protection requests.

Once the GDPR came into effect, internet users were bombarded with cookie preferences windows that let them specify what data companies collected about their internet visit. Many clicked “I accept” without reading the specifics because they were impatient to view the websites in question.

Amidst all the controversies, priorities are changing. People want more security and privacy when using social media services provided by bigger companies. As the U.S. government continues to debate regulations around big tech brands, data collection will continue.

However, data collection can benefits consumers. Social media companies can curate enjoyable, personalized experiences for each user. Issues occur when companies mishandle data or overstep their boundaries. As seen with Facebook, this happens all too frequently.

Since many of the biggest social media companies are U.S.-based, calls for stricter regulation often fall on the United States, in the hopes that consumers will feel more comfortable sharing their data online.

Written by Shannon Flynn, IPilogue Contributor and law technology writer discussing topics such as AI, media, and commercial law.

The post Social Media Privacy: Legalities of Personal Data Collection appeared first on IPOsgoode.

]]>