technology that enables others to do so without taking reasonable measures to prevent harm to
consumers can be an unfair practice in violation of Section 5 of the FTC Act.
39
For example, the
FTC has previously charged that businesses have engaged in unfair practices by failing to protect
consumers’ personal information using reasonable data security practices; by engaging in
invasive surveillance, tracking, or collection of sensitive personal information that was concealed
from consumers or contrary to their expectations;
40
by, in certain circumstances, implementing
privacy-invasive default settings;
41
by disseminating an inaccurate technology that, if relied on
by consumers, could endanger them or others;
42
and by offering for sale technologies with the
potential to cause or facilitate harmful and illegal conduct like covert tracking, and failing to take
reasonable measures to prevent such conduct.
43
Additionally, the FTC has charged that certain
discriminatory practices can be unfair.
44
Though many biometric information technologies are
new, businesses must continue to abide by longstanding legal requirements and obligations.
In order to avoid liability under the FTC Act, businesses should implement reasonable
privacy and data security measures to ensure that any biometric information that they collect or
maintain is protected from unauthorized access—whether that access stems from an external
39
See generally, Privacy and Security, FTC (last visited Mar. 29, 2023 11:28 AM), https://www.ftc.gov/business-
guidance/privacy-security (collecting the FTC’s published business guidance related to data privacy and security).
40
See, e.g., Complaint, In re Lenovo, Inc., FTC File No. 1523134 3134 (Dec. 20, 2017) (alleging that preinstallation
of ad-injecting software that, without adequate notice or informed consent, acted as a man-in-the-middle between
consumers and all websites with which they communicated was unfair; and that failure to take reasonable measures
to assess and address security risks created by the preinstalled software was unfair); Complaint, FTC v. Vizio, Inc.
Case No. 2:17-cv-00758 (D.N.J. Feb. 6, 2017) (alleging that collection of sensitive television viewing activity
without consent and contrary to consumer expectations, and sharing of such information with third parties, was an
unfair practice); Complaint, In re Showplace, Inc., FTC File No. 1123151, (Apr. 11, 2013) (alleging that rent-to-own
store’s use of monitoring and tracking software installed on rented computers was an unfair practice).
41
See Complaint, United States v. Epic Games, Inc., Case No. 5:22-CV-00518 (E.D.N.C. Dec. 19, 2022) (alleging
that developing and operating a ubiquitous, freely-available, and internet-enabled video game directed at children
and teens that publicly broadcasted players’ display names while putting children and teens in direct, real-time
contact with others through on-by-default lines of voice and text communication (even after instituting an age gate
on the service) was unfair); see also, Complaint, FTC v. Frostwire LLC, Case No. 111-cv-23643 (S.D. Fla. Oct. 11,
2011) (alleging that distributing an application with default settings that caused or were likely to cause consumers to
unwittingly publicly share files already present on, or subsequently saved on, the consumers’ mobile devices,
including, among others, consumers’ pictures, videos, and documents, was an unfair practice).
42
See Complaint, FTC v. Breathometer, Inc., No. 3:17-cv-314 (N.D. Cal. Jan. 23, 2017) (alleging that failing to
notify consumers or take corrective action upon learning that device measuring blood alcohol levels was inaccurate
was an unfair practice).
43
See, e.g., Complaint, In re Support King, LLC, FTC File No. 1923003 (Dec. 20, 2021) (alleging that the provider
of software called “Spyfone,” which allowed users to surreptitiously monitor and track others’ devices, unfairly
failed to take reasonable steps to ensure that the purchasers use the monitoring products and services only for
legitimate and lawful purposes); Complaint, In re Retina-X Studios, LLC, FTC File No. 1723118 (Mar. 26, 2020)
(alleging a failure to take reasonable steps to ensure that monitoring products and services that required
circumventing certain security protections on mobile devices would be used only for legitimate and lawful purposes
by the purchaser); Complaint, In re DesignerWare, LLC, FTC File No. 1123151 (Apr. 11, 2013) (alleging that
furnishing rent-to-own stores with monitoring and tracking software to be installed on rented computers was an
unfair practice).
44
See Complaint, FTC v. Passport Automotive Group, Case. No. 8:22-cv-02670-GLS (D. Md. Oct. 18, 2022)
(alleging that imposing higher costs on Black and Latino consumers than on similarly situated non-Latino White
consumers was unfair); see also Elisa Jillson, Aiming for truth, fairness, and equity in your company’s use of AI,
FTC: B
US. BLOG (Apr. 19, 2021), https://www.ftc.gov/business-guidance/blog/2021/04/aiming-truth-fairness-
equity-your-companys-use-ai.
8