Security & Fraud

Upromise Fined $500,000 By FTC For Violating Data Collection, Usage

Upromise, a membership reward service, was fined $500,000 by the Federal Trade Commission (FTC) to settle allegations it violated a FTC rule that requires companies to disclose their data collection and usage of that data and get a third-party assessment of its data collection tools.

In a press release, the FTC said that following a 2012 order, Upromise encouraged consumers to download a toolbar called RewardU. The FTC order in 2012 called on Upromise to make it clear and prominent to customers about the safeguards it has in place and the effectiveness of the safeguards to protect consumers’ personal information, but the FTC said it failed to comply with the provisions or the order.

“Upromise once again didn’t disclose to consumers the extent of its data collection and failed to comply with the FTC’s order to get required privacy assessments,” said Tom Pahl, acting director of the Federal Trade Commission’s Bureau of Consumer Protection. “Companies must keep their privacy promises.”

Under the new order, Upromise can’t violate the 2012 order and has to pay a $500,000 civil penalty. Before launching a future toolbar, it also has to have a third-party professional specializing in website design and user experience certify that Upromise has adhered to the order’s disclosure and “express, affirmative” consumer consent requirements. Upromise also must obtain advance written approval from the FTC of any required assessment’s scope and design. In addition, it must permanently expire RewardU-related cookies from consumers’ computers and notify those consumers how to uninstall the toolbar and any associated cookies.

The move on the part of the FTC to fine Upromise comes at a time when government watchdogs are going after companies that violate consumer laws in lots of areas, including student loan servicing. In January the Consumer Financial Protection Bureau (CFPB) filed suit against Navient, the largest servicer of federal and private student loans in the United States. The CFPB suit alleges that Navient, formerly part of Sallie Mae, has been in violation of the Dodd-Frank Wall Street Reform and the Consumer Protection Act, the Fair Credit Reporting Act, and the Fair Debt Collections Practices Act. The bureau claims that Navient and two subsidiaries provided bad information, processed payments incorrectly and failed to act when borrowers issued complaints — systematically and illegally failing borrowers.


Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The PYMNTS Next-Gen AP Automation Tracker, is a monthly report that highlights the most recent accounts payable developments and automated solutions that are disrupting how businesses process invoices, track spending and earn rebates on transactions.

Click to comment


To Top