1,285 enforcement actions from 14 federal and state jurisdictions. Every event traced back to its official government source.
1,285
Total Actions
14
Jurisdictions
$35.3B+
Total Fines Tracked
The FTC settled charges with data broker Kochava, Inc. and its subsidiary Collective Data Solutions (CDS) over allegations that they sold precise location data from hundreds of millions of mobile devices without consumer consent, enabling tracking of visits to sensitive locations like reproductive health clinics and places of worship. The settlement prohibits the companies from selling or sharing sensitive location data without affirmative express consumer consent, and imposes compliance requirements including a sensitive location data program, supplier consent assessments, incident reporting, and data retention schedules. No monetary penalty was imposed.
The FTC settled with Humor Rainbow, Inc. (operator of OkCupid) and Match Group Americas over allegations that OkCupid deceived users by sharing personal data including photos and location information with an unauthorized third party, contrary to its privacy policy promises to inform users and provide opt-out opportunities. The settlement permanently prohibits the companies from misrepresenting their data collection, use, disclosure, and privacy control practices. No monetary penalty was imposed.
The Federal Trade Commission (FTC) sent warning letters to 13 data brokers reminding them of their obligations under the Protecting Americans’ Data from Foreign Adversaries Act (PADFAA). PADFAA prohibits data brokers from selling or providing sensitive personal data about Americans to foreign adversaries such as China, Russia, Iran, and North Korea. The letters warn that violations could result in civil penalties of up to $53,088 per violation and urge companies to review their business practices for compliance.
The FTC issued warning letters to 13 data brokers reminding them of their obligations under the Protecting Americans' Data from Foreign Adversaries Act (PADFAA), which bans the sale or disclosure of sensitive personal data to foreign adversaries like China, Russia, Iran, and North Korea. The letters cite instances where recipients offered data on Armed Forces members, which is protected under PADFAA. Non-compliance could result in civil penalties up to $53,088 per violation.
Privacy enforcement action where the FTC settled with General Motors and OnStar for collecting and selling consumers' geolocation and driving behavior data without adequate notice or consent. The order prohibits sharing data with consumer reporting agencies and requires transparency and consumer choice measures.
Federal Trade Commission Chairman Andrew N. Ferguson issued a letter to the U.S. Trustee overseeing the 23andMe bankruptcy proceeding, expressing concerns about the potential sale or transfer of consumers' personal genetic data. The letter underscores the importance of companies honoring their privacy promises to consumers, particularly regarding sensitive information, during bankruptcy proceedings.
The FTC alleged that General Motors and its OnStar subsidiary collected and sold drivers' precise geolocation and driving behavior data (e.g., hard braking, speeding) to consumer reporting agencies without adequately notifying consumers or obtaining their affirmative consent. A proposed consent order bans the companies from disclosing this sensitive data to consumer reporting agencies for five years and requires them to implement clearer consent mechanisms, data access/deletion processes, and opt-out options.
The FTC took action against Gravy Analytics Inc. and Venntel Inc. for unlawfully tracking and selling sensitive consumer location data without consent. The proposed consent order prohibits the sale or use of sensitive location data, requires deletion of historic data, and mandates compliance programs. This is part of the FTC's series of actions against data brokers selling sensitive location data.
The FTC staff report examined data practices of nine major social media and video streaming companies and found they engaged in vast surveillance of users with lax privacy controls and inadequate safeguards for children and teens. The report recommends limiting data collection, restricting targeted advertising, and strengthening protections for young users, and calls for comprehensive federal privacy legislation.
The FTC and DOJ sued TikTok and ByteDance for violating COPPA by collecting personal information from children under 13 without parental consent. The complaint alleges that TikTok knowingly allowed millions of children on its platform and failed to comply with a 2019 consent order. The lawsuit seeks civil penalties and a permanent injunction.
The FTC settled with InMarket Media for unlawfully collecting and using consumers' precise location data without adequate notice and consent. The order prohibits InMarket from selling or sharing precise location data, requires deletion of collected data, and mandates consumer consent mechanisms and privacy programs.
The FTC settled with telehealth firm Cerebral, Inc. for sharing sensitive consumer mental health data with third parties like LinkedIn, Snapchat, and TikTok for advertising without proper consent, employing sloppy security practices, and misleading consumers about cancellation policies. Cerebral must pay over $7 million (with $2 million due upfront), is permanently banned from using health information for most advertising, must implement a comprehensive privacy program, delete unnecessary data, and provide easy cancellation.
$7.0M
The FTC finalized an order against data broker X-Mode and its successor Outlogic for selling precise location data that could track visits to sensitive locations like medical clinics and places of worship. The order bans them from sharing or selling sensitive location data and requires them to delete collected data, implement privacy programs, and ensure downstream compliance.
