Facebook, Inc., In the Matter of
The FTC alleged that Facebook violated its privacy promises to consumers and subsequently violated a 2012 Commission order.
Every year the FTC brings hundreds of cases against individuals and companies for violating consumer protection and competition laws that the agency enforces. These cases can involve fraud, scams, identity theft, false advertising, privacy violations, anti-competitive behavior and more. The Legal Library has detailed information about cases we have brought in federal court or through our internal administrative process, called an adjudicative proceeding.
The FTC alleged that Facebook violated its privacy promises to consumers and subsequently violated a 2012 Commission order.
Rite Aid is prohibited from using facial recognition technology for security or surveillance purposes for five years to settle Federal Trade Commission charges that the retailer failed to implement reasonable procedures and prevent harm to consumers in its use of facial recognition technology in hundreds of stores.
The proposed order requires Rite Aid to implement comprehensive safeguards to prevent these types of harm to consumers when deploying automated systems that use biometric information to track them or flag them as security risks. It also requires Rite Aid to discontinue using any such technology if it cannot control potential risks to consumers. To settle charges it violated a 2010 Commission data security order by failing to adequately oversee its service providers, Rite Aid is also required to implement a robust information security program, which must be overseen by the company’s top executives.
The FTC alleged that Global Tel*Link Corp. and two of its subsidiaries failed to secure sensitive data of hundreds of thousands of users stored in a cloud environment and failed to alert all those affected by the incident.
The FTC will require Avast to pay $16.5 million and prohibit the company from selling or licensing any web browsing data for advertising purposes to settle charges that the company and its subsidiaries sold such information to third parties after promising that its products would protect consumers from online tracking.
Blackbaud, Inc. will be required to delete personal data that it doesn’t need to retain as part of a settlement with the FTC over charges that the company’s lax security allowed a hacker to breach the company’s network and access the personal data of millions of consumers including Social Security and bank account numbers.
The Federal Trade Commission filed a lawsuit against data broker Kochava Inc. for selling geolocation data from hundreds of millions of mobile devices that can be used to trace the movements of individuals to and from sensitive locations. Kochava’s data can reveal people’s visits to reproductive health clinics, places of worship, homeless and domestic violence shelters, and addiction recovery facilities. The FTC alleges that by selling data tracking people, Kochava is enabling others to identify individuals and exposing them to threats of stigma, stalking, discrimination, job loss, and even physical violence. The FTC’s lawsuit seeks to halt Kochava’s sale of sensitive geolocation data and require the company to delete the sensitive geolocation information it has collected.
InMarket Media will be prohibited from selling or licensing any precise location data to settle Federal Trade Commission charges that the company did not fully inform consumers and obtain their consent before collecting and using their location data for advertising and marketing.
The FTC alleged that CafePress failed to implement reasonable security measures to protect sensitive information stored on its network, including plain text Social Security numbers, inadequately encrypted passwords, and answers to password reset questions. The Commission’s proposed order requires the company to bolster its data security and requires its former owner to pay a half million dollars to compensate small businesses.
X-Mode Social and its successor Outlogic will be prohibited from sharing or selling any sensitive location data to settle FTC allegations that the company sold precise location data that could be used to track people’s visits to sensitive locations such as medical and reproductive health clinics, places of religious worship and domestic abuse shelters.
The FTC will require background report providers TruthFinder and Instant Checkmate to pay $5.8 million to settle charges that they deceived consumers about whether consumers had criminal records and that the companies violated the Fair Credit Reporting Act (FCRA) by operating as consumer reporting agencies.
The FTC reached a settlement with 1Health.io over allegations that it left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted and changed its privacy policy retroactively without adequately notifying and obtaining consent from consumers whose data the company had already collected.
The FTC obtained an order against education technology provider Edmodo for collecting personal data from children without obtaining their parent’s consent and using that data for advertising, in violation of the Children’s Online Privacy Protection Act Rule (COPPA Rule), and for unlawfully outsourcing its COPPA compliance responsibilities to schools.