Skip to content
All Blogs

The FTC is coming for you — here's how to stay off their radar

Author: Laura Ballam

FTC-compliance

If privacy regulations weren’t complex enough, the Federal Trade Commission (FTC) is making them more complicated for tax preparers. The agency has already sent warnings to five tax preparation companies for misusing consumers’ confidential data, and they’re likely to issue more as they expand to additional industries.  

Using its Penalty Offense Authority, the FTC can legally seek civil penalties against companies if it proves they knew their conduct was deceptive or unfair, or if they were sent a notice and still followed through with the prohibited actions. As for the fine? It’s hefty: $50,120 per violation. If you think the FTC will stop here, think again. Their latest action is simply an indicator of what’s to come for insurers, bankers, and retailers.  

What's the fuss about?

The FTC’s stance is that, without affirmative express consent, it’s illegal for companies to:  

  • Use consumer data for purposes not explicitly agreed to by the individual. 
  • Make false, misleading, or deceptive representations or omissions concerning the use of confidential information collected in a Confidential Context. 
  • Use the information to obtain financial benefit beyond what’s generated from providing the requested product or service. 
  • Use the information to advertise, sell, or promote products or services. 

TL;DR summary: Lack of express consent is a violation of consumer privacy. The FTC’s “one strike and you’re out” signifies it’s serious about protecting consumer data. 

What's it REALLY mean?

If a company fails to get affirmative express consent, they can’t use the consumer’s data for ads, or promoting and selling other products. In the case of tax preparers, for example, this means they can’t email a tax software customer offering their in-house tax services. Affirmative express consent must be in a separate agreement, and it must be “clear and conspicuous.”  

The FTC also cautions against tracking technologies such as pixels, third-party cookies, SDKs, and APIs. If a company continues to share data with a third party (even via a third-party application), they must get express consent to share with each and every vendor, for each purpose, while clearly specifying that purpose.  

How to stay off the FTC's radar 

The FTC’s heavy hand on consumer privacy regulations is a wake-up call for tax preparers and a warning to others. While navigating the complex world of regulations can be overwhelming, there are ways companies can maximize their compliance efforts, build trust with consumers, and safeguard business practices. Here’s three steps you can take to stay off the FTC’s radar.   

Step 1: Solve for third-party trackers with a first-party data platform 

A first-party data capture platform gives companies complete ownership and control over their consumer data, which is key to building consumer trust and ensuring compliance with the FTC. 

Many companies think they collect first-party data, but once they dig into it and examine the process required to access the data, it becomes apparent they don’t own or control it. A true first-party data platform is embedded within an organization’s environment and becomes part of its ecosystem. All data capture, storage technology, and infrastructure is owned and managed by the organization, so consumer data never leaves its four walls and is never sent to an external location or third-party system.  

When companies rely on third-party tracking technologies (cookies, pixels, APIs, SDKs), they’re putting consumers’ data and privacy at risk. Third-party technologies often lack security measures and strict access controls needed to protect personal information, so it’s easy for confidential data to fall into the wrong hands. While the FTC hasn’t fully restricted third-party trackers, third-party cookies are already on their way out. If a company does choose to utilize a third-party tracker, remember: remaining in compliance with the FTC means affirmative express consent must be obtained from individual consumers for EVERY third-party system used. Talk about popup overload and unnecessary friction!    

In addition to solving for third-party trackers and privacy issues, a first-party data capture platform gives companies better, higher quality consumer data to enhance marketing efforts. Capturing all consumer information and interactions (what they search for, devices used, time spent on page, etc.) in-house builds comprehensive consumer profiles. Because third-party technology isn’t used, all data is captured instantly so the organization can not only use it, but also deliver in-the-moment experiences, campaigns, and content to drive stronger personalization.   

Of course, under the FTC’s ruling, express consent still needs to be given by the consumer to use the first-party data for other purposes, but that’s easy to handle with a data platform that includes embedded consent management.  

Step 2: Simplify “yes or no” with embedded consent management 

Consent management is important, and how it’s delivered plays a big role in shaping the consumer experience. Managing “affirmative express consent” sounds like a headache, but it doesn’t have to be. 

The right first-party data platform captures and maintains consumer consent in live time across all digital platforms, devices, channels, and over time. Whether the consumer is known or anonymous, it complies with consumer requests to opt out of sharing personal information and gives organizations dynamic control of their consumer data collection.  

 Another thing to keep in mind is third-party cookies expire after seven days. For organizations that use third-party systems to capture consumer data, this means trouble. For example, say an anonymous consumer visits a company’s website and is presented with a clear and conspicuous banner to obtain express consent. The consumer checks the “accept” box and continues their browsing journey. Everything is by the book, and in compliance. BUT, eight days later, the same consumer returns to company’s website and, because third-party cookies expire after seven days, the company’s lost all data previously collected from the individual. Worse, they must obtain express consent again — not an ideal experience for the consumer.  

Step 3: Prioritize and optimize agreements 

“Affirmative express consent” — it’s the FTC’s favorite phrase and the number one answer tax preparers, and any consumer-oriented business, must obtain from every individual before using their information for unexpected purposes. And it MUST be in a separate agreement.   

 To optimize agreements, companies must: 

  • Use clear and concise language to help consumers understand the purpose quickly and easily.  
  • Present the agreement in a banner, widget, dialog, or popup before collecting information. Consider using a notice that must be read in its entirety before the data’s collected.  
  • Leverage a consent system of record so it’s easy to show a specific user consented to the data collection and usage.   

Organizations should also conduct regular audits to verify compliance is met, especially when new data solutions (vendors, MarTech platforms, etc.) are implemented. And remember, almost every online tracking solution uses cookies or pixels, so reviewing tracking technologies is critical.  

Don't let new regulations tax your business 

Misusing confidential consumer data is at the core of the FTC’s concerns, and tax preparation companies are currently in the limelight. But it won’t be long before their focus shifts and expands — and you could be next! 

To avoid civil penalties, maintain compliance, and deliver on consumer expectations, companies must focus on data ownership. A true first-party data platform delivers the control and management capabilities needed to excel in a privacy-focused world.  

man-speaker-with-dot-grid

The FTC is watching you!

The Federal Trade Commission is issuing fines and penalties to companies that don't protect consumer data and honor privacy concerns. Is your business in compliance? 

Subscribe to our blog for regular updates!