BetterHelp Must Pay $7.8 Million for Sharing Sensitive Data, FTC Says

Online counseling and mental health services company BetterHelp must stop sharing customer data with advertisers and pay $7.8 million to customers, the Federal Trade Commission said Thursday. The FTC said BetterHelp shared customers’ sensitive health data, including mental health issues, with advertisers including Facebook and Snapchat.

“BetterHelp promises consumers that it will not use or disclose their personal health data except for limited purposes, such as providing counseling services,” the FTC release said. “Despite these promises, BetterHelp uses and discloses consumers’ email addresses, IP addresses, and health query information to Facebook, Snapchat, Criteo, and Pinterest for advertising purposes.”

The FTC’s proposed consent order would require BetterHelp to pay $7.8 million to people who used the service between August 1, 2017, and December 31, 2020. The consent order would also prohibit the company from sharing information of health for advertising purposes and it needs to establish “a comprehensive privacy program,” tell third parties to delete data it has already shared and limit how long it can keep such data on hand .

BetterHelp did not respond to a request for comment. In a statement posted on its website, the company said it follows “industry standard” advertising practices. “However, we recognize the FTC’s desire to set new standards for consumer marketing, and we are pleased to resolve this matter with the agency,” the statement read.

BetterHelp said its settlement with the FTC is not an admission of wrongdoing. The company added that it “does not and has never shared” members’ names or clinical data from therapy sessions with third parties.

The proposed consent order will be open to public comment for 30 days before a final decision is reached.

Facebook, Snapchat and Pinterest did not immediately respond to requests for comment. In a statement sent to CNET, Criteo said it “maintains the highest levels of privacy and data security” and that it could not comment on the FTC’s complaint, as it was not named as a defendant.

Leave a Comment