BE TRANSPARENT

Give users the ability to make informed choices.

The first step in establishing and maintaining a trust-based relationship with your users is giving them the information they need to make informed decisions. Doing so not only helps prevent surprises that can lead to backlash, it can also build loyalty among your current users and help you recruit new ones.

NOTIFY USERS WHENEVER MONITORING IS ACTIVE.
Users should be aware when a device or product is collecting information or when a microphone, camera, or other sensor is turned on. If your product is capable of collecting and transmitting user information surreptitiously, the discovery of those practices can severely erode user trust.
Case Study

Microsoft Pays $20M for Improperly Collecting and Retaining Children’s Information

Microsoft was slapped with $20 million in fines in 2023 to settle FTC charges that it violated the Children’s Online Privacy Protection Act (COPPA).

Microsoft was slapped with $20 million in fines in 2023 to settle FTC charges that it violated the Children’s Online Privacy Protection Act (COPPA). The FTC charged Microsoft with violating COPPA and the FTC Act by collecting personal information from children using the company’s Xbox Live online service and related products, collecting this personal information without parent consent, and storing the information longer than reasonably necessary. In addition to paying the large fine, Microsoft needs to bolster protections for children’s information, including requiring parental consent prior to collection and implementing a system to delete all collected information within two weeks of collection.

76% of Americans don’t trust social media CEOs to not sell their personal information without consent (2023).

 

MAKE USERS AWARE WHEN YOU COLLECT DATA IN UNEXPECTED WAYS.
Today’s market of sensor-rich and interconnected devices includes everything from thermostats to cars and is commonly referred to as the “Internet of Things.” Many of these devices are able to inconspicuously collect sensitive data about private life, making clear and creative privacy explanations all the more important. Companies that fail to explain how these devices collect and use data may find themselves in hot water.
Case Study

Sell Data and Say You Didn’t: How Flo Health Got In Trouble with the FTC

The FTC sued Flo Health—a once-popular women’s health app used for tracking reproductive health information such as menstrual cycles and pregnancies—for lying to users about its privacy policies and claiming to keep health information private while actually selling the information to third parties.

The FTC sued Flo Health—a once-popular women’s health app used for tracking reproductive health information such as menstrual cycles and pregnancies—for lying to users about its privacy policies and claiming to keep health information private while actually selling the information to third parties. Flo Health misrepresented its compliance with international privacy laws that require notice, consent, and protection of personal information transferred to third parties and Flo agreed to settle these charges in 2021. Flo was required to obtain consent prior to sharing a consumer’s health information with a third party, undergo a compliance review conducted by a third party expert, notify users of the app that Flo shared information about their periods and pregnancies with third parties in violation of its privacy policies, and post a similar notice on its website.

Case Study

Airbnb Bans Hidden Cameras

Following reports that Airbnb hosts were secretly surveilling guests using hidden cameras placed in highly invasive locations such as bedrooms and

Following reports that Airbnb hosts were secretly surveilling guests using hidden cameras placed in highly invasive locations such as bedrooms and bathrooms, the company announced a new privacy policy prohibiting indoor cameras in its rentals. This change will help protect Airbnb guests from unwanted surveillance and privacy and civil rights groups have welcomed Airbnb’s indoor-camera ban as a “privacy and safety win.” 

Case Study

Alexa – Don’t Store Children’s Voices

Amazon had to pay $25 million dollars for improperly collecting children’s voice recordings and  geolocation information through its Alexa devices, misleading parents about privacy protections, and failing to honor deletion requests.

Amazon had to pay $25 million dollars for improperly collecting children’s voice recordings and  geolocation information through its Alexa devices, misleading parents about privacy protections, and failing to honor deletion requests. The DOJ and FTC took action against Amazon for violating the Children’s Online Privacy Protection Act. In addition to the monetary settlement, Amazon must also delete inactive child accounts, stop using certain sensitive information to train its algorithms, stop misrepresenting its privacy policies, and notify its users about the FTC-DOJ action.

 

Share This: