Deceptive Trade Practices and Broken Privacy Promises
A deceptive practice is a material statement or omission likely to mislead reasonable consumers. Breaking a privacy-notice promise is deceptive under Section 5. The Facebook ($5B) and Everalbum (algorithmic disgorgement) cases illustrate enforcement.
By 2000 privacy notices were standard on commercial websites. If a company promised a level of privacy or security and failed to deliver, the FTC treated that broken promise as 'deceptive' under Section 5. A deceptive practice requires a material statement or omission likely to mislead reasonable consumers - including false promises, misrepresentations, and failures to honor representations in privacy notices.
| Case | Year | Key point |
|---|---|---|
| In the Matter of Facebook | 2019 | $5 billion fine for deceiving users about privacy control; violated a 2012 consent order; agreed to board-level privacy accountability - then the largest FTC privacy penalty |
| In the Matter of Everalbum | 2021 | Auto-enabled facial recognition (told users it was opt-in) and kept deactivated users' content; agreed to algorithmic disgorgement - deleting models built on improperly obtained data |
Because AMG limited equitable monetary relief under Section 13(b), the FTC can still seek non-monetary remedies like algorithmic disgorgement - an increasingly important tool, especially for AI, until courts say otherwise.