The Federal Trade Commission called for a balanced approach that protects both consumer privacy and innovation in a comment submitted to the Department of Commerce’s National Telecommunications and Information Administration (NTIA) as part of that agency’s consumer privacy proceeding.
In its comment to NTIA, the FTC emphasized its extensive experience in protecting consumer privacy and fostering innovation. The regulator reiterated its main tasks in this sphere, including:
— Collecting information from children online without parental consent
— Deceiving consumers about collection, use, and/or disclosure of their financial, health, video, or other personal information
— Making false promises about compliance with the EU-U.S. Privacy Shield (and the predecessor U.S.-EU Safe Harbor)
— Deceptively tracking consumers online
— Disclosing highly sensitive, private consumer data to unauthorized third parties
— Publicly posting private data online without consumers’ knowledge or consent
— Installing spyware or other malware on consumers’ computers
— Failing to provide reasonable security for consumer data, including children’s information
— Spamming and defrauding consumers
— Making harassing calls about phantom debt and leaving threatening voicemails about debt collection
— Failing to comply with legal requirements when generating automated data used to deny housing to applicants
— Violating Do Not Call and other telemarketing rules
“These enforcement actions send an important message: the FTC holds companies accountable for their information practices,” officials said in their comment to the NTIA .
“The FTC is uniquely situated to balance consumers’ interests in privacy, innovation and competition, according to the comment,” the regulator continued. “In particular, the FTC’s dual mission of protecting competition and consumer protection gives the commission a deep understanding of the benefits and costs to consumers associated with the use of their data.
In response to some of the specific topics raised by NTIA, the comment also reiterated the FTC’s commitment to data security. The comment summarized the importance of companies’ making accurate disclosures about privacy.
The FTC went on to maintain a call for a balanced approach to choice, where the level of control would depend on consumer preferences, context and risk. Officials noted that they should continue to be the primary enforcer of laws related to information flows in the marketplace, whether under the existing or a new privacy and security framework.
The regulator added that it will be examining its current authority related to privacy and data security as part of its series of hearings on Competition and Consumer Protection in the 21st Century.
“Data security concerns are an important part of the privacy debate and, in light of the issues described above, the FTC continues its longstanding call that Congress consider enacting legislation that clarifies the FTC’s authority and the rules relating to data security and breach notification,” officials said. “The FTC also understands that both Congress and the administration are considering federal privacy legislation, and the commission strongly supports those efforts.
“Any legislation should balance consumers’ legitimate concerns about the protections afforded to the collection, use, and sharing of their data with business’ need for clear rules of the road, consumers’ demand for data-driven products and services and the importance of flexible frameworks that foster innovation,” the FTC continued. “Should Congress decide to pursue such legislation or otherwise expand the FTC’s enforcement authority, the commission is prepared to share its expertise and assist with formulating appropriate legislation.
“That said, any such process will involve difficult value judgements that are appropriately left to Congress,” officials went on to say. “Ultimately, no matter the specific laws Congress enacts in the privacy or data security area, the commission commits to using its extensive expertise and experience to enforce them vigorously, consistent with its ongoing and bipartisan emphasis on privacy and security enforcement.”