FTC Commissioners Give Key Insights on Privacy Views

In remarks on Monday at the Brookings Institution, FTC Commissioners Rebecca Slaughter and Christine Wilson spoke extensively about the Commission’s privacy outlook and their personal views on the national privacy debate.  While from different parties, they were largely in agreement on a number of key points – reflecting how the current Commission has continued to move towards more aggressive enforcement on privacy and data governance.  The willingness of these Commissioners to be so direct on a wide range of topics helps point to where the Commission is headed on future enforcement, and in making recommendations to follow up on its Hearings on Competition and Consumer Protection in the 21st Century.  Some key questions and answers are summarized here:

  • Should our privacy laws focus primarily on “notice and choice” – giving consumers the opportunity to understand how data is collected and used, typically through privacy policies?  The Commissioners’ answers were basically no.  Commissioner Slaughter said she was “really over” a notice and consent framework, arguing that neither the notice or choice was meaningful for consumers.  Commissioner Wilson emphasized that her views have evolved over time, suggested that notice and choice has a limited role to play, and argued that clear and transparent rules about data use would benefit both business and consumers.  The FTC has long brought cases under its deception authority – policing the “notice” portion of “notice and choice” by arguing that companies violated their privacy representations to consumers – but it seems the Commission is increasingly looking to examine a broader set of practices.

  • Will the FTC focus only on specific, demonstrable injuries that flow from privacy violations?  Again, the answer appears to be no.  In the context of private rights of actions, the need to show demonstrable injury is an issue that could soon reach the Supreme Court.  In her remarks, Commissioner Wilson largely stuck to existing cases the FTC has brought, which have used an elevated risk of harm (including non-financial harm) to justify action.  Commissioner Slaughter was clear that the Commission should not need to allege a specific concrete harm based on unwanted disclosure of private information – pointing for example to identity theft, where the use of stolen data for harm can be delayed and difficult to track down. 

  • Are there other harms from data use the FTC should address?  Possibly.  Commissioner Slaughter identified targeted advertising based on collected information as a potential “harm” to be addressed in certain circumstances.  And overall, she framed the “privacy” discussion as a broader one about what she termed “data abuses,” focusing on harmful uses of data.  When asked about whether algorithmic biases should be concerning, Commissioner Wilson pointed to the Commission’s 2016 Big Data report, which outlines ways in which algorithmic biases could give rise under existing laws like the Fair Credit Reporting Act or Equal Credit Opportunity Act.  Commissioner Slaughter went further, referring to certain kinds of bias from algorithmic decisionmaking as a “data abuse” that warranted action.

  • Should there be monetary penalties in privacy cases?  The Commission now supports Congress granting civil penalties for first-time privacy violations.   And the Commission supports closing the common carrier and non-profit exemptions, meaning that a greater swath of companies (for example, non-profit hospitals) would be subject to the FTC’s privacy enforcement.

As much of the FTC’s work and its deliberations are confidential, it can sometimes be difficult to tell what policy and enforcement actions are being considered.  But these and other recent remarks by Commissioners point strongly toward a heightened emphasis on enforcement in the areas of privacy and companies’ data practices more generally. 

Tags

Wiley Connect

Sign up for updates

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek