1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
Everalbum, Inc. settled FTC allegations that it deceived consumers about its use of facial recognition technology in its photo storage app and failed to delete photos when users deactivated their accounts. The settlement requires Everalbum to obtain express consent before using facial recognition, delete user photos and derived face embeddings, and delete developed models and algorithms. It also prohibits misrepresentations about data practices and requires consent for biometric data use if marketing software to consumers.
SkyMed International, Inc. settled FTC allegations that it failed to secure sensitive consumer data, including health information, leaving a cloud database with 130,000 records exposed to the public. The FTC also alleged that SkyMed misrepresented HIPAA compliance on its website. As part of the settlement, SkyMed must implement a comprehensive security program, undergo biennial third-party assessments, and send notices to affected consumers.
Ascension Data & Analytics, LLC, a mortgage analytics company, settled FTC allegations that it violated the Gramm-Leach-Bliley Act's Safeguards Rule by failing to ensure its vendor adequately protected consumer data. The vendor stored sensitive mortgage information in plain text on a cloud server, leading to unauthorized access. Ascension must implement a data security program, undergo biennial assessments, and report future breaches.
The FTC issued orders under Section 6(b) of the FTC Act to nine social media and video streaming companies requiring them to provide data on their data collection, use, advertising practices, and effects on children and teens. The companies must respond within 45 days.
AppFolio, Inc., a tenant background report provider, settled with the FTC for $4.25 million over allegations it violated the Fair Credit Reporting Act by failing to implement reasonable procedures to ensure the accuracy of its screening reports and by including eviction and non-conviction criminal records older than seven years. The settlement prohibits including old records and requires maintaining accuracy procedures.
$4.3M
The FTC settled with Midwest Recovery Systems for engaging in 'debt parking,' where it placed inaccurate debts on consumers' credit reports to force payment. The company collected over $24 million from such debts. The settlement requires it to delete all reported debts, stop the practice, and pay a $24.3 million monetary judgment.
$24.3M
The FTC settled with Zoom for deceiving users about its encryption security and unfairly installing software that bypassed browser safeguards. Zoom must implement a comprehensive security program, undergo biennial audits, and is banned from making false security claims. No monetary penalty was imposed.
The FTC settled with NTT Global Data Centers Americas, Inc. for deceiving consumers about its participation in the EU-U.S. Privacy Shield framework. The company's certification lapsed in 2018, but it continued to claim compliance in its privacy policy and marketing materials. Under the settlement, NTT is prohibited from misrepresenting its participation in any privacy program and must apply Privacy Shield protections to previously collected personal data or delete it.
The FTC filed a complaint against MyLife.com, Inc. and its CEO for deceiving consumers with 'teaser background reports' that falsely claimed to include criminal and arrest records, and for violating the Fair Credit Reporting Act by failing to ensure accuracy and permissible purpose. The company also engaged in misleading billing practices under the Restore Online Shoppers’ Confidence Act and Telemarketing Sales Rule.
The FTC settled with Ortho-Clinical Diagnostics, Inc. for misleading consumers about its participation in the EU-U.S. Privacy Shield framework. The company allowed its certification to lapse in 2018 but continued to claim participation. The settlement prohibits such misrepresentations and requires compliance with Privacy Shield obligations for data collected or deletion of such data.
The FTC finalized a settlement with Miniclip, S.A. for falsely claiming it was a member of the CARU COPPA safe harbor program. Miniclip is prohibited from misrepresenting its participation in privacy programs and subject to compliance and recordkeeping requirements.
The FTC settled with Kohl's Department Stores for violating the Fair Credit Reporting Act by failing to provide identity theft victims with access to their business transaction records within 30 days. Kohl's agreed to pay a $220,000 civil penalty and must implement measures to comply with FCRA requirements, including providing records promptly and posting a notice on its website.
$220K
HyperBeard, Inc., a developer of children's apps, agreed to pay $150,000 and delete personal information it illegally collected from children under 13 to settle FTC allegations that it violated COPPA by allowing third-party ad networks to collect persistent identifiers without parental consent. The settlement requires HyperBeard to obtain verifiable parental consent for future data collection and prohibits using the illegally collected data.
$150K
NTT Global Data Centers settled FTC allegations that it misled consumers about its participation in the EU-U.S. Privacy Shield framework and failed to comply with its requirements. The settlement requires the company to hire a third-party assessor if it re-certifies, prohibits misrepresentations about privacy programs, and mandates continued application of Privacy Shield protections or deletion of data collected while participating.
The FTC charged Facebook with deceiving consumers about its privacy practices and violating a 2012 consent order. In July 2019, Facebook agreed to pay a $5 billion civil penalty and accept comprehensive new privacy restrictions.
$5.0B
All data sourced from official government enforcement pages.