Ovulation App Investigated for Third-Party Sharing

a close up of a woman's hands holding a smartphone.

The Federal Trade Commission has proposed a stipulated order against a company that released an ovulation app. This is following allegation about violations of the FTC Act. The app allowed users to input and track personal and health information. However the company failed to have adequate privacy and data security measures in place.

In the company’s privacy policy they promised repeatedly that health information would not be shared with third-parties without the users’ knowledge or consent, any information collected would be non-identifiable, and data collected was only used for the company’s own analytics and advertising.

However, it was shown that the company did share information with third-parties and Google. This counts as a breach of the Health Breach Notification Rule.

FTC Order

The FTC’s proposed order has certain stipulations as well as a monetary penalty. The order has strict rules regarding:

  • Misrepresentation of collection and processing of information in their privacy policy
  • Disclosing information with express consent
    • When trying to obtain consent to share data the notice must contain clear information about what will happen with the data
  • A permanent ban on sharing information to third-parties for marketing purposes without express consent
  • Notifying those involved in any data breach as well as the FTC
  • Obtaining and cooperating with a third-party auditor to conduct an independent review of their ISP
  • Getting written confirmation that any third-parties that received the unauthorized information have deleted it all.

The company has also been told to pay $100,000 and they will be required to annual certify with the FTC that they are compliant with this order.

A blue gradient background which is darker in the bottom right and lighter in all other corners. In the centre is a logo for Value Privacy. It is value privacy written in white, privacy is bold, value is not and there is a yellow fullstop after privacy. Underneath this logo is written "Making Privacy Simple" in yellow

Value Privacy’s experts are on hand to make sure that you and your company aren’t caught out by new or existing privacy laws.

You can find out more about the services we offer or just get in touch with us directly with any questions you have about how privacy laws impact you.

Previous Post

LGPD Annual Report

Next Post
The flag of Texas flying on a windy day against a bright blue sky

Texas is Tenth State to Approve New Privacy Law

Related Posts