Consumer Alert
Pregnancy app Premom shared users’ sensitive information
By
Amy Hebert
Consumer Education Specialist
Image
If you’re trying to become pregnant, you might be looking for an easy way to track your fertility and ovulation. But you probably aren’t looking for that information to get shared without your permission. Unfortunately, that’s what happened to users of pregnancy app Premom Ovulation Tracker.
Premom, a free app, marketed itself as an accurate fertility calendar, among other things. Users could log their periods and upload pictures of ovulation test strips so Premom could analyze and predict the next ovulation cycle. And users could import health data from other devices or apps, like the Apple Health app or Bluetooth thermometers.
But, according to the FTC, Premom shared users’ information with other companies, including Google and China-based marketing and analytics firms — all without telling users, getting their permission, or limiting what companies could do with the information. This led to FTC charges that Premom illegally shared users’ sensitive information like their health information, location, and device identifiers, which could be used to personally identify them.
The FTC just announced that Easy Healthcare, the company behind Premom, has agreed to settle those charges. Among other things, the company has agreed to limit how it shares users’ information, and to tell users how their personal information will be used.
To protect your privacy when you use an app:
- Opt out of targeted ads, if possible. If you choose to opt out, do it on every device and browser you use. Besides in-app tools, the Digital Advertising Alliance and the Network Advertising Initiative have free opt-out tools.
- Check if you can customize your privacy settings. If the app doesn’t need the info it collects, especially your location, turn it off. If the app does need it, consider limiting access to only when the app is in use.
- Find out if you have the right to tell the company to delete your data. Some state laws give you that right. Learn more at the U.S. State Privacy Legislation Tracker from the International Association of Privacy Professionals.
Learn how to protect your privacy online and on apps at ftc.gov/yourprivacy.Leave a comment
_________________________________________________________________
Business Blog
FTC says Premom shared users’ highly sensitive reproductive health data: Can it get more personal than that?
By
Lesley Fair
Intimate facts about ovulation, fertility, and other sexual and reproductive health issues are about as personal as personal information can get. The FTC alleges that Easy Healthcare Corporation – the company behind the Premom Ovulation Tracker app – broke its privacy promises by disclosing users’ sensitive health data to Google and AppsFlyer and by sharing other personal information with two firms in China. The complaint, which alleges that Easy Healthcare violated the FTC Act and the Health Breach Notification Rule, is the latest action against a company for recklessly handling consumers’ sensitive information.
Defendant Easy Healthcare developed and distributed the Premom app, which allowed users to upload information about their menstrual cycles, reproductive health conditions, and other fertility-related data. The company also sold ovulation test strips that users could photograph and upload in an effort to predict when they would ovulate. Based on the company’s description that it was “the only fertility tracker and ovulation app that offers a pregnancy guarantee to help women who are trying to conceive (TTC) make their baby dreams come true,” hundreds of thousands of users downloaded the Premom app.
The defendant also encouraged users to connect Premom to third-party apps or products so Premom could import even more health information. As a result, Premom collected extensive sensitive data from consumers – for example, dates of their menstrual cycles, hormone test results, and even when their pregnancies started and ended.
According to the complaint, the defendant made multiple privacy assurances to consumers. For example, in a July 7, 2020, privacy policy, the defendant pledged:
WE PROMISE WE WILL NEVER SHARE YOUR EXACT AGE OR ANY DATA RELATED TO YOUR HEALTH WITH ANY THIRD PARTIES WITHOUT YOUR CONSENT OR KNOWLEDGE.
(Just to be clear, the all-caps format was Easy Healthcare’s choice, not ours.) A 2021 privacy policy said this: “Premom uses AppsFlyer, a mobile marketing platform based in the United States, to handle non-health Personal Data” and that “third party services do not have access to your health information through the Services unless you share that information directly with them.” Would people share all that highly sensitive information if they knew defendant’s privacy assurances were false? We don’t think so.
