Monument, Inc. Settles with the FTC for a $2.5 Million Penalty
On April 11, 2024, Monument, Inc., a provider of online addiction treatment services, reached a settlement with the Federal Trade Commission (“FTC”) over alleged violations of health data privacy laws. The case highlights the increasing scrutiny of businesses handling sensitive consumer information, particularly in the healthcare sector. Monument, which offers services such as online therapy, support groups, and physician access, was accused of disclosing users’ private health information to third-party advertisers without their consent. This practice, the FTC claimed, violated health data privacy protections under Section 5(a) of the FTC Act, which prohibits unfair or deceptive business practices.
The FTC’s complaint outlined how Monument misled its clients by advertising that their health data would remain confidential and HIPAA-compliant, only to later share sensitive information with companies like Meta and Google. Monument utilized pixel tracking technology on its website to collect data about users’ health activities and shared this information, including personal identifiers such as IP addresses and email addresses, with these third parties for advertising purposes. According to the FTC, up to 84,468 consumers were affected by these unauthorized disclosures.
As part of the settlement, Monument agreed to several corrective actions. The company is required to notify affected consumers about the unauthorized sharing of their health data, implement a robust privacy program, and obtain explicit consent from users before sharing any sensitive information. Monument will also cease using consumer health data for advertising purposes. While the company was fined $2.5 million, the penalty was suspended due to its inability to pay.
The FTC said this case serves as a powerful reminder to businesses about the importance of safeguarding consumer privacy and upholding their commitments to protect sensitive data. The FTC’s actions are part of a broader initiative to ensure that companies handling personal data are transparent about their practices and obtain proper consent before sharing any information with third parties. In the wake of increasing regulatory attention, businesses must stay vigilant about complying with privacy laws and should seek legal guidance to avoid similar pitfalls.
For companies operating in sectors that involve sensitive consumer data, the Monument case underscores the need for careful data privacy practices. Ensuring transparency with customers, obtaining clear consent, and adhering to privacy regulations is not only essential for legal compliance but also critical for maintaining trust and safeguarding against costly penalties. As the FTC continues to strengthen its oversight of health data privacy, businesses must take proactive steps to protect the privacy of their customers and avoid the serious repercussions of noncompliance.
If you would like to read more about this case and others, visit our Case Studies Library.
(Image Credit: iStock Photo)
This article is for information purposes only. It is not intended to be and should not be relied on as legal advice for any particular matter.