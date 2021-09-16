



The Federal Trade Commission (FTC) warns that apps and devices that collect personal health information need to notify consumers in the event of data breaches or unauthorized sharing with third parties. doing.

In a 3-2 vote on Wednesday, the FTC agreed on a new policy statement that clarifies the 2009 Health Violation Notification Rules 10 years ago. Under this rule, companies dealing with health records must notify consumers when data such as results are accessed without permission for violations. According to FTC Chairman Lina Khan, this is currently being extended to apply to health apps and devices that specifically call fertility data, fitness and blood glucose tracking apps.

Digital apps routinely play user data fast and loosely, making sensitive health information of users vulnerable to hacking and compromise, “Khan said in a statement. He pointed out a survey of this year’s British Medical Journal that found him suffering. Serious problems ranging from insecure transmission of user data to unauthorized sharing of data with advertisers.

In recent years, there have also been a number of recent high-profile infringements related to health apps. Babylon Health, a UK AI chatbot and telemedicine startup, suffered a data breach last year after a software error allowed users access to video consultations with other patients. The time-tracking app Flo was recently found to share user health data with third-party analytics and marketing services.

Under the new rules, businesses offering health apps and connected fitness devices that collect personal health data will need to notify consumers in the event of a data breach. However, this rule does not define “data breache” as just a cybersecurity breach. Unauthorized access to personal data, such as sharing information without personal permission, can also lead to notification obligations.

“This rule imposes some accountability on technology companies that misuse our personal information, but the more fundamental problem is that companies use this data to feed behavioral ads or analyze users. It’s the commercialization of sensitive health information that can be strengthened, “Khan said.

If the company does not comply with this rule, the FTC has stated that it will “aggressively” enforce a $ 43,792 per day fine for each breach.

The FTC has been cracking down on privacy breaches in recent weeks. Earlier this month, the agency unanimously banned spyware maker SpyFone and its CEO Scott Zuckerman from the surveillance industry for collecting mobile data from thousands of people and leaving it on the open Internet. It was passed by.