So that’s what the defendant promised, but the FTC says Easy Healthcare violated its own privacy representations. According to the lawsuit, the company built into the Premom app software development kits – SDKs – from third-party marketing and analytics firms without considering the stark discrepancy between the privacy promises the defendant made to users and how the SDKs in the app were operating behind the scenes to share users’ personal information. You’ll want to read the complaint for details, but the FTC says the company broke its promises by using SDKs in a way that shared that sensitive data with third parties.
Think of it from the consumer’s perspective. This was information so personal that some people may not have shared it with those closest to them – and yet the defendant turns around and hands it to Google and AppsFlyer? Really?
The FTC says the defendant’s betrayal of its privacy pledges didn’t end there. According to the complaint, Easy Healthcare also integrated SDKs from Umeng, a Chinese mobile app analytics provider owned by Alibaba, and Jiguang, a Chinese mobile developer and analytics provider. Through their SDKs, the Premom app turned over other sensitive data to those companies – for example, users’ social media account information and their precise geolocation. According to the complaint, Easy Healthcare did that despite telling consumers between 2017 and 2020 that it collected “nonidentifiable information for purposes of tracking analytics of the usage of [its] application.” Through Easy Healthcare’s use of third-party services, the FTC says that data can be traced back to a real person – rendering the defendant’s “nonidentifiable information” claim flat-out false.
The proposed settlement imposes an outright ban on the defendant’s sharing of users’ personal health data with third parties for advertising purposes. If the company wants to share health data for any other purpose, it must get users’ express consent. In addition to a $100,000 civil penalty for violating the Health Breach Notification Rule, the order requires – among other things – that the defendant seek the deletion of data it shared with third parties, contact users directly to tell them about the FTC’s allegations, and implement a comprehensive privacy and data security program subject to independent compliance assessment. As part of a related action, Easy Healthcare also has agreed to pay a total of $100,000 to Connecticut, the District of Columbia, and Oregon for violating their respective state laws.
The proposed settlement sends some strong signals to anyone in the information ecosystem.
The FTC couldn’t be more serious about protecting consumers’ privacy. Have you noticed an enforcement uptick against companies that violate consumers’ privacy through unfair or deceptive conduct? Good. That’s a message the FTC intends to send to app developers, the advertising technology industry, and anyone that attempts to exploit consumers’ privacy for profit.
Undertake a Health Breach Notification Rule refresher. This is the FTC’s second case in just a few months alleging a violation of the Health Breach Notification Rule. The Rule requires covered companies to notify users, the FTC, and in some cases the media, whenever there is the unauthorized acquisition of unsecured individually identifiable health information. Read Complying with FTC’s Health Breach Notification Rule to see how your company’s practices measure up.
Set the standard for non-resettable device identifiers. This is the FTC’s first case specifically alleging that non-resettable device identifiers (like International Mobile Equipment Identity numbers) are identifiable information, and therefore highly sensitive in nature. Premom’s collection and sharing of these and other mobile device identifiers allowed third parties to circumvent operating systems’ privacy controls, track individuals, infer the identity of individual users, and ultimately associate that user with a fertility app.
Consider the implications of lax data security. The complaint lists a number of ways in which Easy Healthcare didn’t employ reasonable privacy and data security measures, including its failure to assess the risks of third-party SDKs it incorporated into Premom. One particular concern in this case: that consumers are injured when their sensitive information is sent together with a decryption key to third parties, subjecting the data to potential interception.
Tags:
____________________________________________________
Consumer Alert
Refunds for Fashion Nova customers
By
Bridget Small
Consumer Education Specialist, FTC
Image
If you shopped at FashionNova.com before November 2019, you probably saw lots of products with no less than four- or five-star ratings. That’s because the company blocked negative ratings and customer reviews from showing up on the site for several years, according to an FTC complaint. Now, some customers who bought things at FashionNova.com because of those high ratings can file claims to get money back. How much will each customer get back? That mostly depends on how many people file claims.
