On December 14, 2016, the Federal Trade Commission settled a complaint with the company running the adult finder site Ashley Madison over the 2015 data breach that exposed the personal data of more than 36 million users and highlighted the site’s unfair and deceptive practices.
This complaint and settlement is important, but not for the obvious reasons. Yes, the breach had an outsized reach, much like the Target and Home Depot breaches preceding it. Yes, the breach involved poor security practices and deceptive promises about the site’s privacy protections. The Ashley Madison complaint follows a long line of actions brought by the FTC to combat unfair and deceptive data protection practices. The site’s exploitation of users’ desperation, vulnerability, and desire for secrecy is exactly the sort of abuse of power the Federal Trade Commission was created to mitigate.