May 4, 2015 – The Federal Trade Commission (FTC) has issued a reminder to industry members collecting, using or sharing consumer health data which states that the FTC has the authority “to take action against a wide variety of deceptive or unfair practices by app developers, device manufacturers and others,” and describes three recent FTC law enforcement actions.
In this piece, published April 27 on the FTC Website, the FTC applauds the fact that consumers “are taking a more active role in managing their health information” because new products and services allow them increased engagement, but the agency also comments that there are privacy and security considerations that must be addressed. For example, companies should be aware of whether they are subject to providing safeguards under the Health Insurance Portability and Accountability Act (HIPAA).
Three recent settlements are described in the FTC document, authored by Cora Han:
- PaymentsMD. The FTC settled allegations that a medical billing company collected consumers’ personal medical information without their consent.
- GMR Transcription Services. That settlement involved allegations that a medical transcription company outsourced services to a third party without adequately checking to make sure it could implement reasonable security measures.
- Accretive Health. According to that settlement, a company providing medical billing and revenue management services to hospitals put consumers’ personal information at risk by (among other things) transporting laptops with sensitive data in a way that made them vulnerable to theft. The FTC also said the company gave access to personal information to employees who didn’t need it do their jobs.
The FTC adds that the Food and Drug Administration (FDA) plays a role in regulating apps “that are medical devices and could pose a risk to patients’ safety if they don’t function as intended.” Finally, the FTC states that “sound privacy and security practices are a key component in building consumer confidence in this new marketplace.”
May 29, 2014 – The Federal Trade Commission (FTC) released a report May 27 in which it asks Congress to consider legislation that would require data brokers to provide consumers with access to their data and give them the ability to opt out of having that information shared. These legislative recommendations “would begin to build meaningful levels of transparency, access and control into the data broker industry,” FTC Commissioner Julie Brill said in a statement.
“Consumer privacy certainly is a hot-button issue in this digital age,” said Coalition for Healthcare Communication Executive Director John Kamp. “This report is a shot fired across the bow by FTC, so the pharmaceuticals industry and marketers need to pay more attention to these data-related issues.”
The FTC report, “Data Brokers: A Call for Transparency and Accountability” (FTCdatabrokerreport) is the result of a study of nine data brokers. Although consumers benefit from data broker practices that can help them find the products and services they prefer, these practices – which include consumer profiling – also raise privacy concerns. “It’s time to bring transparency and accountability to bear on this industry on behalf of consumers, many of whom are unaware that data brokers even exist,” according to FTC Chairwoman Edith Ramirez.
The FTC expresses specific concerns about protecting sensitive information, such as health information, from adverse decision making. For example, the FTC is concerned that if a consumer has expressed interest in a certain disease state, such as diabetes, the consumer may not be considered for a job.
“Although this is not an unreasonable concern,” Kamp said, “there is no evidence that this adverse decision making is actually happening. It would be unfortunate to create a law that solves a problem that doesn’t exist.”
In its report, the FTC makes the following recommendations to Congress.
For data brokers that provide marketing products, Congress should consider these goals:
- Centralized Portal. Require the creation of a centralized mechanism, such as an Internet portal, where data brokers can identify themselves, describe their information collection and use practices, and provide links to access tools and opt-outs;
- Access. Require data brokers to give consumers access to their data, including any sensitive data, at a reasonable level of detail;
- Opt-Outs. Require opt-out tools, that is, a way for consumers to suppress the use of their data;
- Inferences. Require data brokers to tell consumers that they derive certain inferences from raw data;
- Data Sources. Require data brokers to disclose the names and/or categories of their data sources, to enable consumers to correct wrong information with an original source;
- Notice and Choice. Require consumer-facing entities – such as retailers – to provide prominent notice to consumers when they share information with data brokers, along with the ability to opt-out of such sharing; and
- Sensitive Data. Further protect sensitive information, including health information, by requiring retailers and other consumer-facing entities to obtain affirmative express consent from consumers before such information is collected and shared with data brokers.
For brokers that provide “risk mitigation” products, legislation should:
- When a company uses a data broker’s risk mitigation product to limit a consumer’s ability to complete a transaction, require the consumer-facing company to tell consumers which data broker’s information the company relied on; and
- Require the data broker to allow consumer access to the information used and the ability to correct it, as appropriate.
For brokers that provide “people search” products, legislation should:
- Require data brokers to allow consumers to access their own information, opt-out of having the information included in a people search product, disclose the original sources of the information so consumers can correct it, and disclose any limitations of an opt-out feature.
