BetterHelp Faces $7.8M Fine Over Privacy Breach, Banned from Sharing Sensitive Health Data

BetterHelp Faces $7.8M Fine Over Privacy Breach, Banned from Sharing Sensitive Health Data

In an era where privacy concerns are at the forefront of consumer protection, the Federal Trade Commission (“FTC”) has taken a strong stance on holding companies accountable for mishandling sensitive data. One of the most notable recent cases involves BetterHelp, an online counseling service that has now been banned from sharing consumer health data, including highly sensitive mental health information, with third parties for advertising purposes.

BetterHelp, which offers a range of mental health services to individuals through various specialized platforms like Faithful Counseling, Teen Counseling, and Pride Counseling, gained millions of users by promising to protect their privacy. When users signed up, they were asked to complete a detailed questionnaire about their mental health, including whether they had experienced issues like depression or suicidal thoughts, or whether they were on medication. In addition to this highly personal information, users also provided their names, email addresses, and birthdates. BetterHelp assured consumers that their data would be kept private, shared only with their counselors to provide appropriate therapy. However, as the FTC uncovered, the company violated these promises by disclosing sensitive consumer data to advertising platforms such as Facebook, Snapchat, Criteo, and Pinterest.

The FTC’s investigation revealed that BetterHelp used consumers’ email addresses, IP addresses, and responses to mental health questions to target users with personalized ads. The company shared this data with major platforms for re-targeting purposes, essentially using personal health information to fuel its advertising strategies. For example, BetterHelp uploaded email addresses to Facebook, targeting users who had previously visited the site or used the app, to advertise its services to new potential customers. This allowed BetterHelp to boost its revenue by bringing in thousands of new paying customers, using the most vulnerable data to make a profit.

This case serves as a cautionary tale for all companies that handle sensitive data, particularly in the mental health and healthcare sectors. The FTC’s decision to impose a $7.8 million fine is a reflection of the severity of the privacy breach. It is the first such case where the FTC has returned funds to consumers whose health data was compromised, signaling that companies cannot simply make vague promises about privacy and expect to get away with it. Instead, the ruling stresses that companies must have clear, transparent privacy practices, obtain explicit consent from users before disclosing personal health information, and ensure that any third parties with access to this information are held accountable.

The proposed order also places strict limits on how BetterHelp can share data in the future. The company is now prohibited from using consumer data for advertising or re-targeting and must put in place robust safeguards to protect personal information. Additionally, BetterHelp must direct third-party platforms to delete any data that was shared inappropriately and limit the retention of sensitive data to only what is necessary.

This settlement is an important reminder that privacy is not just a legal obligation, it’s a matter of trust. When users reach out for counseling services, they expect their personal struggles to remain confidential, and the consequences of violating that trust can be devastating. BetterHelp’s case underscores the importance of maintaining transparency and respecting the privacy of users, especially when handling sensitive information such as mental health data.

For consumers, the outcome of this case also brings some hope. The $7.8 million settlement will be used to provide partial refunds to those who signed up for BetterHelp’s services between 2017 and 2020. This action will directly compensate the over 7 million individuals whose data was mishandled, further reinforcing the FTC’s commitment to protecting consumer rights.

This case is a wake-up call to companies across industries. Privacy promises must be more than just words on a page, they must be reflected in the actual practices of a business. For organizations dealing with health-related data, particularly those in the mental health sector, it’s essential to implement clear data protection policies, obtain proper consent, and ensure that sensitive information is not exploited for commercial gain. If BetterHelp’s experience teaches us anything, it’s that failing to safeguard consumer data not only erodes trust but can also result in significant legal and financial consequences.

If you would like to read more about this case and others, visit our Case Studies Library.

(Image Credit: iStock Photo)

This article is for information purposes only. It is not intended to be and should not be relied on as legal advice for any particular matter.