The Federal Trade Commission (FTC) accused BetterHelp online counseling service of sharing customers’ mental health data with advertisers. The authorities want to ban the online platform from disclosing information to third parties like Facebook and Snapchat.
After the accusations, FTC and the online service reached a settlement that requires the company to pay $7.8 million. This money will partially cover the compensation for exposed users.
BetterHelp is an online counseling service. It offers therapy for people with depression, anxiety, post-traumatic stress, addictions, etc.
FTC submitted an official complaint accusing BetterHelp of bad practices in handling users’ data. The company shared with advertisers information like email addresses, IP addresses, and data from the signup questionnaires.
Facebook, Snapchat, Criteo, and Pinterest used all this data for target advertising. To be specific, to find new people who would become customers for the platform.
FTC warns BetterHelp that its conduct can be harmful to its users, vulnerable people.
When a person struggling with mental health issues reaches out for help, they do so in a moment of vulnerability and with an expectation that professional counseling services will protect their privacy. Instead, BetterHelp betrayed consumers’ most personal health information for profit. Let this proposed order be a stout reminder that the FTC will prioritize defending Americans’ sensitive data from illegal exploitation.
Samuel Levine, Director of the FTC‘s Bureau of Consumer Protection.
In fact, FTC explained that the users had to share personal data to sign up for online counseling. But the platform did not obtain users’ consent in using the data for advertising. And did not limit the third-party use of the health data.
The FTC and BetterHelp reached a settlement that includes a $7.8 million payment from the company.
The $7.8 million that BetterHelp must pay under the proposed order will be used to provide partial refunds to consumers who signed up for and paid for BetterHelp’s services between August 1, 2017, and December 31, 2020.
The settlement also includes, according to BleepingComputer:
- Prior to disclosing a user’s information to a third-party for any reason, the company has to get their permission.
- The platform has to implement robust security measures to secure consumer health information.
- Demand and confirm that any previous recipients of BetterHealth user data have removed it.
- Establish a time limit for how long the business may keep sensitive health information.
Despite the settlement, BetterHelp denies all allegations.
To clarify, we do not share and have never shared with advertisers, publishers, social media platforms, or any other similar third parties, private information such as members’ names or clinical data from therapy sessions. In addition, we do not receive and have never received any payment from any third party for any kind of information about any of our members.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.Get cybersecurity updates you\’ll actually want to read directly in your inbox.