May 9, 2014 – Mobile health and fitness applications are on the Federal Trade Commission’s privacy-protection radar following a study of 12 mobile apps that widely shared data with other entities, according to FTC officials who spoke May 7 at the FTC’s Spring Privacy Series session, “Consumer Generated and Controlled Health Data.”
The FTC Mobile Technology Unit’s Jah-Juin Ho stated that the 12 apps the FTC tested transmitted information to 76 different third-parties. This information included:
- Device information
- Consumer-specific identifiers
- Unique device IDs capable of allowing third parties to track users’ devices across apps
- Unique third-party IDs capable of allowing third parties to track users’ devices across apps
- Consumer information, such as exercise routine, dietary habits and system searches
“There are significant privacy implications where health routines, dietary habits, and symptom searches are capable of being aggregated using identifiers unique to that consumer,” the FTC’s presentation states. (To view the FTC slides, go to: http://www.ftc.gov/system/files/documents/public_events/195411/consumer-health-data-webcast-slides.pdf)
“Although the FTC has not been hyper active in the medical marketing space, this report tells the industry that it takes medical privacy protections very seriously,” Kamp continued. “Be warned. Most often in such circumstances, heavy and high-profile enforcement follows.”
FTC Chief Technologist Latanya Sweeney stated that the FTC is committed to ensuring that consumers not be penalized based on their health data. A Senate bill, “The Data Broker Accountability and Transparency Act of 2014,” which attempts to address the gaps in healthcare data privacy, was introduced in February. The Direct Marketing Association has criticized that bill.
Aug. 27, 2013 – In a recent letter to the Federal Trade Commission’s (FTC’s) Julie Brill, Direct Marketing Association CEO and president Linda A. Woolley stated that Brill’s op-ed piece published in the Washington Post “inaccurately targets reputable practices that benefit consumers and unfairly demagogues the hundreds of thousands of people employed in the field of responsible data-driven marketing.”
FTC Commissioner Brill’s Aug. 15 op-ed compared commercial data brokers to the National Security Agency, which came under fire for its loose interpretation of citizens’ rights to privacy and states that “citizens don’t know what of our personal information is on file or how it is being used,” which “frames the fundamental challenge to consumer privacy in the online marketplace: our loss of control over our most private and sensitive information.”
To remedy this perceived problem, Brill says that “changing the law would help” and that her “Reclaim Your Name” initiative, announced in June at the Computer Freedom and Privacy Conference, can be “adopted by the industry without a government directive.” Brill’s initiative, which has not been formally adopted by the FTC, includes four components, according to the op-ed piece:
- Empower people to find out how brokers are collecting and using their data;
- Give people access to information that data brokers have amassed about them;
- Allow people to opt out if they learn that a data broker is selling their information for marketing purposes; and
- Provide consumers the opportunity to correct errors in information used for decisions about substantive benefits.
DMA’s Woolley counters in her Aug. 19 letter to Brill that businesses and not-for-profit organizations using consumer data for a variety of beneficial purposes already are governed by “a robust set of sector-specific federal and state laws and regulations,” and that “the law, for good reason, has always treated surveillance issues as distinct from commercial uses of data.”
She also notes that Brill’s assertion that consumers need to “’reclaim their names’ focuses on speculative harms and ignores the consumer protection derived from customization and personalization of Internet experiences through the commercialization of data,” such as preventing fraud and identity theft. Specifically, the DMA counters that a “reclaim your name” initiative “would lead to more fraud and limit the efficacy of companies and data discussed in the op-ed.”
Woolley concludes the letter by stating that “the call for legislation to restrict benign and long-standing business activities is unfounded” and that the DMA, which believes that responsible use of consumer data is essential, hopes that future exchanges between industry and the FTC “will be conducted in a manner that is constructive and positive.”
To view the DMA letter, go to: http://blog.thedma.org/2013/08/19/dma-responds-to-op-ed-attacking-commercial-data-use/. To view Brill’s op-ed piece, go to: http://www.washingtonpost.com/opinions/demanding-transparency-from-data-brokers/2013/08/15/00609680-0382-11e3-9259-e2aafe5a5f84_story.html
June 17, 2013 – In a 5-3 decision announced today, the U.S. Supreme Court ended the legal presumption that “pay for delay” agreements among branded and generic drug companies are legal. The decision will allow the Federal Trade Commission to challenge and block these agreements when it finds them to reduce competition from other generic drug companies.
