FTC Fines Drug Discount App GoodRx for Sharing User Data to Facebook, Google

Federal Trade Commission (FTC) charges GoodRx with a $1.5 million fine for its unauthorized disclosure of customers' health information with advertisers like Facebook, Google, and other companies.

GoodRx is a telehealth service company and free app that can check drug prices and provide free drug discounts. This is the main reason that drives consumers into logging in their information on the platform.

Health Breach Notification Rule

The Health Breach Notification Rule requires that vendors should notify their consumers if their health records and related entities are being shared with other parties. The rule also takes note of the timing, method, and content of the notification, and if breaches involve 500 or more people, there should already be a notice being shared with the media.

This rule is expected to be followed by all health apps and connected devices that collect consumers' health information. FTC often reiterates in their policy statements the need for businesses to comply on this. Although this rule was created in 2009, FTC commissioners voted in favor of expanding the rule to 2021.

The Violation

According to FTC, the telehealth service violated the rule by repeatedly sharing its users' data including their health conditions and the name of the drug they're taking. It also shared the said information with third-party advertisers like Facebook, Google, and Criteo despite initially taking an oath that it will never do so.

This is a clear breach of contract and monetization of the public's information. One cited case in the report was that in 2019, it shared the email addresses, phone numbers, and mobile advertising IDs of users. The information has been shared on Facebook and the users were targeted by health-related advertisements after.

The violation now demands a $1.5 million fine on the telehealth service's end. Aside from this, FTC also wants to change how the users' data is being collected and managed by the company. In its court order against the business, FTC enumerated specific provisions, including prohibiting the service from sharing consumer data for other purposes like advertising.

The court order also highlighted the need to secure consent from customers first before sharing their information with third-party platforms. Further, FTC also asks GoodRx to get all its previously shared information to third parties and create more appropriate privacy guidelines.

In a statement, the Director of FTC's Bureau of Consumer Protection, Samuel Levine, assured the public on the matter, "FTC is serving notice that it will use all of its legal authority to protect American consumers' sensitive data from misuse and illegal exploitation."

It is not the first time that privacy advocates call out businesses to refrain from sharing the public's confidential information. Recently, FTC also issued a warning to Whatsapp after receiving a report that the company has a data-sharing plan with Facebook.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics