At a glance.
- WW International settles FTC case for collecting minors' data.
- Gig-workers and privacy.
- Samsung: no PII lost in data breach.
WW International swallows hefty penalty for collecting data of minors.
The US Federal Trade Commission (FTC) has approved a $1.5 million joint settlement order from the commission and the Department of Justice against weight loss and fitness services provider WW International (formerly Weight Watchers) and its subsidiary Kurbo, Inc. In an unprecedented move, the FTC is also requiring WW to destroy all the data associated with the violations as well as the products that used the data. IAPP explains that WW has been accused of violating the Children's Online Privacy Protection Act by marketing to and collecting data from users under the age of thirteen between 2014 and 2019 without parental consent.
Though the signup process requires each user to enter a birthdate proving they are an adult, the allegations claim that underage users were encouraged to lie about their age during the registration process, and were not booted out even after adjusting their accounts to reflect their real age. In the official press release, FTC Chair Lina M. Khan stated, “Weight Watchers and Kurbo marketed weight management services for use by children as young as eight, and then illegally harvested their personal and sensitive health information. Our order against these companies requires them to delete their ill-gotten data, destroy any algorithms derived from it, and pay a penalty for their lawbreaking.”
DoD’s use of gig-workers faces scrutiny.
The IAPP reports that the US Department of Defense’s (DoD) use of gig-work app Premise is attracting scrutiny for potentially endangering contributors. Government contractor Descartes Labs has been using Premise to enlist Ukrainian gig workers to gather data for a DoD-funded research project. Descartes asked users to take photos with their smartphones of rural areas around Odessa and Kyiv in order to determine the accuracy of the company’s satellite algorithms. In the midst of Russia’s invasion of Ukraine, last week, allegations that Moscow was using Premise to mark targets for military strikes had the Ukrainian Ministry of Defense accusing Premise contributors of being Russian agents. About two dozen Premise contributors globally have been arrested while completing tasks over the last three years, most of whom drew the suspicion of law enforcement while taking pictures on their phones.
These issues have experts questioning the ethics of using such apps to hire civilians to unwittingly participate in government projects. Premise CEO Maury Blackman told the Wall Street Journal, “Our contributors gather only publicly accessible data through photos of public places, as any tourist can do…Further, we disclose to our contributors in our terms of service that the data they collect can be sold to our customers.” The company is also working with the Chertoff Group, owned by former Homeland Security Secretary Michael Chertoff, to investigate ways of improving contributor safety.
Samsung says no personal data stolen in recent data breach.
As the CyberWire noted yesterday, the Lapsu$ cybercrime gang claims to have stolen sensitive data from electronics giant Samsung, 190 GB of which the hackers published online. Channel News reports that the company has verified that no personal data was compromised. A Samsung spokesperson stated, “We were recently made aware that there was a security breach relating to certain internal company data…According to our initial analysis, the breach involves some source codes relating to the operation of Galaxy devices but does not include the personal information of our consumers or employees.”