Email Management Service Operators Settle FTC Charges About Email Access and UseOn August 8, 2019, the Federal Trade Commission announced that an email management company will be required to delete personal information it collected from consumers as part of a settlement with the agency over allegations that it deceived consumers about how it accesses and uses their personal emails.
The complaint alleges that Unrollme Inc. falsely told consumers that it would not “touch” their personal emails, when it was allegedly sharing the users’ email receipts (e-receipts) with its parent company, Slice Technologies, Inc.
According to the complaint, Unrollme provides two services to consumers to help them manage subscription emails, such as newsletters or marketing emails from retailers. Unrollme helps users unsubscribe from unwanted subscription emails, and consolidates wanted subscription emails into one daily email called the “Rollup” that helps consumers minimize the clutter in their inboxes.
During the sign-up process, the FTC alleges, Unrollme requires consumers to grant Unrollme full access to the email accounts that they wish to enroll in its services to access and scan users’ inboxes for subscription emails and to provide its services. The FTC alleges that Unrollme then provides access to its users’ email accounts to its parent company, Slice.
Slice, a market research company, accesses Unrollme users’ inboxes in order to collect information from the users’ e-receipts, i.e., emailed receipts from businesses following an order or purchase, says the FTC.
The complaint alleges that Slice uses an automated crawler to identify an Unrollme user’s e-receipts. Once the e-receipt is identified, the crawler captures and copies the entire body of the message, which Slice then stores until the user deletes his or her Unrollme account.
FTC lawyers allege that Slice does not remove any personal or sensitive information from the body of the e-receipt before it is stored. The complaint states that this personal information can include, among other things, the user’s name, billing and shipping addresses, credit card information, and information about sensitive health-related products or services or other products and services purchased by the consumer. Slice then uses a “parser” to extract data from the e-receipts and creates a separate database of anonymous purchase information that it stores in its Data Warehouse for use in its market research analytics products, says the agency.
FTC lawyers also allege that after learning that Unrollme requires access to their email account(s) during the sign-up process, some consumers declined to grant that permission. When that happened, Unrollme – according to the complaint – made false and deceptive statements designed to encourage the consumer to grant Unrollme access to his or her email account(s) and continue the sign-up process. These statements changed over time, says the FTC.
As alleged in the complaint, from at least January 2015 through November 2015, Unrollme’s message to consumers who declined to grant Unrollme access to their email stated, “It looks like you clicked No thanks. In order to use Unroll.me, you need to tell Google to allow us to monitor your emails. Don’t worry, we won’t touch your personal stuff.”
The complaint states that the user was presented with an option to “CLICK HERE TO CONTINUE,” and if the user clicked that button, he or she was redirected back to the sign-up process and asked again to grant Unrollme access to his or her email account.
From November 2015 through October 26, 2016, the FTC alleges that Unrollme’s message to consumers who declined to grant Unrollme access to their email stated, “Authorization Declined In order to use Unroll.me, you need to authorize us to access your emails. Don’t worry, this is just to watch for those pesky newsletters, we’ll never touch your personal stuff.”
The complaint asserts that beneath this statement was a button stating, “Retry.” If the user clicked “Retry,” the user was redirected back to the sign-up process and asked again to grant Unrollme access to his or her email account.
FTC lawyers also allege that from October 27, 2016 through at least September 2018, Unrollme stated, “Oops! Looks like you declined access” “Unroll.Me requires access to your inbox so we can scan for subscriptions and allow you to begin clearing out your inbox.”
Beneath this text was a button stating, “Retry Signup,” and beneath the “Retry Signup” button was the statement, “Unroll.Me takes your privacy & security seriously,” according to the FTC. If a user clicked “Retry Signup,” the user was allegedly redirected back to the sign-up process and asked again to grant Unrollme access to his or her email account.
FTC attorneys allege that Unrollme’s data collection practices with respect to its users’ email accounts were material to consumers and their decision whether or not to use Unrollme’s services
“What companies say about privacy matters to consumers,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “It is unacceptable for companies to make false statements about whether they collect information from personal emails.”
As part of the proposed settlement with the Commission, Unrollme is barred from misrepresenting the extent to which it collects, uses, stores, or shares information it collects from consumers. It must also notify those consumers who signed up for Unrollme after viewing one of the allegedly deceptive statements about how it collects and shares information from e-receipts. The proposed order also requires Unrollme to delete, from both its own systems and Slice’s systems, stored e-receipts previously collected from those consumers, unless it obtains their affirmative, express consent to maintain the e-receipts.
Contact FTC CID lawyers if you are the subject of an FTC investigation or enforcement action.
Richard B. Newman focuses on federal agency litigation at Hinch Newman LLP. Follow him on Facebook at is an FTC lawyers.
Informational purposes only. Not legal advice. Attorney advertising.