FTC Fines BetterHelp $7.8M for Sharing Mental Health Data with Advertisers

BetterHelp, the world's largest online mental health platform, faced significant regulatory action in March 2023 when the Federal Trade Commission imposed a $7.8 million fine for sharing users' sensitive mental health data with major advertising platforms. The company, which provides online therapy and counseling services, violated its own privacy policies by transmitting highly personal information to Facebook, Snapchat, Criteo, and Pinterest for targeted advertising purposes. The FTC's investigation revealed that between December 2017 and July 2020, BetterHelp collected extensive personal information from users including email addresses, IP addresses, health questionnaire responses indicating conditions like depression and anxiety, and details about therapy sessions. The company then shared this data through tracking pixels and other mechanisms with advertising platforms, often by hashing email addresses along with mental health indicators to create targeted advertising profiles. The data sharing practices were particularly egregious because BetterHelp had explicitly promised users in its privacy policy that it would not sell or share their personal information with third parties for advertising purposes. Users seeking mental health support had reasonable expectations of privacy protection, especially given the sensitive nature of their therapy sessions and mental health conditions. The FTC found that BetterHelp's actions constituted deceptive practices under Section 5 of the FTC Act. The settlement agreement, announced on March 2, 2023, required BetterHelp to pay the $7.8 million penalty and implement comprehensive privacy safeguards. The company must obtain explicit opt-in consent before sharing any health information with third parties, delete previously shared data where possible, and implement a comprehensive privacy program with regular audits. Additionally, BetterHelp is prohibited from misrepresenting its data practices and must provide clear disclosures about any data sharing. The case affected approximately 7 million BetterHelp users who had provided sensitive mental health information with the expectation of privacy protection. Many users were unaware that their therapy-related data was being used for commercial advertising purposes, representing a significant breach of trust in the mental health services sector. The incident highlighted broader concerns about data privacy in digital health platforms and the need for stronger protections for sensitive health information. The FTC's action against BetterHelp represents one of the largest privacy enforcement cases in the mental health sector and established important precedents for data protection in digital therapy platforms. The settlement also included provisions requiring BetterHelp to notify users about the data sharing that had occurred and provide them with information about how to limit future data collection by the advertising platforms that had received their information.