FTC Makes Inquiries into Yahoo’s Customer Data Practices

The Federal Trade Commission is making inquiries into Yahoo!’s customer information practices, the company announced in its annual financial report yesterday.

In a subsection within its 10-K report titled “Legal Proceedings”, Yahoo! indicated that “the FTC is conducting an inquiry into certain of the Company’s consumer information practices to determine whether the company has complied with applicable FTC consumer protection regulations. In connection with this inquiry, the FTC has requested that the Company provide information about its practices and submit various documents and other materials to the FTC.”

In a statement, Yahoo! said that “we have been contacted by the FTC and have been asked to help them understand some of our data collection practices. We understand that this inquiry was prompted by the California Health Care Foundation’s report dated January 2000 on the health Web sites of 21 companies. We are voluntarily providing information to the FTC. We take privacy very seriously we are committed to it, and we are proud of our record.”

A Yahoo! spokesperson told DIRECT Newsline that “the California Health Care Foundation report had nothing to do with advertising profiling,” but did not elaborate further.

“Health care Web sites have access to an unprecedented amount of personal health information,” said Internet security consultant Richard M. Smith in a statement that accompanied the report.

“We found third party ad networks receiving access to information that would allow them to build detailed, personally identified profiles of individual’s health conditions and patterns of Internet use.”

According to the report, which was coordinated by Smith and Janlori Goldman and Zoe Hudson of the Health Privacy Project at Georgetown University:

* Visitors to health Web sites are not anonymous, even if they think they are.

* Health Web sites recognize consumers’ concern about the privacy of their personal health information and have made efforts to establish privacy policies; however, the policies fall short of truly safeguarding consumers.

* There is inconsistency between the privacy policies and the actual practices of health Web sites.

* Consumers are using health Web sites to better manage their health, but their personal information may not be adequately protected.

* Health Web sites with privacy policies that disclaim liability for the actions of third parties on the site negate those very policies.