Aug 082019
 
 August 8, 2019  Posted by  Breaches, Business, Govt

An email management company will be required to delete personal information it collected from consumers as part of a settlement with the Federal Trade Commission over allegations that the company deceived some consumers about how it accesses and uses their personal emails.

In a complaint, the FTC alleges that Unrollme Inc., falsely told consumers that it would not “touch” their personal emails, when in fact it was sharing the users’ email receipts (e-receipts) with its parent company, Slice Technologies, Inc.

E-receipts are emails sent to consumers following a completed transaction and can include, among other things, the user’s name, billing and shipping addresses, and information about products or services purchased by the consumer. Slice uses anonymous purchase information from Unrollme users’ e-receipts in the market research analytics products it sells.

Unrollme helps users unsubscribe from unwanted subscription emails and consolidates wanted email subscriptions into one daily email called the Rollup. The service requires users to provide Unrollme with access to their email accounts.

“What companies say about privacy matters to consumers,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “It is unacceptable for companies to make false statements about whether they collect information from personal emails.”

According to the complaint, after learning during the signup process that Unrollme requires access to a consumer’s email account, some consumers declined to grant permission. The complaint alleges that the company tried to persuade these consumers to reconsider by making false and deceptive statements. For example, from November 2015 through October 2016, users who declined to grant the company access to their email received a message claiming that, to use Unrollme’s service, “you need to authorize us to access your emails. Don’t worry, this is just to watch for those pesky newsletters, we’ll never touch your personal stuff.” From October 2016 through at least September 2018, users saw a message that said, “Oops! Looks like you declined access” and added, “Unroll.Me requires access to your inbox so we can scan for subscriptions and allow you to begin clearing out your inbox.” The message did not tell users that access to their inboxes would also be used to collect e-receipts and to sell the purchase information they contain. The complaint alleges that thousands of consumers changed their minds and signed up for Unrollme in response to these assurances.

As part of the proposed settlement with the Commission, Unrollme is barred from misrepresenting the extent to which it collects, uses, stores, or shares information it collects from consumers. It must also notify those consumers who signed up for Unrollme after viewing one of the allegedly deceptive statements about how it collects and shares information from e-receipts. The proposed order also requires Unrollme to delete, from both its own systems and Slice’s systems, stored e-receipts previously collected from those consumers, unless it obtains their affirmative, express consent to maintain the e-receipts.

The Commission vote to issue the proposed administrative complaint and to accept the consent agreement was 5-0. Commissioner Noah Joshua Phillips issued a statement on the case.

The FTC will publish a description of the consent agreement package in the Federal Register soon. The agreement will be subject to public comment for 30 days after publication in the Federal Register after which the Commission will decide whether to make the proposed consent order final. Once processed, comments will be posted on Regulations.gov.

Source: Federal Trade Commission

Sorry, the comment form is closed at this time.