“While not unexpected, this decision effectively will shorten the patent protection period for many drugs, shortening the time a company can recoup its development costs,” said Coalition Executive Director John Kamp. “While at least one major pharma Wall Street analyst has opined that many major patents will be unaffected, the ruling will kill most ‘pay for delay’ agreements.”
The FTC v. Actavis opinion, written by Justice Stephen Breyer, states that the Eleventh Circuit “erred in affirming the dismissal of the FTC’s complaint.
Although the court did not rule on whether “pay for delay” agreements were unlawful on their face, it did find that in this case, the payment from Solvay Pharmaceuticals – maker and patent holder for the testosterone gel, AndroGel – to Actavis represented an unlawful restraint of trade.
For previous coverage of this case, go to: http://www.cohealthcom.org/?p=1525
April 1, 2013 – By John Kamp, Executive Director, Coalition for Healthcare Communication
While not directly about communication and marketing, last week’s oral argument in the U.S. Supreme Court in FTC v. Actavis regarding ANDROGEL could create a significant bottom line hit to our businesses. A decision against pharma would further shorten the patent protection period on many branded drugs.
Here is a quick summary of the important legal and practical issues and what to watch for as the decision moves to Congress.
1. If the Supreme Court agrees with the Federal Trade Commission that “pay for delay” settlements are presumably illegal, they will nearly halt.
2. The Supreme Court is not deciding here what the Constitution means – where they have final authority – but only is deciding what the current commercial statutes require. Even if the Supreme Court agrees with pharma that such settlements are presumed valid under the existing antitrust and competition laws, Congress could invalidate that presumption by changing the law. Three such proposals have already been introduced.
3. The legal struggle is over three legal principles. Laws favor all three – patent protection, settlements over litigation, and vigorous competition. There are no easy choices here for the Supreme Court.
4. The biopharma industry seems to have the legal advantage. The FTC has struggled for more than a decade just to get this case to the Supreme Court and has lost more challenges on the way than it has won. The law supports settlements over litigation, even in antitrust cases. Further, one Justice recused himself, requiring the FTC to get five votes out of eight to prevail.
5. Also, Justice Kennedy, often seen as the swing vote, suggested during oral arguments that if Congress made a drafting mistake enabling these settlements in the Hatch-Waxman statute upon which the decision rests, it is up to Congress, not the courts, to change the law.
6. However, the FTC argued vigorously that the “pay for delay” drug patent settlements create extraordinary profits for the private companies. Further, it argued, these harm consumers much more than in any other antitrust settlement situation. The FTC asserted that the settlements create a legal anomaly whereby the generic challenger can make more money by settling than by winning and marketing the generic product. That’s because the settlement protects the monopoly pricing rather than speeding competition and lower prices to consumers.
7. Pharma faced tough questioning from skeptical judges, but so did the government. There is a good chance that the Supreme Court will support settlements in its decision, but either way, Congress can change the Hatch-Waxman statute to disfavor them.
8. Meanwhile, the populist policy and politics favors drug cost savings, especially in the face of escalating healthcare costs and the need to control the growing deficit. Although the law seems to favor pharma, especially with the more conservative justices, the politics of less expensive drugs may be tougher, especially as the case moves to Congress.
9. Don’t count the industry out yet. Biopharma and device companies have an unusual ally in this fight: generic drug companies and their associations. Also, the Pharmaceutical Research and Manufacturers of America (PhRMA) and its allies have had some recent success reminding Congress that innovative drugs require patent protection and the profits that brings to rebuild drug pipelines and enable the advance of modern medicine. Laws flying in the face of that common sense argument are not slam-dunks.
March 19, 2013 – Although the FDA has not yet issued its long-awaited social media guidance for the biopharma industry, whatever guidelines it drafts on this topic are likely to be informed by the staff guidance document issued last week by the Federal Trade Commission (FTC). The FTC’s new guidance, “.com Disclosures,” revises an FTC document issued in 2000 and, essentially, advises advertisers that online ad claims must be “clear and conspicuous” and that it is the message, not the medium that defines compliant ads. According to the guidance, “cyberspace is not without boundaries, and deception is unlawful no matter what the medium.”
“The FTC has led the way on these issues and continues to do so. Clearly, the FDA will recognize the leadership here and likely move forward similarly. I’m optimistic that we will see similar guidance soon from FDA’s Office of Prescription Drug Promotion,” noted John Kamp, Executive Director, Coalition for Healthcare Communication.
The updated FTC guidance emphasizes that consumer protection laws apply equally to marketers across all media, “whether delivered on a desktop computer, a mobile device, or more traditional media such as television, radio, or print,” according to an FTC press release. The FTC stated that if disclosures are needed to prevent an online ad claim from being deceptive or unfair, they must ensure that these disclosures are clear and conspicuous “on all devices and platforms that consumers may use to view the ad.”
As an article in The Wall Street Journal noted, “That means making room for full disclosure even in a 140-character tweet on Twitter. The agency suggested that marketers could flag Twitter ads by including ‘Ad:’ (three characters) at the beginning of the post or the word ‘sponsored’ (nine characters).” The FTC also clarified in the new guidance that disclosures should be “as close as possible” to the relevant claim,” which is a revision from the 2000 guidance, which called for disclosures to be “near, and when possible, on the same screen.”
Indeed, when practical, the FTC would like advertisers to incorporate relevant limitations and qualifying information into the underlying claim, rather than have a separate disclosure qualifying the claim. Where that is not possible, the agency continued to caution advertisers that they should avoid using hyperlinks
for disclosures and that “required disclosures about serious health and safety issues are unlikely to be effective when accessible only through a hyperlink.”
The FTC’s hyperlink restrictions could very likely be adopted by the FDA. Industry attorney Arnie Friede, a former FDA associate chief counsel, told Pharmalot.com that “the FDA can certainly hang its hat on this language to say that even the FTC rejects disclosures via hyperlink of important health and safety information, e.g., ‘fair balance’ information.”
The FTC also asks marketers to avoid “conveying such disclosures through pop-ups, because they are often blocked” and states that if a disclosure is necessary to prevent an advertisement from being deceptive, unfair or otherwise violative of a Commission rule, and it is not possible to make the disclosure clearly and conspicuously, “then that ad should not be disseminated. This means that if a particular platform does not provide an opportunity to make clear and conspicuous disclosures, then that platform should not be used to disseminate advertisements that require disclosures.”
In the final analysis, the FTC concludes, “the ultimate test is whether the information intended to be disclosed is actually conveyed to consumers.”
Yadron, Danny and Ovide, Shira; “FTC Says Tweet Ads Need Some Fine Print,” The Wall Street Journal
(March 12, 2013)
Silverman, Ed; “Will FDA Emulate FTC Online Ad Guidance?” Pharmalot.com (March 13, 2013).
March 28, 2012 – Industry members needing another reason to join the fray of companies participating in the Digital Advertising Alliance’s (DAA’s) voluntary consumer privacy protection program got a big one this week: The Federal Trade Commission’s (FTC’s) final report on protecting consumer privacy. In the report, the FTC recommends that companies begin adopting its best practices to protect consumers online; the Commission also asks Congress to consider enacting legislation covering general privacy, data security and breach notification, and data brokers.
“If companies adopt our final recommendations for best practices – and many of them already have – they will be able to innovate and deliver creative new services that consumers can enjoy without sacrificing their privacy,” said FTC Chairman Jon Leibowitz. Indeed, the FTC, the U.S. Department of Commerce and the White House praised the DAA and its members Feb. 23 for their efforts – including DAA’s Self-regulatory Program for Online Behavioral Advertising and its “Your Ad Choices” public education advertising campaign – to protect consumers’ privacy online.
The final FTC privacy report, issued March 26, expands on a report issued by the agency in December 2010 by asking companies handling consumer data to implement specific recommendations for protecting privacy, as follows:
- Privacy by Design – Companies should build in consumers” privacy protections at every stage in developing their products. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy.
- Simplified Choice for Businesses and Consumers – Companies should give consumers the option to decide what information is shared about them, and with whom. This should include a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities.
- Greater Transparency – Companies should disclose details about their collection and use of consumers” information, and provide consumers access to the data collected about them.
Leibowitz indicated that although many companies are on board with these recommendations, it may be necessary for Congress to step in. “We are confident that consumers will have an easy to use and effective Do Not Track option by the end of the year because companies are moving forward expeditiously to make it happen and because lawmakers will want to enact legislation if they don’t,” Leibowitz said.
To that end, the FTC “urges individual companies and self-regulatory bodies to accelerate the adoption of the principles contained in the privacy framework, to the extent that they have not already
done so,” according to an FTC press release.
The FTC will be active in five key areas over the next year, the report states: (1) Do Not Track; (2) mobile services; (3) data brokers; (4) large platform providers; and (5) enforceable self-regulatory codes.
“To the extent that strong privacy codes are developed, the Commission will view adherence to such codes favorably in connection with its law enforcement work,” the report states. However, the FTC states that it “will also continue to enforce the FTC Act to take action against companies that engage in unfair or deceptive practices, including the failure to abide by self-regulatory programs they join.”
