• by Wendy Davis , Staff Writer @wendyndavis, August 8, 2019

Email management company Unroll.Me has agreed to destroy data about some consumers' online purchases in order to settle allegations that it duped people about privacy, the Federal Trade Commission said Thursday.

Unroll.Me, owned by Slice Technologies, markets itself to consumers by promising to automatically unsubscribe from from email lists. But that's not all the company does. Slice also sells "anonymized" information about people's emails -- including their receipts for online purchases -- for market research purposes. 

The company's data practices first came under scrutiny two years ago, when The New York Timesreported that Uber purchased data from Slice in order to gather competitive intelligence on rival ride-hailing service Lyft.

Soon after the Times story came out, Slice was hit with a potential class-action suit alleging that it violated the federal wiretap law by disclosing email messages without users' consent.

U.S. District Court Judge J. Paul Oetken in New York dismissed that case last year. He ruled that consumers consented to the disclosures by accepting Unroll.Me's privacy policy, which said it may "disclose, distribute transfer, and sell” data collected from email messages."

But the FTC's investigation went beyond looking at Unroll.Me's privacy policy. The agency also looked at how Unroll.Me handled wary consumers who started to sign up, but then refused to grant Unroll.Me access to their email accounts. The company convinced many of those people to change their minds and finish enrolling, but did so by making false and deceptive statements, according to the FTC.

Between January of 2015 and October of 2016, Unroll.Me's message to those would-be subscribers included the assurance, “we won’t touch your personal stuff,” according to the FTC complaint.

During that time, more than 20,000 consumers who initially declined to grant email access to Unroll.Me changed their minds and completed signing up for the service.

From late October 2016 through at least September 2018, Unroll.Me's message to consumers who balked included the sentence: “Unroll.Me requires access to your inbox so we can scan for subscriptions and allow you to begin clearing out your inbox,” the FTC alleged.

More 35,000 consumers completed signing up after viewing that message, according to the FTC.

The agency also examined statements made by Unroll.Me's support reps to consumers who raised concerns about privacy.

“In multiple instances, Unrollme responded to these concerns ... by representing to these consumers that Unrollme would only access the consumer’s email so that it could provide its subscription-related services -- even though Unrollme’s parent company, Slice, was actually accessing and collecting the entire body of consumers’ e-receipts for the purpose of selling purchase information contained therein,” the FTC's complaint states.

The proposed settlement prohibits Unroll.me from misrepresenting its data collection and sharing practices. The deal also requires the company to delete stored e-receipts previously collected from consumers who were presented with misleading information, unless it obtains their express consent to retain the material.