(Getty)
Lots of websites and apps like to claim your data is "anonymized" in an effort to protect your privacy. But according to the FTC, many of these claims are often misleading.
The FTC today warned the tech industry against using data-anonymization claims when it's not true, something that could be considered a deceptive trade practice.
"Companies that make false claims about anonymization can expect to hear from the FTC," says Kristin Cohen, the acting associate director for the commission’s privacy division.
The FTC issued the warning after President Biden signed an executive order that urges the commission to protect consumers’ privacy when seeking out reproductive health services. The president did so in response to the Supreme Court overturning Roe v. Wade, which has sparked concerns state prosecutors will resort to subpoenaing people’s personal data from tech companies to prosecute abortion seekers.
In a blog post, the FTC says it's committed to protecting consumers’ privacy, including their reproductive health information. “We will vigorously enforce the law if we uncover illegal conduct that exploits Americans’ location, health, or other sensitive data,” Cohen writes.
As part of that effort, the FTC takes aim at how companies market their products. According to Cohen, the tech industry will often use the data-anonymization claims to lull users into believing their personal data is safe. This so-called anonymization usually involves stripping out personal identifying details from the data, such as name, phone number, and address. Companies then sometimes hand the data off to marketing firms as a way to monetize the information.
The problem is that the same “anonymized” or “aggregated” processes can often still expose your personal activities, especially if the data is combined with information from other companies, whether they be major brands or data broker firms that specialize in harvesting user information for targeted advertising.
“These companies often build profiles about consumers and draw inferences about them based on the places they have visited,” Cohen says. “The amount of information they collect is staggering.”
The FTC is particularly worried about companies collecting precise location information from users and then passing it off to third parties while claiming the data is anonymized. “Significant research has shown that ‘anonymized’ data can often be re-identified, especially in the context of location data,” Cohen adds. “One set of researchers demonstrated that, in some instances, it was possible to uniquely identify 95% of a dataset of 1.5 million individuals using four location points with timestamps.”
To crack down on the data-anonymization claims, Cohen says the FTC is be prepared to sue offenders, which can result in a US court imposing civil penalties.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
