FTC: Web-Tracking Company Went Too Far
Compete Inc. collected too much data, failed to honor promises, agency charged
Thursday, October 25, 2012
You've probably never heard of it but Compete is one of those companies that, like a virtual blood-hound, follows you around the Web, collecting crumbs of data -- including search terms, passwords and credit card information -- about what you see, buy and do.
The problem, says the Federal Trade Commission (FTC), is that Compete doesn't spell out how much data it's collecting and allegedly fails to honor promises to protect the personal data it scoops up.
Why would anyone go to the trouble of collecting so much data? Why, to sell it, of course, which is just what Compete and other data brokers do. They sell information about you and millions of other consumers to marketers who are hoping to, in turn, sell you something.
Under a settlement with the FTC, Compete has agreed to obtain consumers’ express consent before collecting any data from Compete software downloaded onto consumers’ computers, and to delete or anonymize the use of the consumer data it already has collected, and to provide direction to consumers for uninstalling its software.
According to the FTC, Compete got consumers to download its tracking software in several ways, including by urging them to join a “Consumer Input Panel” that was promoted using ads that pointed consumers to Compete’s Website, www.consumerinput.com. Compete told consumers that by joining the “Panel” they could win rewards while sharing their opinions about products and services, the FTC alleged. The company also allegedly promised that consumers who installed another type of its software -- the Compete Toolbar (from compete.com) -- could have “instant access” to data about the Websites they visited.
Compete also licensed its Web-tracking software to other companies, the FTC alleged. Upromise, which licensed Compete’s Web-tracking software, settled similar FTC charges earlier this year.
Once installed, the Compete tracking component operated in the background, automatically collecting information about consumers’ online activity. It captured information consumers entered into Websites, including consumers’ usernames, passwords, and search terms, and also some sensitive information such as credit card and financial account information, security codes and expiration dates, and Social Security Numbers, according to the FTC.
The FTC charged that several of Compete’s business practices were unfair or deceptive and violated the law. For example, the company failed to disclose to consumers that it would collect detailed information such as information they provided in making purchases, not just “the Web pages you visit.”
In addition, the FTC alleged that Compete made false and deceptive assurances to consumers that their personal information would be removed from the data it collected. The company made statements such as:
“All data is stripped of personally identifiable information before it is transmitted to our servers;” and
“We take reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of personal information.”
Despite these assurances, the FTC charged that Compete failed to remove personal data before transmitting it; failed to provide reasonable and appropriate data security; transmitted sensitive information from secure Websites in readable text; failed to design and implement reasonable safeguards to protect consumers’ data; and failed to use readily available measures to mitigate the risk to consumers’ data.