Well, if this is your company’s situation, you may want to rethink how you are operating in light of recent enforcement action by the FTC on corporate data collection practices.
In the stipulated order, VIZIO was ordered to take all the following actions before collecting any further data from consumers:
- Obtain affirmative express consent from consumers at the time of disclosure and upon any material changes.
- Provide instructions at the time of obtaining consent to how consumers may revoke consent.
The stipulated order then gave specific guidelines on what would constitute “prominent” disclosure
The stipulated order also required the destruction of the previously collected data, the mandated creation of an internal privacy program meeting certain requirements, and third party oversight going forward regarding the privacy controls in place at the company.
Clearly, the FTC intended to send a message to the software industry about the collection of consumer data in the case of this particular enforcement action.
However, the FTC’s recent enforcement activities against software companies did not end with VIZIO. In a separate statement, the FTC announced settlements with three other companies in the industry over allegations that they had made deceptive statements in their privacy policies about their participation in an international privacy program. The companies charged in those cases were, Sentinel Labs, Inc., a software company providing endpoint protection software to enterprise customers; SpyChatter, Inc., a company marketing a private messaging app; and Vir2us, Inc., a distributor of cybersecurity software. The FTC alleged in each complaint that the companies violated the FTC Act by making deceptive statements about their participation in privacy programs. Attached are the complaints against Sentinel Labs, SpyChatter, and Vir2us. In these cases, the proposed settlements merely prohibited the companies from making further misrepresentations about their participation in third party privacy or security programs, but are not final orders and still subject to possible amendment.
If you do not change your privacy practices, you are on notice that you may soon be hearing from the FTC.