The U.S. Federal Trade Commission (FTC) has prohibited Cerebral, a mental telehealth company, from using or disclosing personal data for advertising purposes and has imposed a fine of over $7 million for breaching user privacy and failing to honor cancellation policies.
The FTC stated in a press release that Cerebral and its former CEO misled consumers about their privacy practices and cancellation policies while sharing sensitive personal health information with third parties for advertising.
Despite claiming to offer secure and discreet services, Cerebral allegedly shared user information with third parties without clear disclosure, burying such practices in complex privacy policies.
The company is accused of sharing sensitive information of millions of consumers with platforms like LinkedIn, Snapchat, and TikTok, including medical histories, addresses, phone numbers, and other personal health data.
The FTC complaint also highlighted inadequate security measures by the company, allowing former employees to access medical records and exposing patient information through insecure methods.
In response to the proposed order, Cerebral must refrain from sharing personal data with third parties for marketing, implement a robust privacy and security program, and inform users about the FTC order on its website.
Similarly, Monument, an alcohol addiction treatment firm, was also reprimanded for disclosing health information to third parties without consent, prompting the company to notify users and delete shared data.
FTC has taken enforcement actions against other healthcare providers for unauthorized data sharing, and cautioned Amazon against misusing patient data for marketing purposes.