The FTC has entered into a Consent Agreement with PayPal, Inc., settling allegations that PayPal, through its operation of Venmo, had violated Section 5 of the FTC Act and the Gramm-Leach-Bliley Act’s (“GLBA”) Privacy and Safeguards Rules. PayPal operates Venmo, a payment and social networking application and website that allows consumers to make peer-to-peer payments, which also shares information regarding such payments through a social network feed. The agreement will be subject to public comment for 30 days.
Data – big or small – has tremendous potential for use (and misuse). For example, using mobile apps to keep track of one’s own physical activity or caloric intake may empower individuals to improve their health. Should other parties (e.g., that app’s developer, physician, employer, insurance company, online friends) be able to access the same information, and if so, under what conditions? As another example, expressing one’s own feelings and preferences on a social media platform may strengthen bonds within a professional community or a family group, expedite academic collaborations, and/or improve an individual’s sense of belonging. However, may those same messages – freely expressed in a public domain – be re-purposed for a study of mental health trends or for marketing strategies; and if so – when/how/by whom, or why/why-not? Questions like these touch on a host of ethical and legal issues that only recently began to be explored in depth, even as new norms of individual behavior, human interactions, and treatment of data are evolving.