The Federal Trade Commission (‘FTC’) published, on 6 August 2018, a notice in the Federal Register seeking comments on whether adjustments to competition and consumer protection law, as well as FTC enforcement priorities and policy are necessary (‘the Notice’). The Notice was released ahead of a series of public hearings addressing issues in relation to the same, which are due to begin in September 2018 and are expected to continue through January 2019.
Megan L. Brown, Partner at Wiley Rein LLP, told DataGuidance, “The FTC is sending a clear message that it wants to review emerging technologies and think hard about what its role will be in the future. This is a key opportunity for stakeholders to shape their thinking on issues large and small. It won’t change the FTC’s authority, but it could help them develop proposals for the U.S. Congress on things like privacy legislation, national data breach legislation and litigation reform.”
In particular, the FTC requested comments on the application of its Section 5 authority under the FTC Act of 1914 in relation to the broadband internet access service business, the efficacy of its current remedial authority to deter unfair and deceptive conduct in privacy and data security matters. Furthermore, the FTC requested feedback on the benefits and costs of varying state, federal and international privacy laws and regulations, including the conflicts associated with those standards. The FTC is also seeking input on consumer protection implications associated with location tracking mechanisms and the use of algorithmic decision tools, artificial intelligence, and predictive analytics, particularly in the context of marketing and advertising.
It won’t change the FTC’s authority, but it could help them develop proposals for the U.S. Congress on things like privacy legislation, national data breach legislation and litigation reform
Brown noted, “The FTC will certainly be looking at the role of states in the internet economy, [particularly] at whether state laws erect barriers to commerce and innovation. They will also be looking at the markets for various connected services, and what sort of supervision is needed, if any, over internet companies. They have traditionally used cost benefit analysis and waited for evidence of harm to act and I expect them to do so here. […] The LabMD decision is also certainly on the FTC’s mind as they consider their role in addressing data security. They were long criticised for aspects of their consent decrees and will have to consider the United States Court of Appeals for the Eleventh Circuit’s ruling to determine how to proceed.”
The FTC noted that the comments and hearings will assist in evaluating its short and long-term enforcement and policy agenda, and to identify areas for additional study, enforcement, advocacy, and policy guidance. Moreover, the FTC highlighted that the hearings are modelled after the 1995 Pitofsky hearings, which prompted discussion of emerging problems and the preparation of public reports on the facts, issues, governing law, and the need, where appropriate for change, resulting in two staff reports being released.
Brown concluded, “A few things [should be discussed with a view to reform], including, how to provide predictability for American businesses and prevent frivolous lawsuits that could limit beneficial innovation. How can we stop revictimising US companies who suffer breaches from the criminal acts of third parties? How can we show the US cares about privacy without being pushed toward a top-down regulatory approach like the EU has pursued? How can we focus resources on real harms and risks? Small and medium businesses are the ones most hurt by complicated and unpredictable regulation. We need to have an environment in which innovation can thrive.”
PASCALE ARGUINARENA Privacy Analyst