Subscribe to our mailing list

X

Mobile Phone Maker BLU Reaches Settlement with FTC over Deceptive Privacy and Data Security Claims

By on May 21, 2018

Agency alleges BLU misled consumers and put their personal data at risk

Mobile phone manufacturer BLU Products, Inc. and its co-owner have reached a settlement with the Federal Trade Commission over allegations that the company allowed a China-based third-party service provider to collect detailed personal information about consumers, such as text message contents and real-time location information, without their knowledge or consent despite promises by the company that it would keep such information secure and private. As part of the settlement, BLU must implement a comprehensive data security program to help prevent unauthorized access of consumers’ personal information and address security risks related to BLU phones.

In its complaint, the FTC alleges that BLU and its co-owner and President Samuel Ohev-Zion misled consumers by falsely claiming that they limited third-party collection of data from users of BLU’s devices to only information needed to perform requested services. They also falsely represented that they had implemented “appropriate” physical, electronic, and managerial procedures to protect consumers’ personal information, according to the complaint.

Florida-based BLU contracted with ADUPS Technology Co. LTD to issue security and operating system updates to BLU’s devices. ADUPS, however, collected and transferred to its servers far more information than needed to do its job, including the full content of consumers’ text messages, real-time location data, call and text message logs with full telephone numbers, contact lists, and lists of applications used and installed on BLU devices.

According to the complaint, BLU and Ohev-Zion failed to implement appropriate security procedures to oversee the security practices of their service providers, including failing to perform appropriate due diligence of service providers; failing to have written data security procedures regarding service providers; and failing to adequately assess the privacy and security risks of third-party software installed on BLU devices. As a result, ADUPS collected sensitive personal information via BLU devices without consumers’ knowledge and consent that it did not need to perform its contracted services. In addition, ADUPS software preinstalled on BLU devices contained common security vulnerabilities that could enable attackers to gain full access to the devices.

READ  New Financial Empowerment Tools for People with Disabilities

After reports about the unexpected collection and sharing by ADUPS became public in November 2016, BLU issued a statement informing consumers that ADUPS had updated its software and had stopped its unexpected data collection practices. Despite this, the FTC alleges that BLU continued to allow ADUPS to operate on its older devices without adequate oversight.

Under the proposed settlement with the FTC, BLU and Ohev-Zion are prohibited from misrepresenting the extent to which they protect the privacy and security of personal information and must implement and maintain a comprehensive security program that addresses security risks associated with new and existing mobile devices and protects consumer information. In addition, BLU will be subject to third-party assessments of its security program every two years for 20 years as well as record keeping and compliance monitoring requirements.

The Commission vote to issue the administrative complaint and to accept the proposed consent agreement was 2-0. The FTC will publish a description of the proposed consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through May 30, 2018, after which the Commission will decide whether to make the proposed consent order final. Interested parties can submit comments electronically by following the instructions in the “Invitation To Comment” part of the “Supplementary Information” section.

NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $41,484.

This article by the FTC was distributed by the Personal Finance Syndication Network.

READ  8 Steps to Take if You Can’t Pay Your Taxes

The post Mobile Phone Maker BLU Reaches Settlement with FTC over Deceptive Privacy and Data Security Claims appeared first on Personal Finance Syndication Network.

Last step, fill out the information below or call us for Priority Assistance.

What problems are you having with your report?

Your first name is required. Your first name is required to be at least 2 characters. Your first name cannot be longer than 50 characters.
Your last name is required. Your last name is required to be at least 2 characters. Your last name cannot be longer than 50 characters.
Your email is required.
Your phone is required. Your 10 digit phone number is required.
Your state is required.
Your age is required. Your age must be greater than 18. Your age must be less than 100.

By clicking on the "Contact Me" button above, you consent, acknowledge, and agree to the following: Our Terms of Use and Privacy Policy and to receive electronic communications. We take your privacy seriously. That you are providing express "written" consent for Debt.com or appropriate service provider(s) to call you (including through automated means; e.g. autodialing, text and pre-recorded messaging) via telephone, mobile device (including SMS and MMS - charges may apply), even if your telephone number is currently listed on any internal, corporate, state or federal Do-Not-Call list. Consent is not required as a condition to utilize Debt.com services and you are under no obligation to purchase anything.

By clicking on the “Contact me” button above, you consent, acknowledge, and agree to the following: (1)That you are providing express “written” consent for Lexington Law Firm, Debt.com or appropriate service provider(s) to call you (including through automated means; e.g. autodialing, text and pre-recorded messaging) via telephone, mobile device (including SMS and MMS – charges may apply), or dialed manually, at my residential or cellular number, even if your telephone number is currently listed on any internal, corporate, state or federal Do-Not-Call list; and (2)Lexington Law’s Privacy Policy and Terms of Use and Debt.com’s Terms of Use and Privacy Policy. Consent is not required as a condition to utilize Lexington Law or Debt.com services and you are under no obligation to purchase anything.

About Research Department

Here is where you will find important stories located from around the web which can impact you and your financial life.
%d bloggers like this: