Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

FTC finalizes decision banning respondents from surveillance business

Federal Issues FTC Privacy/Cyber Risk & Data Security FTC Act Enforcement UDAP

Federal Issues

On December 21, the FTC announced a decision banning a data monitoring application and its CEO (collectively, “respondents”) from the surveillance industry. As previously covered by InfoBytes, the respondents allegedly violated Section 5 of the FTC Act by failing to provide reasonable data security for consumers’ personal information. According to the FTC, the respondents allegedly “secretly harvest[ed] and shar[ed] data on people’s live location, web use, and online activities through their product’s hidden device hack,” and sold real-time access to their surveillance system, which allowed stalkers and domestic abusers to “stealthily track” unknowing victims. Under the terms of the final decision, the respondents are: (i) ordered to “immediately disable all access to any information collected by or through a monitored Mobile Device” and immediately stop collecting any data through any app installed before the date of entry of the order; (ii) required to delete any information illegally collected from their apps; (iii) required to notify owners who installed respondents’ apps on their devices that their devices might have been monitored and may not be secure; and (iv) banned from offering, promoting, selling, or advertising any surveillance app, service, or business. The respondents are also required to implement a comprehensive information security program and obtain initial and biennial third-party security assessments.