Monument, Inc., an alcohol addiction treatment firm, shared consumers' health data with third-party advertising platforms like Meta and Google without consent, despite promising confidentiality. The FTC settled with a consent order that bans Monument from disclosing health data for advertising, requires affirmative consent for other sharing, imposes a $2.5 million suspended fine, and mandates data deletion, consumer notification, and a privacy program.
$2.5M
The FTC settled with Avast for deceiving customers by claiming its antivirus software blocked tracking while secretly collecting and selling browsing data. Avast must pay $16.5 million in refunds and is banned from such practices. The FTC is now processing claims for affected consumers.
$16.5M
The FTC has proposed amendments to the COPPA Rule to enhance children's privacy protections. Key changes include requiring separate parental consent for targeted advertising, prohibiting conditioning access on data collection, limiting push notifications, strengthening data security and retention requirements, and restricting commercial use in educational technology. The proposal shifts responsibility from parents to companies to safeguard children's data.
The FTC finalized an order against 1Health.io for failing to secure genetic data and unfairly changing its privacy policy. The company must pay $75,000 for consumer refunds, destroy DNA samples, and implement security measures. It deceived consumers about data deletion and shared data without proper consent.
$75K
The FTC and HHS sent warning letters to approximately 130 hospital systems and telehealth providers about the privacy and security risks of using online tracking technologies, such as Meta/Facebook pixel and Google Analytics, which may impermissibly disclose sensitive health information to third parties. The agencies emphasized that such disclosures could violate HIPAA for covered entities and the FTC Act for others, citing recent enforcement actions against companies like BetterHelp and GoodRx.
BetterHelp agreed to pay $7.8 million to settle FTC allegations that it used and shared consumers' health data for advertising without consent. The online therapy provider is banned from such practices and must provide refunds to approximately 800,000 affected consumers.
$7.8M
The FTC charged Easy Healthcare Corporation, operator of the Premom fertility app, with deceiving users by sharing their sensitive health data with third parties for advertising without consent and failing to notify breaches as required by the Health Breach Notification Rule. Under a proposed consent decree, the company will pay a $100,000 civil penalty, be barred from sharing health data for advertising, and must implement privacy and security measures.
$100K
The FTC proposed modifications to its 2020 privacy order with Meta, alleging violations including non-compliance with the order, misleading parents about Messenger Kids, and unauthorized data sharing. The proposed changes include banning monetization of youth data, pausing new product launches, and strengthening privacy requirements.
The FTC settled with Ring for failing to secure consumer videos, allowing unauthorized access by employees and hackers. Ring agreed to provide $5.6 million in refunds to affected customers and implement security measures.
$5.6M
The FTC proposed a consent order against BetterHelp for sharing consumers' sensitive mental health data with third parties like Facebook for targeted advertising without proper consent. BetterHelp must pay $7.8 million in refunds and is banned from such data sharing, with requirements for consent and privacy programs.
$7.8M
The FTC obtained an injunction against Turbo Solutions Inc. and Alex V. Miller for operating a deceptive credit repair scheme that filed fake identity theft reports without consumers' consent. The scheme charged illegal advance fees and made false promises about removing negative credit items. The court order halts the operation and seeks consumer redress.
The FTC finalized an order banning Support King, LLC and its CEO from the surveillance business for selling stalkerware apps that secretly collected and shared users' personal data without consent. The order requires them to delete all illegally collected data and notify affected device owners.
The FTC released a staff report based on Section 6(b) orders to six major ISPs, finding they collect extensive personal data, including internet traffic and location data, and share it with third parties. The ISPs often obscure data use disclosures in fine print and make it difficult for consumers to opt out, while combining data to profile sensitive characteristics. The report highlights the need for stricter privacy restrictions.
The FTC banned Support King, LLC (SpyFone) and its CEO from the surveillance business for secretly harvesting and sharing users' data without consent, and ordered the deletion of all illegally collected data and notification to affected device owners. The company failed to secure the data, leading to a hack that exposed 2,200 consumers.
The FTC settled with Kuuhuub Inc., operator of the Recolor coloring book app, for violating COPPA by collecting personal information from children under 13 without parental consent. The app's social media features allowed children to register and share data, and third-party ad networks collected persistent identifiers for targeted ads. The settlement requires deletion of children's data, refunds to underage subscribers, a $3 million penalty (suspended upon $100,000 payment), and user notifications about the violations.
$3.0M
The FTC settled with Vivint Smart Homes, Inc. for $20 million over allegations that the company misused consumer credit reports to secure financing for unqualified customers, harming consumers' credit. The FTC is now distributing approximately $500,000 in refunds to affected consumers.
$20.0M
The FTC settled with Vivint Smart Home, Inc. for misusing consumer credit reports to qualify customers for financing without permission, harming innocent third parties' credit. Vivint agreed to pay $20 million, with over $4.7 million for consumer compensation, and established a Customer Service Task Force.
$20.0M
All data sourced from official government enforcement pages.