FTC’s EchoMetrix settlement: EULA-ppreciate this guidance on privacy disclosures
Parents are understandably concerned about keeping their kids safe online. That’s why many moms and dads paid $3.99 a month for Sentry Parental Controls, software sold by EchoMetrix, Inc. Once Sentry is installed on a computer, buyers can log into their online account to monitor activity on that computer, including web history, online chats, and password-protected IMs.
So far, so good. But that wasn’t the only product marketed by EchoMetrix.
Cut to June 2009 when EchoMetrix launched Pulse, a web-based market research software program that the company said would analyze consumer opinion from blogs, chats, IMs, and other social media. EchoMetrix advertised Pulse as a way for marketers to find out what consumers are saying “in their own words – the moment they say it.” Companies that bought Pulse could search the database and retrieve excerpts from actual IMs, chats, and forums.
That’s where the stories intersect – because until November 2009, EchoMetrix included in its Pulse database purportedly anonymized information about children gleaned from its other product, Sentry Parental Controls software.
In a recent lawsuit, the FTC charged that EchoMetrix’s failure to adequately inform parents using its Sentry software that information collected about their kids would be fed into its Pulse database and disclosed to third-party marketers was a deceptive trade practice.
According to the FTC, the only potential inkling Sentry buyers had that information might be disclosed to third parties was a vague statement in the Sentry end user licensing agreement (EULA): “[Sentry] uses information for the following general purposes: to customize the advertising and content you see, fulfill your requests for products and services, improve our services, contact you, conduct research, and provide anonymous reporting for internal and external clients.”
According to the settlement filed in federal court in New York, EchoMetrix can’t use or share the information it got through its Sentry program – or any similar program – for any purpose other than allowing registered users to access their accounts. The company also has to destroy the information it transferred from Sentry to its Pulse database.
Looking for more about the FTC and consumer privacy? Read Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policymakers, a preliminary staff report issued on December 1st.