FTC: Health Apps, Wearables Need to Tell Consumers of Data Breaches

FTC: Health Apps Must Tell Consumers of Breaches

The Federal Trade Commission (FTC) has said health apps and connected devices must comply with the Health Breach Notification Rule, making it so they must notify users when data is breached, according to a press release.

The FTC said health apps and wearables, with the ability to track glucose levels, heart health, fertility and sleep, have been attracting more sensitive, personal data for some time now, per the release. Because of that, the apps have a responsibility to make sure the data is secure. That includes making sure unauthorized data access can’t happen.

In the American Recovery and Reinvestment Act of 2009, Congress enacted specific rules for the FTC to make sure customers are contacted in the case of a security breach, according to the release. After that, the FTC enacted the Health Breach Notification Rule, making it so vendors of personal health records and other entities have to notify customers, the FTC and occasionally the media when data is acquired without customer permission.

Now, health apps and other connected devices which collect personal data have become mainstream. But even so, the pandemic has seen an increase in scammers, hacks and other types of cybercrimes, and privacy protections haven’t caught up, the release stated.

“While this rule imposes some measure of accountability on tech firms that abuse our personal information, a more fundamental problem is the commodification of sensitive health information, where companies can use this data to feed behavioral ads or power user analytics,” said FTC Chair Lina M. Khan in the release. “Given the growing prevalence of surveillance-based advertising, the commission should be scrutinizing what data is being collected in the first place and whether particular types of business models create incentives that necessarily place users at risk.”

Meanwhile, the FTC is looking into smaller deals made by Big Tech that may not have warranted antitrust attention due to their size, including deals by the companies between 2010 and 2019.

Read more: FTC Is Reviewing Big Tech’s Smaller Deals