The FTC settled charges that Rite Aid deployed AI facial recognition technology in hundreds of stores from 2012 to 2020 without reasonable safeguards, resulting in false-positive matches that disproportionately harmed women and people of color. The proposed order bans Rite Aid from using facial recognition for surveillance for five years and requires comprehensive biometric data safeguards, data deletion, consumer notifications, and a certified security program.
Rite Aid is banned from using facial recognition for surveillance for five years, must delete all collected biometric images and derived algorithms, provide clear notice to consumers about its use, notify consumers when actions are taken based on the system, implement a comprehensive data security program overseen by executives, obtain independent third-party security assessments, and provide annual CEO certifications.
In-house legal teams should review all vendor agreements (especially with technology/AI providers), customer privacy policies, and any data processing agreements where biometric data or automated surveillance is involved. Specific clauses to scrutinize include: data processing specifications (particularly for biometric identifiers), consent mechanisms for surveillance, data retention and deletion schedules, breach notification protocols, audit rights, and representations/warranties regarding algorithmic fairness and accuracy. Given the FTC's order, contracts may need amendments to: (1) explicitly prohibit or restrict AI facial recognition for surveillance purposes, (2) mandate regular disparate impact assessments for automated systems, (3) require robust data minimization and deletion protocols for biometric data, (4) establish certified security programs aligned with FTC expectations, and (5) incorporate consumer notification requirements for false positives or data misuse. Teams should also assess termination rights if a vendor's technology poses uncorrectable consumer risks.
Entity
Rite Aid
Industry
RetailOfficial Press Release
https://www.ftc.gov/news-events/news/press-releases/2023/12/rite-aid-banned-using-ai-facial-recognition-after-ftc-says-retailer-deployed-technology-without
2023190 riteaid stipulated order filed
https://www.ftc.gov/system/files/ftc_gov/pdf/2023190_riteaid_stipulated_order_filed.pdf
2023190 riteaid complaint filed
https://www.ftc.gov/system/files/ftc_gov/pdf/2023190_riteaid_complaint_filed.pdf
Federal Trade Commission Enforcement Page
https://www.ftc.gov/enforcement
"Rite Aid will be prohibited from using facial recognition technology for surveillance purposes for five years to settle Federal Trade Commission charges"
"the retailer failed to implement reasonable procedures and prevent harm to consumers in its use of facial recognition technology"
"facial recognition technology falsely flagged the consumers as matching someone who had previously been identified as a shoplifter"
"Rite Aid’s facial recognition technology was more likely to generate false positives in stores located in plurality-Black and Asian communities than in plurality-White communities"
"Rite Aid will be prohibited from using facial recognition technology for surveillance purposes for five years"
"Delete, and direct third parties to delete, any images or photos they collected because of Rite Aid’s facial recognition system"
The FTC sent warning letters to 12 companies offering 'nudify' tools that generate nonconsensual intimate images, for failing to comply with the TAKE IT DOWN Act (TIDA) by not providing a mechanism for victims to request removal of such content. The letters urge immediate compliance with TIDA, which requires platforms to remove nonconsensual intimate images within 48 hours of a valid request. Noncompliant companies may face future legal action and civil penalties of up to $53,088 per violation.
The FTC began enforcing the TAKE IT DOWN Act on May 19, 2026, a law requiring covered platforms to establish a process for victims to request removal of nonconsensual intimate images and delete such content within 48 hours of a valid request. The agency launched a consumer complaint portal, issued compliance guidance for businesses and consumers, and sent reminder letters to major platforms including Meta, TikTok, and X about their obligations under the law. No specific penalties or enforcement actions against individual companies were announced in this release.
$6.5M
A federal court held Cliq Inc. and its executives Andrew Phillips and John Blaugrund in civil contempt for multiple violations of a 2015 FTC order requiring the payment processor to prevent enabling consumer fraud. The court found the defendants facilitated fraud by processing transactions for high-risk merchants, avoiding fraud monitoring, failing to conduct required underwriting, and ignoring chargeback thresholds. The court imposed $6.5 million in civil contempt sanctions against the defendants.
$795.8M
The FTC and State of Nevada settled charges with lead defendants of the IM Mastery Academy MLM scheme, including Chris and Isis Terry and their affiliated companies, over false earnings claims used to promote financial training programs and a multi-level marketing venture. The stipulated order imposes a $795.8 million judgment, with defendants surrendering nearly $90 million in assets including luxury real estate, vehicles, jewelry, and a yacht, totaling over $100 million with prior judgments from other involved defendants. The order also bans defendants from selling trading-training services, prohibits false earnings claims, and restricts deceptive practices including negative-option misrepresentations and telemarketing violations.
The FTC and State of Illinois, via the Department of Justice, filed a complaint against B.E.S.T. GDR LLC (d/b/a Premium Home Service) and its owner Yosef Bernath for creating thousands of fake home repair business listings with fabricated five-star reviews to deceive consumers. The defendants allegedly routed consumer calls to unqualified representatives, arranged for unlicensed technicians, and violated the FTC Act, Reviews and Testimonials Rule, Gramm-Leach-Bliley Act, and Illinois consumer protection laws. No monetary penalty has been imposed yet as the case is in initial filing stages.
Federal Trade Commission Chairman Andrew N. Ferguson sent letters to over a dozen major technology companies reminding them of their obligation to comply with the Take It Down Act (TIDA) by May 19, 2026. TIDA requires covered platforms to establish a process for victims, including children, to request removal of nonconsensual intimate images, with takedown of content and all identical copies required within 48 hours of a valid request. The FTC also issued supplemental guidance to help companies prepare for compliance and warned that it will monitor and enforce violations of the law.