The FTC will go after companies misusing location, health, and other sensitive data

After the overturning of Roe V Wade, many feared that using, having access to, and sharing reproductive and sexual health data—once done freely—would be outlawed with the practice of abortion in many states. To protect such data from falling into the wrong hands,  Congresswoman Sara Jacobs (D-CA) sponsored the “My Body, My Data Act of 2022” bill.

Four days after the bill entered the House of Representatives and the Senate, US President Joe Biden signed an Executive Order Protecting Access to Reproductive Health Care Services, an order aimed at safeguarding healthcare services and protecting patient privacy and access to accurate information, among others.

Following this, the FTC (Federal Trade Commission) has warned tech companies and data brokers about potentially misusing the health data the US government seeks to protect.

The interconnectedness of devices has made life easier for most of us, but it remains a major nightmare for privacy-conscious consumers and organizations.

And while location data (among others) is generated by apps, consumers regularly generate their own sensitive data, too, in the form of apps aiding them in testing their blood sugar, recording their sleep patterns, or capturing their biometric features to access devices. In matters related to personal reproductive health, this could be in the form of apps for tracking periods, monitoring fertility, or managing contraceptive use.

The FTC asserts that a combination of these generated data “creates a new frontier of potential harms to consumers”.

“The misuse of mobile location and health information—including reproductive health data—exposes consumers to significant harm,” said the FTC in a post. “Criminals can use location or health data to facilitate phishing scams or commit identity theft. Stalkers and other criminals can use location or health data to inflict physical and emotional injury.”

The exposure of health information and medical conditions, especially data related to sexual activity or reproductive health, may subject people to discrimination, stigma, mental anguish, or other serious harms.

The FTC renewed its vow to go after companies that use American digital data unfairly or deceptively.

“The Commission is committed to using the full scope of its legal authorities to protect consumers’ privacy. We will vigorously enforce the law if we uncover illegal conduct that exploits Americans’ location, health, or other sensitive data. The FTC’s past enforcement actions provide a roadmap for firms seeking to comply with the law.”

The regulator will closely scrutinize corporate claims that data is “anonymized”, as research has shown that it can be trivial to de-anonymize such data, even when they’re part of a seemingly homogenous data set. The FTC would also be after companies that gather more than what they ask users to consent for or those that retain data indefinitely.

The post The FTC will go after companies misusing location, health, and other sensitive data appeared first on Malwarebytes Labs.

Article Link: The FTC will go after companies misusing location, health, and other sensitive data | Malwarebytes Labs