Mobile phone manufacturer BLU Products, Inc. and its co-owner have reached a settlement with the Federal Trade Commission over allegations that the company allowed a China-based third-party service provider to collect detailed personal information about consumers, such as text message contents and real-time location information, without their knowledge or consent despite promises by the company that it would keep such information secure and private. The terms of the settlement include a requirement that BLU implement a comprehensive data security program to help prevent unauthorized access of consumers’ personal information and address security risks related to BLU phones.
In its complaint, the FTC alleges that BLU and its co-owner misled consumers by falsely claiming that they limited third-party collection of data from users of BLU’s devices to only information needed to perform requested services. The FTC also alleges that BLU falsely represented that they had implemented “appropriate” physical, electronic, and managerial procedures to protect consumers’ personal information, according to the complaint.
Florida-based BLU contracted with ADUPS Technology Co. LTD to issue security and operating system updates to BLU’s devices. ADUPS purportedly collected and transferred to its servers more information than was necessary, including the full content of consumers’ text messages, real-time location data, call and text message logs with full telephone numbers, contact lists, and lists of applications used and installed on BLU devices.
According to the complaint, BLU and its co-owner failed to implement appropriate security procedures and due diligence measures. The FTC also alleges that pre-installed software contained common security vulnerabilities that could enable attackers to gain full access to the devices.
The proposed settlement includes prohibitions from misrepresenting the extent to which the privacy and security of personal information are protected, as well as an obligation to implement and maintain a comprehensive security program that addresses security risks associated with new and existing mobile devices. BLU will also be subject to third-party assessments of its security program. .
Richard B. Newman is an Internet marketing compliance and regulatory defense attorney at Hinch Newman LLP focusing on advertising and digital media matters. His practice includes conducting legal compliance reviews of advertising campaigns, representing clients in investigations and enforcement actions brought by the Federal Trade Commission and state Attorneys General, commercial litigation, advising clients on promotional marketing programs, and negotiating and drafting legal agreements.
ADVERTISING MATERIAL. These materials are provided for informational purposes only and are not to be considered legal advice, nor do they create a lawyer-client relationship. No person should act or rely on any information in this article without seeking the advice of an attorney. Information on previous case results does not guarantee a similar future result. Hinch Newman LLP | 40 Wall St., 35thFloor, New York, NY 10005 | (212) 756-8777.