FTC Cracks Down on Targeted Advertising Without User Consent
March 3, 2023
Chris Cleveland
CEO, ComplyAuto
The recent case against GoodRx by the Federal Trade Commission (FTC) for sharing a user’s sensitive health information with online advertisers without the user’s consent should be taken seriously by all businesses, including automotive dealerships. The lesson here? Dealerships should implement comprehensive privacy policy disclosures and a well-designed cookie consent banner to avoid the FTC’s scrutiny.
Like GoodRx, automotive dealerships often use cookies for retargeted advertising with companies such as Google and Meta (Facebook). “Retargeted advertising” allows dealerships to display advertisements to users who have previously interacted with their website or shown interest in their products or services. This increases the touch points with that user and makes them more likely to convert into a sale. The FTC lawsuit against GoodRx alleges that the company integrated third-party tracking tools from Meta, Google, and other advertisers and shared user health data with them for advertising purposes without the user’s consent. Additionally, GoodRx used the personal health information to target users with advertisements itself and failed to limit third-party use of their information. According to the FTC, this violated Section 5 of the FTC Act, which broadly prohibits deceptive and unfair acts or practices.
For dealerships that want to avoid becoming the FTC’s next example, they must begin obtaining proper consent for the use and sharing of cookies that collect and track a prospective finance or lease customer’s online information and browsing history (and for those of you wondering, yes, the federal Gramm-Leach Bliley Act defines non-public personal information as including cookies and similar technologies). To state the obvious, this is an action based on federal law, so dealerships in all states (even those without comprehensive privacy laws) must prioritize protecting user data by updating their privacy policies with comprehensive disclosures, a cookie use policy, and a compliant cookie consent banner.
For example, a well-designed cookie banner is a crucial tool for dealerships to obtain users' informed consent for the use of online tracking in connection with retargeted advertising. However, poorly designed cookie banners can do more harm than good if they are implemented to confuse or trick consumers into consenting to online tracking (often referred to by regulators as “dark patterns”). Unfortunately, many vendors offer cookie banners that don't actually work and may inadvertently allow cookies and other tracking technologies to deploy before the user has a chance to consent.
In short, online privacy disclosures and cookie consent management should be a top priority for any risk-averse auto dealership. Updating privacy policies with comprehensive disclosures and implementing a compliant cookie consent banner can help defeat claims similar to those brought against GoodRx and protect the dealership from other novel privacy allegations like we have seen with the recent uptick of state and federal wiretapping lawsuits stemming from online tracking activities.
ComplyAuto is the leading provider of privacy-tech for the automotive industry and represents over 7,000 dealers with automated tools for privacy policy and cookie consent management. Learn more at www.complyauto.com.
This article should be used as a compliance aid only and though its accuracy has been made a priority, it is not a substitute for professional legal advice. Each dealer should rely on their own expertise when using it.