Feb. 23, 2012 – At a White House meeting held today to unveil the blueprint for the Obama Administration’s “Consumer Privacy Bill of Rights,” the Digital Advertising Alliance (DAA) and its members were praised by White House, Department of Commerce and Federal Trade Commission officials for their efforts during the past three years to protect consumers’ privacy online. These efforts include the DAA’s Self-regulatory Program for Online Behavioral Advertising and last month’s “Your Ad Choices” public education advertising campaign.
“While privacy remains one of the most challenging issues in the Internet age, the Coalition for Healthcare Communication, through its work with the American Association of Advertising Agencies, is proud to be part of the solution announced by the White House today to enable consumers to better exercise their privacy and marketing preferences,” said Coalition Executive Director John Kamp. “Much still remains to be done, including urging all Web publishers, agencies and clients to take full advantage of the DAA’s self-regulatory program in order to create a more robust and trustworthy Internet marketplace,” he added.
The DAA also announced today that it will immediately begin work to recognize browser-based choices with a set of tools by which consumers can express their preferences under the DAA principles.
“The Administration, Congress, and the FTC have been pushing the business community for several years to make sure consumers are aware of the information practices occuring online and providing choices to consumers regarding the collection and use of information about them,” said DAA General Counsel Stu Ingis. “The DAA is an embodiment of leading companies responding to this call.”
For more information on this groundbreaking news, see the press release from the 4A”s, released at noon today: http://www.aaaa.org/news/press/Pages/022312_daa_whitehouse.aspx
Jan. 27, 2012 – The Digital Advertising Alliance (DAA) last week launched its “Your AdChoices” public education campaign to inform consumers about interest-based advertising and how to take greater control of their online privacy. This campaign follows several years of work by industry association leaders to develop and implement cross-industry best practices and effective solutions for the collection and use of advertising data.
The self-regulatory program and ad campaign respond to the increasing consumer angst about privacy and multiple proposals by Congress, the Federal Trade Commission and the Department of Commerce to limit online tracking and targeting by marketers.
“The Internet is THE marketing tool of our age, but if we don’t respect consumer privacy preferences, consumers and the government will shut us down,” said John Kamp, executive director of the Coalition for Healthcare Communication.
“The self-regulatory program created by the DAA and this ad campaign put us on the right track. However, we must deliver on our promise both by helping consumers fully understand the advantages to them of digital tracking and by respecting their decisions to opt out when they wish,” Kamp commented.
The Coalition opposes mandatory “Do Not Track” provisions introduced in multiple pieces of legislation crafted by the Congress in 2011, but also strongly supports industry self-regulation that enables easy consumer opt-outs of unwanted tracking and marketing. [For more information about the DAA program, go to: http://www.aboutads.info/.]
Currently, more than 400 companies participate in the DAA’s Self-Regulatory Program for Online Behavioral Advertising – including many top-20 global advertisers.
“Because medical data is particularly sensitive, medical marketers must be among the first to adopt the self-regulatory program and show our customers that we can be trusted to deliver useful information while respecting their privacy,” Kamp asserted.
“With widespread industry adoption of the [program] principles, the DAA remains committed to informing consumers about interest-based advertising, online data collection and use, and the simple way they can exercise control over their Web viewing data,” said Peter Kosmala, DAA managing director. “This highly creative public education campaign is an important step in that ongoing process.”
However, the threat of Congressional or federal agency regulation remains real. The advertising industry is expecting a final report on online privacy from the FTC and the White House is putting together its own report on digital privacy during 2012. The DAA’s consumer education campaign may be criticized in these reports for not sufficiently stressing the opt-out function.
Based on extensive consumer research, the campaign videos were created pro bono by MRM of Salt Lake City, part of McCann World Group. The first part of the campaign stresses how online advertising can result in advertising more targeted to individual consumer interests, leading some to object. A Jan. 19 article in The New York Times was critical of the videos because they “fail to mention … that users can opt out of being the target of
personalized ads.” Writer Tanzina Vega states in the Times that “far from encouraging users to opt out, the ads emphasize how information that advertisers gather actually can improve the quality of the ads users see online.”
“The Times criticism is not completely fair,” according to Kamp, “but it is indicative of the skepticism out there. We must do this right and well, and the clock is ticking. What we don”t want is an EU-like privacy regulatory scheme which mandates informed consent for use of any cookies on a consumer brouser. That could kill much effective U.S. marketing.”