October 7, 2021 - The Federal Trade Commission has given final approval to a settlement with the operators of MoviePass over allegations they took steps to block subscribers from using the service as advertised, while also failing to secure subscribers’ personal data.

In a complaint and proposed settlement first announced in June 2021, the FTC alleged that MoviePass Inc.—along with CEO Mitchell Lowe, MoviePass parent company Helios and Matheson Analytics, Inc., and its CEO Theodore Farnsworth —deceptively marketed its “one movie per day” service, then deployed deceptive tactics aimed at preventing subscribers from using the service as advertised —actions the FTC alleged violated both the FTC Act and the Restore Online Shoppers’ Confidence Act. The FTC also alleged MoviePass’s operators left a database containing large amounts of subscribers’ personal information unencrypted and exposed, leading to unauthorized access.

Under the settlement, MoviePass, Inc., Helios, and their principals will be barred from misrepresenting their business and data security practices. In addition, any businesses controlled by MoviePass, Helios, or Lowe must implement comprehensive information security programs. MoviePass’s operators also are required to notify the FTC of any future data breaches, and a senior executive must certify annually that MoviePass’s operators are complying with the data security requirements of the settlement. If they violate the terms of the order, they could face monetary penalties of up to $43,792 per violation, per day.

After receiving two comments, the Commission voted 4-1 to give final approval to the complaint and order and send responses to the commenters. Commissioner Noah Joshua Phillips voted no.