Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

FTC says British data analytics firm misled consumers about collection of personal information

Federal Issues FTC Act Enforcement Privacy/Cyber Risk & Data Security UDAP Deceptive

Federal Issues

On December 6, the FTC issued an unanimous opinion against a British consulting and data analytics firm, finding that the firm violated the FTC Act by engaging in “deceptive practices to harvest personal information from tens of millions of [a social media company’s] users.” The information—which was allegedly collected through an application that told users it would not harvest identifiable information—was then used to target potential voters. The opinion also found that the firm engaged in deceptive practices relating to its participation in the EU-U.S. Privacy Shield framework. The opinion follows an administrative complaint issued against the firm in July (previously covered by InfoBytes here). Under the terms of the administrative final order, the firm is prohibited from misrepresenting “the extent to which it protects the privacy and confidentiality of personal information as well as its participation in the EU-U.S. Privacy Shield framework and other similar regulatory or standard-setting organizations,” and it must apply Privacy Shield protections to personal information collected during its participation in the program or return or delete the information. Among other things, the firm also must delete or destroy the personal information collected from consumers through the app, as well as any other information or work product that originated from the information.