By John Kincaide, Privacy and Security Policy Attorney at Intel
The Federal Trade Commission (FTC) is a US agency whose strategic goals include protecting consumers from fraud, deception and unfair business practices, and maintaining competition by focusing on anticompetitive mergers and other anticompetitive business practices. The FTC has broad policy and regulatory power over issues directly affecting the US economy including vigorously pursuing effective law enforcement and striving to proactively protect consumers’ interests. Because of its broad regulatory authority the FTC has a direct and profound impact on many issues related to existing and new innovative technologies, including consumer privacy and data security policies.
Chris Jay Hoofnagle is an adjunct professor in the School of Information at the University of California, Berkley. Professor Hoofnagle teaches computer crime law, internet law, privacy law, and a seminar on the Federal Trade Commission. He is also the author of the recently published book, Federal Trade Commission Privacy and Policy (Cambridge University Press 2016). Professor Hoofnagle’s excellent book provides deep insights into the history of the FTC’s development, and how it became the important regulatory agency it is today. The book is highly recommended reading for attorneys, legal academics, privacy and data security professionals, and anyone seeking to understand the FTC’s history, and its current positions and goals related to technology, consumer privacy and data security.
The FTC plays a critical role in driving consumer trust through its policies and regulatory enforcement to protect consumers. Promoting practical insights into the FTC, like those found in Professor Hoofnagle’s Federal Trade Commission Privacy and Policy, is well aligned with Intel’s goal to foster trust in technology. For example, the recommendation for the FTC to develop new strategies to effectively “share privacy” based on the rapid growth of technology and expanding privacy jurisdictions is well founded. The FTC has broad jurisdiction over privacy while having limited resources. However new technologies, like the Internet of Things, and new data uses, like Big Data analytics, will increasingly put pressure on the FTC’s resources to adequately understand these new technologies and the exploding number of new ways consumer data can be used, and potentially abused.
The Federal Communications Commission’s (FCC) recently proposed new privacy rules for broadband providers is driven by its consumer privacy jurisdiction under its Open Internet order. It is important for the FTC to work closely with FCC to develop privacy protection rules which adequately protect broadband consumers and consumers using online businesses or services. In addition, the FTC and FCC should work closely together to help broadband service providers, and businesses providing service over the internet, to clearly understand the applicable rules to enable good faith compliance. Consumer trust in technology will be placed at risk if new technologies outpace the FTC’s ability to understand and adequately regulate them. Similarly, consumer’s trust will be jeopardized if multiple agencies have vastly different privacy rules which thwart good faith efforts for regulatory compliance.
Professor Hoofnagle’s book also recommends new ways for the FTC to evaluate the fines it requires for privacy non-compliance, and also recommends financial compliance strategies in addition to fines. Fines based on harm to consumers may be overly reliant on traditional models of financial calculations based on direct financial loss to the consumer (e.g. money spent, or money lost). However the “privacy value” of consumer’s data may not be easily financially quantified and may lead to fines which inadequately comprehend the true “harm” to the consumer.
In addition to rethinking how the FTC’ calculates fines, the book recommends considering other financial penalties, such as requiring restitution, where a consumer is reimbursed for losses resulting from non-compliance, or disgorgement, where money gained from illegal or non-compliant practices must be repaid by the offending company. As reflected in Professor Hoofnagle’s recommendations, Intel also believes it is important for the FTC to continue driving consumer trust in technology through its strength as a regulatory agency, including the use of appropriate enforcement actions for intentional non-compliance or not taking the necessary steps to provide reasonable consumer privacy and data protection.