The Federal Trade Commission (FTC) has settled with BLU Products, Inc. over allegations that the unlocked mobile phone manufacturer allowed a third-party provider to collect detailed personal information about its consumers without their knowledge or consent. In 2016, BLU Products admitted that a third-party app called “Wireless Update” has been “collecting unauthorized personal data in the form of text messages, call logs and contacts from customers” on some devices.
The FTC alleged that BLU Products, its co-owner, and president falsely claimed that only information needed to perform requested services, including security and operating system updates, would be collected. The complaint alleged that the China-based third-party service provider ADUPS Technology Co., Ltd had in fact collected far more information than necessary, including the full content of consumers’ text messages, real-time location data, call and text message logs with full telephone numbers, contact lists, and lists of applications used and installed on BLU Products devices.
Under the proposed settlement, BLU Products is prohibited from misrepresenting the extent to which they protect the privacy and security of personal information. It will also need to adopt a program that addresses risks for protecting user information and be audited every two years for the next two decades to ensure compliance.
The FTC continues to aggressively police misrepresentations to consumers, in which large amounts of personal information is farmed despite the lack of a data breach or malicious attack, but purely through deceptive practices.