FTC Prohibits Monument from Sharing Consumer Data for Advertising Purposes Without Consent
The Federal Trade Commission (FTC) has banned Monument from sharing consumer data with third-party advertisers without consent. A $2.5 million civil monetary penalty was proposed, which was suspended due to the company’s inability to pay.
Monument, a company that provides plans to support individuals with alcohol addiction, was investigated by the FTC following a data breach that was disclosed in March 2023 involving the personal information of more than 108,000 individuals. The data breach was due to the use of third-party analytics and tracking tools on its website.
While tracking tools are used on many websites, the problem with Monument’s use of these tools was the company told consumers that their personal information would be 100% confidential, yet their information was transferred to third parties such as Google and Meta without their knowledge or consent and was used to deliver personalized ads.
According to the FTC’s complaint, Monument violated the FTC Act by engaging in unfair and deceptive business practices and violated the Opioid Addiction Recovery Fraud Prevention Act of 2018 (OARFPA), which prohibits deceptive business practices in relation to substance use disorder treatment services. The FTC also alleged that Monument misrepresented compliance with the Health Insurance Portability and Accountability Act (HIPAA). The $2.5 million civil monetary penalty was imposed for violating OARFPA and will need to be paid if the FTC learns that Monument misrepresented its financial position.
Monument has also been ordered to contact all third parties that received consumer data via its website tracking tools and instruct them to delete the data. Any consumers that have yet to be notified by Monument about the impermissible disclosure of their data must be notified, and Monument must develop and implement a comprehensive privacy program to ensure consumer data is protected and all issues identified in the FTC complaint are addressed.
The FTC has taken action against several companies over the sharing of consumers’ health data with third parties without consent, including BetterHelp, GoodRX, Premom, and Cerebral.