Blog
FTC Says Hashed Email Addresses Are Not Anonymous
July 29, 2024
Want to receive these privacy recaps that matter to consent management, adtech and martech in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
USA
FTC Says Hashed Email Addresses Are Not Anonymous
The FTC posted on its Technology Blog a warning that data can only be considered anonymous “when it can never be associated back to a person” and that “the opacity of an identifier cannot be an excuse for improper use or disclosure.” Specifically, the blog post highlights hashed email addresses as an example of personal data that is not anonymous, because they can still be used to identify users. “While hashing might obscure how a user identifier appears,” the post explains, “it still creates a unique signature that can track a person or device over time,” which the FTC finds to be insufficient to constitute anonymous data.
TAKEAWAY
In its blog post, the FTC references several fines and settlements that have already been issued against companies sharing with third parties hashed email addresses or similar identifiers that fall short of “anonymous” data, including cases against Betterhelp (where Betterhelp sent hashes to Facebook, rather than email addresses), Premom (where persistent user tracking using a unique advertising ID was found to be contrary to Premom’s claims that it would only share “non-identifiable” data with third parties), and InMarket (where the FTC alleged InMarket was using unique mobile device identifiers to track users over time and across apps). For all three cases, the FTC blog points out the potential outcome of the identifiers–the capability to identify and track people over time–as an indicator of the non-anonymous nature of the information, regardless of any attempt to obfuscate the data.
Navigating the maze of sensitive data & U.S. states’ privacy laws can be a burden. Check out this guide that delves into the landscape of regulations that impact the processing of sensitive data.
EUROPE
CPC Network Takes Action Against Meta ‘Pay or Consent’ Model
The European Commission announced its coordination of action by the Consumer Protection Cooperation (CPC) Network based on allegations that Meta’s “Pay or Consent” model may violate EU consumer law, specifically that they may be contrary to the EU’s Unfair Commercial Practices Directive and the Unfair Contract Terms Directive. Meta will have until September 1, 2024 to respond to a letter sent to it by the CPC Network. If Meta does not take necessary steps to solve concerns raised in the letter, the CPC authorities can decide to take enforcement measures, including sanctions.
TAKEAWAY
The specific concerns identified by the CPC Network do not relate to the concept of a ‘pay or consent’ model generally, but rather identify specific concerns with the way the model is presented to users, including the use of certain wording, like “free” and “your info” (instead of “personal data”), requiring users to navigate through multiple screens and hyperlinks to find information on how their personal data will be used, and not giving users sufficient time and a real opportunity to assess how their choice might impact their relationship with Meta.
Explore the intricate landscape of consent or pay models and the learnings that could be applied for consent in the US, in this on-demand consent or pay webinar.
Want more of the privacy highlights that matter for consent management, adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
Paramount Hit With VPPA Class Action
November 5, 2024A class action complaint was filed in NY alleging...
Noyb Complaint Alleges Pinterest Personalized Advertising Violates GDPR
October 28, 2024Noyb Complaint Alleges Pinterest Personalized Advertising Violates GDPR
Three notable developments in privacy class actions
October 21, 2024Three notable developments in privacy class actions occurred in...
Latest White Papers
E-book: Enterprise Guide To Cookie management & Tracker List Curation
July 1, 2024How to review the tracking tech on your websites...
Benchmark Report: US Privacy Compliance
August 19, 2022The current state of publisher compliance with CCPA, and...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.