The Federal Trade Commission has fined online therapy company BetterHelp $7.8 million for allegedly sharing consumer data with third parties like Facebook and Snapchat for advertising purposes.
The proposed order — the second recent action by the FTC regarding data sharing by a digital health company — would also ban BetterHelp from disclosing health data for advertising. The agency said this is its first action that would return funds to consumers whose data was shared.
According to the FTC’s complaint, the mental health company, which is owned by Teladoc Health, revealed consumers’ email addresses, IP addresses and information from health questionnaires. In an example, the agency said BetterHelp used email addresses and the fact users had previously been in therapy so Facebook could find similar customers and target them with ads.
The FTC also alleged BetterHelp didn’t maintain policies to protect user data, obtain consumers’ consent before disclosing it, or place any limits on how third parties could use the information. It also noted the company had misled users in 2020 by denying news reports that the company had shared data with third parties.
In its proposed order, BetterHelp would need to get express consent before disclosing data to certain third parties for any purpose, implement a privacy program, direct third parties to delete consumer health data, and limit how long BetterHelp could keep personal health information.
“When a person struggling with mental health issues reaches out for help, they do so in a moment of vulnerability and with an expectation that professional counseling services will protect their privacy,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said in a statement. “Instead, BetterHelp betrayed consumers’ most personal health information for profit. Let this proposed order be a stout reminder that the FTC will prioritize defending Americans’ sensitive data from illegal exploitation.”
In a statement, BetterHelp said it had reached a settlement with the FTC regarding advertising practices that were in place between 2017 and 2020, though it admitted no wrongdoing.
“The FTC alleged we used limited, encrypted information to optimize the effectiveness of our advertising campaigns so we could deliver more relevant ads and reach people who may be interested in our services,” the company said. “This industry-standard practice is routinely used by some of the largest health providers, health systems, and healthcare brands. Nonetheless, we understand the FTC’s desire to set new precedents around consumer marketing, and we are happy to settle this matter with the agency.”
THE LARGER TREND
About a month ago, the FTC alleged drug-cost and telehealth platform GoodRx shared consumers’ personal health information with third parties like Google and Facebook for advertising purposes.
The agency said GoodRx had provided information about consumers’ prescription medications and health conditions so they could be targeted with health-related ads based on that information. The company agreed to pay a $1.5 million fine to settle the case, but also admitted no wrongdoing.