Compete settles with the FTC over consumer data capture, must delete or anonymize existing data

Compete settles with the FTC over consumer data capture, must delete or anonymize existing data

The Federal Trade Commission (FTC) on Monday announced it has approved a final order settling charges that Compete, a popular web analytics firm, violated the FTC Act by using its Web-tracking software to collect personal information without disclosing the extent of the data it was amassing.

The FTC complaint alleged that the company wrongly used its products and third party web tools and also took steps that placed consumers at risk, as well as misrepresented that it would protect the personal data it collected.

Compete first agreed to settle with the FTC in October 2012. At the time, the firm agreed to “obtain consumers’ express consent before collecting any data from Compete software downloaded onto consumers’ computers.”

The final settlement order, meanwhile, requires Compete to do this, as well as delete or anonymize the use of the consumer data it already has collected. Furthermore, the company must provide directions to consumers for uninstalling its software.

As is typical with such settlements, Compete must also be particularly careful for the next few years, and will be monitored to see how it performs. The settlement bars misrepresentations about the company’s privacy and data security practices and requires that it implement a “comprehensive information security program” with independent third-party audits every two years for 20 years.

For the record, Compete was accused of sending people to a “Consumer Input Panel” and enticing them with promised “rewards.” Once the visitor – often brought to the website via paid advertising – downloaded Compete’s software, the tracking component operated in the background, automatically collecting information about consumers’ online activity.

We’re not just talking about basic tracking data. The software allegedly captured information consumers entered into websites, including their usernames, passwords, and search terms, as well as some sensitive information such as credit card and financial account information, security codes, expiration dates, and Social Security Numbers, according to the FTC.

If that’s not enough for you, Compete allegedly “transmitted sensitive information from secure websites in readable text.” Furthermore, the company licensed its technology, so others used the software to do the same.

All of this was being done while Compete made promises regarding data anonymity. It’s really no wonder the FTC got involved.

Image credit: Denise Yap

Read next: Hands-on with the PadFone Infinity, ASUS' new smartphone and tablet hybrid