The Federal Commerce Fee has slapped prescription drug low cost app GoodRx with a $1.5 million positive for the unauthorized disclosure of consumers’ identifiable well being data with third events, comparable to Fb and Google. That is the primary time the company has taken enforcement motion beneath its Well being Breach Notification Rule, which requires distributors of private well being information to inform prospects if their knowledge has been breached. Whereas the rule has utilized to corporations dealing with well being information since 2009, FTC commissioners voted in favor of increasing it to cowl well being apps in 2021.
Based on the FTC, the California-based telehealth service repeatedly violated the rule by sharing prospects’ private well being data, together with their well being circumstances and the medication they’re taking. Additional, it shared their data with corporations which have third-party promoting platforms like Fb, Google and Criteo regardless of making a promise to prospects that it’s going to by no means achieve this. The FTC says GoodRx additionally monetized its prospects’ data. In 2019, as an illustration, it uploaded the e-mail addresses, telephone numbers and cellular promoting IDs of customers who bought sure drugs to Fb, so it may goal them with health-related adverts.
Along with imposing a $1.5 million positive on GoodRx, the FTC can also be in search of to vary how the corporate handles consumer data. In its proposed court order (PDF) in opposition to the corporate, it listed a number of provisions, together with banning the service from disclosing consumer knowledge for promoting functions. For different functions, it needs to require GoodRx to safe prospects’ consent first earlier than sharing their well being data to 3rd events. The FTC additionally needs GoodRx to get the third events it shared knowledge with to delete its prospects’ data, and it needs the corporate to ascertain a complete privateness program that can shield consumer knowledge.
Samuel Levine, Director of the FTC’s Bureau of Client Safety, mentioned in assertion:
“Digital well being corporations and cellular apps mustn’t money in on shoppers’ extraordinarily delicate and personally identifiable well being data. The FTC is serving discover that it’s going to use all of its authorized authority to guard American shoppers’ delicate knowledge from misuse and unlawful exploitation.”
All merchandise beneficial by Engadget are chosen by our editorial staff, unbiased of our dad or mum firm. A few of our tales embody affiliate hyperlinks. In case you purchase one thing by means of one in every of these hyperlinks, we might earn an affiliate fee. All costs are appropriate on the time of publishing.