The FTC gave final approval to the Venmo/PayPal settlement resolving alleged violations of Section 5 of the FTC Act and the Gramm-Leach-Bliley Act’s Privacy and Safeguards Rules. As described in a previous blog post, the FTC alleged that Venmo made a variety of misrepresentations to consumers with respect to the availability of funds, the ability of consumers to control the privacy of their transactions, and its data security practices.
The settlement includes injunctive relief that prohibits Venmo from misrepresenting any material restrictions on the use of its services, the extent of control provided by any privacy settings, and the extent to which Venmo implements or adheres to a particular level of security. In addition, Venmo is required to make certain disclosures to consumers about its transaction and privacy practices. Finally, Venmo is required to obtain biennial third-party assessments of its compliance with these rules for 10 years.
During the comment period, the FTC received eight comments. Some of the comments expressed frustration with Venmo’s practices and the fact that Venmo was not required to pay a monetary penalty. The Commission’s responses noted that Section 5 of the FTC Act and the Gramm-Leach-Bliley Act does not authorize the FTC to collect fines or penalties based on such violations and noted that if PayPal violates the final order it could be liable for civil penalties of up to $41,484 per violation.