In a move to protect consumers' privacy and prevent deceptive practices, the Federal Trade Commission (FTC) has taken action against an alcohol addiction treatment service. The service, Monument, Inc., allegedly shared users' health data with third-party advertising platforms without their consent.
The FTC has proposed a ban on disclosing health information for advertising purposes and requires Monument to obtain users' affirmative consent before sharing any health information with third parties.
The FTC alleges that Monument, a New York-based alcohol addiction treatment service, violated consumer privacy by sharing personal health data with third-party advertising platforms, including Meta and Google, for advertising purposes. Monument had promised to keep such information confidential but failed to ensure compliance with its own privacy policies. The company disclosed highly sensitive health information, revealing that its customers were seeking help for alcohol addiction without obtaining users' consent.
From 2020 to 2022, Monument claimed on its website and in communications with consumers that users' personal information would be "100% confidential." The company further asserted compliance with the Health Insurance Portability and Accountability Act (HIPAA), which protects health information held by covered entities and their business associates. However, an independent assessment revealed that Monument had not fully complied with HIPAA's requirements.
During the same period, Monument allegedly shared users' personal and health information with third-party advertising platforms through tracking technologies, such as pixels and APIs, integrated into its website. Using these technologies, Monument targeted ads for its services to current and potential users. The company provided advertising platforms with users' email addresses, IP addresses, and other identifiers, enabling third parties to associate specific individuals with their interactions on Monument's website.
The FTC's complaint alleges that Monument disclosed personal information, including health data, to numerous third-party advertising platforms. However, due to inadequate tracking and inventory practices, the company does not have an exact number of affected users. The complaint estimates that as many as 84,000 users had their information disclosed without their consent.
"This action continues the FTC's work to ensure strict limits on how firms handle sensitive health data, rather than putting the onus on consumers to protect themselves," said Samuel Levine, Director of the FTC's Bureau of Consumer Protection. "Following on the heels of actions against GoodRx, BetterHelp, and Premom, the market should be getting the message that consumer health data should be handled with extreme caution."
The FTC's action against Monument demonstrates the agency's commitment to safeguarding consumer privacy and holding companies accountable for their data handling practices. By banning the disclosure of health data for advertising without consent, the FTC tries to protect individuals seeking treatment for alcohol addiction.
This case proves to companies that consumer health data should be handled cautiously and in compliance with applicable laws and regulations. As technology continues to evolve, ensuring the privacy and security of personal information remains a priority for both consumers and regulatory bodies.