Under the proposed order, 1Health.io must pay $75,000, which will be used for consumer refunds. The company will also be prohibited from sharing health data with third parties without obtaining explicit consent from consumers. Any company that acquires 1Health.io’s business must adhere to the order’s provisions. Additionally, the company must report any unauthorized disclosure of personal health data to the FTC and implement a comprehensive information security program. The proposed consent agreement has been published in the Federal Register and is open for public comment for 30 days.
The FTC’s action aligns with its recent biometric policy statement, which aims to protect consumers from the misuse of biometric information. The proposed settlement carries the force of law and violations may result in civil penalties of up to $50,120.