You’re eligible to file a claim if all four of these things are true:
- You bought things from FashionNova.com before November 21, 2019.
- Your decision to buy was influenced by the site’s customer reviews and ratings.
- You weren’t satisfied with what you bought.
- You never got a refund for those things.
The deadline to file a claim is August 15, 2023.
File a claim online at ftc.gov/FashionNova. If you have questions, call the claims administrator at 855-678-0018 or send email to info@FashionNovaClaims.com.
_________________________________________________________
For Release
FTC Announces Refund Claims Process for Fashion Nova Customers Affected by Deceptive Review Practices
Fashion Nova paid $4.2 million to settle FTC charges that the company blocked negative reviews about its products
Tags:
- Consumer Protection
- Bureau of Consumer Protection
- Shopping
- consumer refunds
- Clothing and Textiles
- Advertising and Marketing
- Endorsements, Influencers, and Reviews
The Federal Trade Commission has launched a refund claims process for consumers who bought products from Fashion Nova, an online fashion retailer that blocked negative reviews from being posted on its website, according to an FTC action announced in January 2022.
The FTC announced in January 2022 that Fashion Nova agreed to pay $4.2 million to settle charges that the company misled consumers by representing that the reviews on its website reflected the views of all customers who submitted reviews, when in fact it suppressed reviews with ratings lower than four stars out of five. The FTC is using the money paid by Fashion Nova to provide payments to customers affected by Fashion Nova’s conduct.
Fashion Nova customers can apply for a payment from this settlement if they meet all the following criteria:
- they bought products from FashionNova.com before November 21, 2019;
- their purchase decisions were influenced by customer reviews and ratings;
- they were not satisfied with the products; and
- they have not already received a refund for the products.
The claims period will be open until August 15, 2023. Consumers can apply online at www.ftc.gov/FashionNova. Consumers who have questions about the process can call the claims administrator at 855-678-0018 or email info@FashionNovaClaims.com. The FTC will review and validate claims. Payment amounts will depend on several factors, including how many people file claims.
The Federal Trade Commission works to promote competition and protect and educate consumers. Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov. Follow the FTC on social media, read consumer alerts and the business blog, and sign up to get the latest FTC news and alerts.
Press Release Reference
FTC Finalizes Order with Fashion Nova Over Allegations It Blocked Negative Reviews
Contact Information
Contact for Consumers
Claims Administrator
Media Contact
Office of Public Affairs
____________________________________________________
For Release
FTC to Host Workshop Examining Issues Related to Proposed Changes to the Funeral Rule
Tags:
The Federal Trade Commission will hold a public workshop on September 7, 2023 seeking input on proposed changes to the Funeral Rule.
The Commission issued an Advance Notice of Proposed Rule Making on November 2, 2022. The workshop will explore many of the issues raised in the notice, including whether and how funeral providers should be required to display or distribute their price information online or through electronic means.
The workshop may cover topics such as:
- online or electronic disclosures of price information;
- new forms of disposition of human remains;
- the general price list mandated by the rule;
- the disclosures required by the rule, including the embalming disclosure;
- whether third-party crematory fees and other third-party fees should be disclosed in the general price list; and
- whether funeral providers should be required or permitted to give out general price lists in languages other than English in certain circumstances.
A detailed agenda will be published at a later date, in advance of the scheduled workshop.
The public can submit a comment on these topics until October 10, 2023. Instructions for filing comments will appear in a notice that will be published in the Federal Register soon. Those interested in participating as a panelist at the workshop can email the FTC at funeralrule@ftc.gov by June 19, 2023. If a proposed panelist or commenter is affiliated with an entity that has provided funding for research, analysis, or commentary on relevant topics, please identify such funding and its source in your comment or in your request for consideration as a speaker.
The Commission voted 3-0 to submit the notice regarding the workshop to the Federal Register.
