In a complaint filed with the FTC on November 23, four advocacy groups asked for "Investigation, Public Disclosure, Injunction, and Other Relief" against several online health giants, including Google, Microsoft, QualityHealth, WebMD, Yahoo, AOL, HealthCentral, Healthline, and Everyday Health.
The advocacy groups behind this complaint are the Center for Digital Democracy, U.S. PIRG, Consumer Watchdog and World Privacy Forum. They allege (in 144 pages, complete with web page screen-shots) that:
"Digital marketing raises many distinct consumer protection and privacy issues, including an overall lack of transparency, accountability and personal control, which consumers should have over data collection and the various interactive applications used to track, target, and influence them online (including on mobile devices). The use of these technologies by pharmaceutical, health product, and medical information providers that directly affect the public health and welfare of consumers requires immediate action."
Any business that has a web presence should read this complaint; it will show you what these (and other) advocacy groups are complaining about. While I do not expect the FTC to jump into action based on this complaint alone, it would not surprise me to see an increase in the discussion of regulation and enforcement in this patch of cyberspace during 2011. It is only a matter of time until a consumer health web site has a significant data breach. Traditionally, such breaches bring increased inforcement activity.
The complaint also cites a FTC complaint made in June 2009 against Sears Holding Management concerning that company’s dissemination of "a software application for consumers to download and install onto their computers” that violated the FTC Act. That FTC complaint alleged that Sears Holding:
"failed to disclose adequately that the software application, when installed, would: monitor nearly all of the Internet behavior that occurs on consumers’ computers, including information exchanged between consumers and websites other than those owned, operated, or affiliated with respondent, information provided in secure sessions when interacting with third-party websites, shopping carts, and online accounts, and headers of web-based email; track certain non-Internet-related activities taking place on those computers; and transmit nearly all of the monitored information (excluding selected categories of filtered information) to respondent’s remote computer servers. These facts would be material to consumers in deciding to install the software. Respondent’s failure to disclose these facts, in light of the representations made, was, and is, a deceptive practice."