Analytics company settles illegal data collection charges

By on
Analytics company settles illegal data collection charges

Submits to audits for 20 years.

The Federal Trade Commission has settled a case against web analytics firm Compete over allegations that the latter collected personal data from millions of users without disclosing the extent of information being harvested.

Such business practices were "unfair or deceptive and violated the law", the US consumer watchdog charged.

The FTC (pdf) had alleged that Compete illegally collected consumer data via a toolbar and a "consumer input panel" that enticed users to provided opinions on companies' products and services in return for rewards.

While Compete told consumers that the data collection was limited and anonymous, the FTC alleged that the company gathered extensive information about people's online activites, and transmitted everything in clear text to its servers.

Furthermore, Compete was also alleged to have captured personal information entered on SSL-secured web pages, such as credit card and social security numbers, user names, passwords and search terms, and did not adequately filter out data that identified users.

The data capture took place in the background with no way for consumers to discover how much was gathered, the FTC alleged.

Special software and technical expertise was required for finding out the extent of the data harvesting, the watchdog claimed.

Compete also licensed its software to third parties such as Upromise, which settled similar privacy violation charges with the FTC earlier this year.

Compete admits its privacy filters prior to February 2010 "may not have sufficiently prevented the transmission to Compete of certain personally identifiable and sensitive information communicated on secure web pages" but said the collection thereof was inadvertent and that the software has been improved since.

The inadvertently collected personal data has also been removed from Compete's databases, the company said.

From now on, Compete and clients licensing its software must fully disclose the data collected as part of the settlement with FTC.

The company must also seek consumers' express consent before collecting their data, cease misrepresenting its privacy and data security practises.

To ensure compliance with the FTC settlement, Compete has agreed implement a comprehensive information security programme and will undergo two-yearly independent audits for the next 20 years.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
compete ftc privacy regulation security tracking

Most Read Articles

Researchers say not to use myGovID until login flaw is fixed

Researchers say not to use myGovID until login flaw is fixed
Aussie Broadband boss says NBN Co could change price construct in months, if it wanted to

Aussie Broadband boss says NBN Co could change price construct in months, if it wanted to
'Zerologon' Windows domain admin bypass exploit released

'Zerologon' Windows domain admin bypass exploit released
Optus, Vocus score first deals in ATO telco carve-up

Optus, Vocus score first deals in ATO telco carve-up
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

A Migration Guide For Businesses Switching Mobile Device Management Solutions
A Migration Guide For Businesses Switching Mobile Device Management Solutions
Plan your post-COVID security strategy
Plan your post-COVID security strategy
The Executive's Guide To The Future Of Work
The Executive's Guide To The Future Of Work
Government Digital Transformation Requires Customer Obsession
Government Digital Transformation Requires Customer Obsession
Master the fundamentals of AWS cost efficiency
Master the fundamentals of AWS cost efficiency

Events

Log In

Username / Email:
Password:
  |  Forgot your password?