Many websites, mobile applications, software solutions and similar solutions are offered for “free.” The services are free from the perspective that there is no cost to acquire or use the service.
However, as the famous saying used commonly by the author Robert Heinlein goes, “There ain’t no such thing as a free lunch.” While a user may believe there is no cost, the provider of the service will seek to obtain a benefit in some manner.
As previously suggested, if the service is being offered for free, the data collected will likely be viewed as a valuable commodity, and that is where the provider is generating income. While detailed, specific means of how the data will be used may not appear, including misleading or false statements would be problematic. Users should not be deceived as to how data can or will be used.
Flowing out of what and how data will be used, understanding potential remedies if something goes wrong is also helpful. In most instances, expect the provider to disclaim any and all warranties and to severely limit any available remedies. While state law may influence whether those disclaimers and limitations are enforceable, expect that they will be.
Ultimately this means that the primary remedy may solely be discontinuing use of the service. Such an outcome may feel hollow or without much benefit, but it is in all likelihood a legitimate outcome.
As should be well known, if a service is targeted to the providers or other covered entities in healthcare, then HIPAA will usually apply to the service. If HIPAA applies, then all of the attendant privacy and security requirements will also apply to the service. If HIPAA applies, then there can be some comfort that data will not be freely utilized.
The Federal Trade Commission and attendant regulations covering unfair and deceptive trade practices may arguably be the most comprehensive set of protections to consider. The FTC may have purview over all services no matter the specific industry being served. The baseline expectation is that consumers should be informed as to their information will be utilized and not given false information.
The requirement to not deceive was brought to the fore by recent troubles in the social media realm. Given the ease with which true intentions could be hidden, potential enforcement in this area should be tracked.
While laws and regulations may provide some protections, the protections are not absolute. As noted, providers can be open about how data will be utilized. If a user accepts those terms, then use will be fair game. That scenario is not likely to change any time soon as it is very difficult to stop using the free services, and many users probably do not want to start paying for services. The key will be whether public outcry will result in a change or whether users will become better informed and push for incremental change.