The workshop, which is free and open to the public, will take place at the Constitution Center, 400 7th Street SW, Washington, D.C., 20024, and will be webcast live on the FTC’s website. The agenda, directions to the Constitution Center building, and a list of speakers will be available in the future on the event webpage.
The Federal Trade Commission works to promote competition and protect and educate consumers. Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov. Follow the FTC on social media, read consumer alerts and the business blog, and sign up to get the latest FTC news and alerts.
Contact Information
Media Contact
Office of Public Affairs
____________________________________________________
Consumer Alert
Scam proof the young people in your life
By
Jim Kreidler
Consumer Education Specialist
Image
Think the techy young people in your life are too techy to be scammed? Think again. According to data from the FTC, people in their twenties reported losing money to fraud at a higher rate than people in their seventies. So, if you count yourself an older adult, let’s use your accumulated knowledge this Older American’s Month. Reach out to the young people in your life to help them better spot and avoid scams. But where to start?
The top scams young people reported include impersonator scams (think somebody pretending to be Amazon), job scams (think “amazing” offers to work from home) and investment scams (think cryptocurrency). Start by reminding them that scams take different twists and turns, but, nearly always, a scammer pretends to be someone you trust to trick you into sending money or personal information. Ask if they’ve seen something like these examples on social media, gaming sites, messaging apps, or somewhere else. And remind them: these are scams.
As you talk, here’s some other advice to share:
Don’t respond to unsolicited offers. If you get an out-of-the-blue call, text, or e-mail that seems to come from an online retailer, your bank, credit card, or a payment app, they’re likely phishing scams. Don’t click links. Don’t respond. Hit block and delete.
Never pay someone who promises a job. No honest employer will ever make you pay for a job. They also won’t send you a check and then tell you to buy supplies, pay for training, or something else — and send back whatever money is left. Those are scams.
Don’t believe promises of guaranteed returns or income. There’s no such thing as an investment with little to no risk: not in cryptocurrency or any other investment. But if someone tells you that, you know they’re a scammer.
Finally, if the young people in your life, or you, spot a scam, report it at ReportFraud.ftc.gov.
______________________________________________________
For Release
FTC Sends More than $3.3 Million to Consumers Harmed by Passport Auto’s Illegal Junk Fees and Discriminatory Practices
Tags:
- Consumer Protection
- Bureau of Consumer Protection
- Cars
- Credit & Loan Offers
- deceptive/misleading conduct
- consumer refunds
- Automobiles
- Credit and Finance
- Credit and Loans
The Federal Trade Commission is sending payments totaling more than $3.3 million to customers of Passport Auto, a Washington D.C.-area auto dealer. In October 2022, the FTC charged Passport with adding hundreds, or even thousands, of dollars in illegal junk fees to car prices and for discriminating against Black and Latino consumers by charging them higher fees and financing costs.
The FTC is sending checks to more than 18,000 consumers. Recipients should cash their checks within 90 days, as indicated on the check. Consumers who have questions about their payment should contact the refund administrator, Epiq, at 877-701-3692, or visit the FTC website to view frequently asked questions about the refund process. The Commission never requires people to pay money or provide account information to get a refund.
The FTC’s suit against Passport Auto, its president, Everett Hellmuth, and its vice president, Jay Klein, charged that the defendants’ junk fees caused consumers to pay more than the advertised price or lose any discounts they had negotiated.
The Commission’s interactive dashboards for refund data provide a state-by-state breakdown of refunds in FTC cases. In 2022, Commission actions led to more than $392 million in refunds to consumers across the country.
The Federal Trade Commission works to promote competition and protect and educate consumers. Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov. Follow the FTC on social media, read consumer alerts and the business blog, and sign up to get the latest FTC news and alerts.
Press Release Reference
Contact Information
Contact for Consumers
Epiq
Refund Administrator
Media Contact
Office of Public Affairs
____________________________________________________
