Federal Trade Commission issues warning to health companies about the misuse of consumer data
The Federal Trade Commission recently issued a warning to healthcare companies on how it defines the appropriate use of consumers’ biometric data.
Citing “threats to privacy and civil rights,” FTC suggests that advances in technology and data sharing have blurred the lines between what is and is not ethical to share between businesses. The commission released a new policy statement on May 18 to clarify its restrictions.
“The increasing use of consumers’ biometric information and related marketing of technologies that use or purport to use biometric information raise significant concerns with respect to consumer privacy, data security, and the potential for bias and discrimination,” the opening line of the statement reads. “The Federal Trade Commission is committed to combatting unfair or deceptive acts related to the collection and use of consumers’ biometric information and the marketing and use of biometric information technologies.”
FTC defines biometric data as “data that depict or describe physical, biological, or behavioral traits, characteristics, or measurements of or relating to an identified or identifiable person’s body.” This includes things like images of an individual, recordings of their voice, depictions of facial features and the iris or retina, finger and handprints, and characteristics of movements and gestures, etc.
Facial recognition technology is a good example of biometric data, but FTC notes that its use has grown substantially beyond that realm in recent years. Concerned about how the increasing use of biometrics could harm consumers by way of fraud, discrimination and unauthorized sharing of personal information, the commission sought to sound the alarm on the appropriate use of such data, and the consequences that accompany veering away from compliance.
The statement warns that any inaccurate or misleading claims to consumers about how their data is collected and used could be considered a violation of the FTC Act. Several factors will determine whether companies are in violation, including the following:
Failure to analyze potential harms to consumers prior to collecting their data.
Failure to address any identified risks by implementing actions or tools that would minimize risks.
Engaging in unwarranted collection and/or use of consumers’ biometric information.
Failure to thoroughly evaluate third parties that are granted access to consumers’ data.
Failure to appropriately train relevant staff on interacting with biometric information and technologies.
Failure to continuously monitor technologies that the business develops, sells or uses in connection with biometric information.
In a prepared statement, Samuel Levine, director of the FTC’s Bureau of Consumer Protection, noted that the policy statement “makes clear that companies must comply with the law regardless of the technology they are using.”
The commission voted unanimously to adopt the statement, which can be viewed here.