Online consultancy BetterHelp has agreed to pay $7.8 million to settle the Federal Trade Commission’s suit alleging inappropriate sharing of sensitive customer data with companies like Facebook and Snapchat, even after promising to keep it private. to hold. The proposed injunction, announced by the FTC on Thursday, would ban the same behavior in the future and would require BetterHelp to make some changes to how it handles customer data.
According to the regulator, the company’s sign-up process for the service “promised consumers that it would not use or disclose their personal health data except for limited purposes.” However, the FTC claims that the company instead “used and disclosed consumer email addresses, IP addresses, and health questionnaire information to Facebook, Snapchat, Criteo, and Pinterest for advertising purposes.”
The FTC also says the company provided fake scripts to customer service representatives to try to reassure users that it was not sharing any personally identifiable or personal health information following a February 2020 report from Jezebel exposed some of his practices. The commission’s complaint accuses the company of misleading customers by posting a HIPAA seal on its website, despite the fact that “no government agency or other third party [BetterHelp]’s information practices for HIPAA compliance, let alone determining that the practices met the requirements of HIPAA.
“BetterHelp has betrayed consumers’ most private health information for profit,” said Samuel Levine, director of the FTC’s consumer protection agency, according to the agency’s press release. The commission says that “consumers’ email addresses and the fact that they had previously been in therapy were used to instruct Facebook to identify similar consumers and target them with advertisements,” helping it generate “tens of thousands of new paying users and millions of dollars.” brought in”. in sales.”
If the FTC’s order eventually goes through, the $7.8 million will go to customers who signed up for the service between August 1, 2017, and December 31, 2020. Here are some other things BetterHelp should do:
- Stop sharing individually identifiable consumer mental health information with third parties
- Stop misrepresenting data collection and usage policies
- Warn customers who created an account before January 1, 2021 that their personal information may have been used for advertising
- Obtain “affirmative explicit consent” from a customer before sharing information with a third party
- Contact third parties who have received customer data and request that it be deleted
- Establish a “comprehensive privacy program” and have an independent third party conduct privacy reviews
The requirements would largely be in place for the next 20 years. The FTC says the agreement will go through a 30-day public comment period before making a final decision on its implementation. It’s worth noting, however, that the proposal passed the committee by a 4-to-0 vote, so it appears to have quite a bit of support.
By agreeing to the order, BetterHelp does not acknowledge or deny many of the allegations the FTC has brought against it. In a statement on its website, the company calls its practices “industry standard,” but says, “we understand the FTC’s desire to set new precedents around consumer marketing, and we are happy to settle this matter with the agency.” It also clarifies that it has never shared information such as “member names or clinical data from therapy sessions” with “advertisers, publishers, social media platforms or other similar third parties.”
It is not the first time that concerns have been raised about BeterHelp or other providers of online mental health care. Last year, lawmakers, including Senators Elizabeth Warren (D-MA) and Ron Wyden (D-OR), sent a letter to BetterHelp requesting information about what data the service collected, how it was used and how it interacted and disclosed its dealings with online advertisers and social media companies. Mozilla also said that when it reviewed 32 mental health apps, it found that 28 of them were sharing people’s information with other companies.
While selling data about people’s mental health isn’t necessarily illegal, even if they haven’t given their consent, according to a report by The Washington Post — The FTC is cracking down on companies it determines are not doing it right. Earlier this year, it fined GoodRx $1.5 million for sending health data to companies like Google and Facebook and banned the company from doing so again in the future.
Correction March 2, 5:57 PM ET: A previous headline for this article said that BetterHelp sold the data, while the FTC only accused it of sharing the data. The headline has been updated and context on how the data has been used has been added to the article. We regret the mistake.