October 16, 2021

Volume XI, Number 289


October 15, 2021

Subscribe to Latest Legal News and Analysis

October 14, 2021

Subscribe to Latest Legal News and Analysis

October 13, 2021

Subscribe to Latest Legal News and Analysis

FTC Surveillance App Settlement Signals Concern Over Deceptive Tracking

The FTC recently settled with a surveillance app operator over allegations that the company facilitated the secret harvesting of personal information. According to the FTC, the main users of Support King, LLC’s “SpyFone” app were bad actors who used the tool to remotely monitor users’ physical and digital activities. The FTC dismissed the company’s argument that the users were employers and parents as a “pretext.” It felt neither group would want to use the product, which to install required minimizing the device’s security settings and potentially voiding the device warranty.

Service King failed to take reasonable steps, the FTC felt, to make sure the app was used for legitimate reasons and not by potential stalkers. The FTC also found the company’s practices deceptive. Namely, the company said it “took all reasonable precautions” to protect personal information. The FTC disagreed. Instead, it said, the company’s insufficient security practices resulted in a 2018 data breach. The company also -according to the FTC- deceptively indicated that it had “coordinated with law enforcement authorities” and “leading data security firms” on the incident, when in fact it had not done so.

As part of the settlement, Support King has agreed to cease marketing and selling its app, to delete personal information collected from its software, and to notify affected individuals. The company also agreed to create an information security program and obtain regular third-party assessments.

Putting it into Practice: This case, which arose after a data breach, is a reminder that when products facilitate tracking and monitoring users, the FTC will take a careful look at a company’s practices. This includes examining the typical users of such products.

Copyright © 2021, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 265

About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

Staff Attorney

Harrison Schafer is a staff attorney in the Intellectual Property practice group in the firm's Chicago office. He is a Privacy and Cybersecurity Fellow and a member of the Privacy and Cybersecurity Team. He is a certified information privacy professional (CIPP/E and CIPP/US) by the International Association of Privacy Professionals (IAPP).

Areas of Practice

As a fellow, Harrison’s practice focuses on publishing articles covering relevant legal developments in the privacy and cybersecurity space to...