On July 11, 2022, the Federal Trade Commission (FTC) published “Location, Health, and Other Sensitive Information: The FTC is Committed to Full Enforcement of the Law Against the Unlawful Use and Sharing of Highly Sensitive Data,” on its corporate blog. The blog post likely relates to an Executive Order (the “EO”) signed by President Biden following the Supreme Court ruling Dobbs decision. Among other things, the OE ordered the FTC to consider taking steps to protect the privacy of consumers when seeking information about and related to the provision of reproductive health care services.
While this latest drumbeat on this issue comes from the FTC, we expect to see attention to this issue from other regulators, including, perhaps, the Department of Justice as well as Attorneys General States.
While the FTC’s post focuses on location data and reproductive health services, it’s likely there will be a closer look at the collection and use of location data in general. This renewed focus will potentially subject a broad group of participants in the digital ecosystem to heightened scrutiny. The spotlight will likely fall on interactive platforms, application publishers, software development kit (SDK) developers, data brokers and data analytics companies – on practices around collecting, sharing and analyzing data. perceived misuse of data in general.
The FTC’s blog post briefly explains the “opaque” world surrounding the collection of mobile location data (which the FTC says is often done without consumers’ knowledge) and the subsequent sharing and sale of information to consumers. data aggregators and brokers who then sell access to the data. or data analytics products to marketers, researchers, or other businesses seeking insights from alternative data sources. The message says the misuse of mobile location and health information, including reproductive health data, “exposes consumers to significant harm.” As such, the FTC announced that it will “vigorously enforce the law if we discover unlawful conduct that exploits Americans’ location, health, or other sensitive data.” More concrete legal requirements covering the collection and use of mobile location data could come with the passage of a bipartisan federal privacy bill, but passage of that bill remains uncertain. .
The FTC’s blog post ends with some advice on what companies should consider when collecting or using sensitive consumer information, including location and health data:
- Sensitive data is protected by various federal and state laws. These laws include the FTC Act which regulates unfair and deceptive marketing practices, the Children’s Online Privacy Protection Act (COPPA) and various state data privacy laws.
- Examine the claims that the data “has been anonymized”. The FTC says companies making misleading claims about anonymization in this area may violate FTC law, “particularly in the context of location data.”
- Agency to take enforcement action for misuse of consumer data. The post outlines several recent enforcement actions regarding the misuse of sensitive consumer data, including location data.
The FTC’s blog post is just the latest in a growing focus on data collection from mobile devices. As we’ve written before, the issue of location data has already captured the attention of Congress, and it wouldn’t be surprising to see some state legislatures — a number of which have already passed or considered comprehensive privacy laws. data privacy – addressing the issue . Companies that collect or use mobile location data should pay close attention to developments in this area.