Interoperability, Privacy, & Security

In the face of concerns about anticompetitive conduct, companies may claim privacy and security reasons as justifications for refusing to have their products and services interoperate with other companies’ products and services. As an agency that enforces both competition and consumer protection laws, the Commission is uniquely situated to evaluate claims of privacy and data security that implicate competition.

There are important benefits to interoperability as well as to privacy and security.

The FTC has highlighted these benefits to interoperability.^[1] Indeed, there are aspects of technology that people may take for granted while navigating their daily routines that turn on interoperability. Web pages can display regardless of web browser. Emails can be sent and received regardless of email provider. Computer accessories, including keyboards, mice, and monitors, can be plugged into most computers regardless of manufacturer. Interoperability can also enhance consumer choice and facilitate switching between products, and thereby enhance competition.

The FTC’s past work also highlights the importance of digital privacy and security. In the last two decades, the agency has used its authority under the FTC Act^[2] and other statutes^[3] to bring hundreds of enforcement actions against companies for privacy and data security violations.^[4] This includes cases involving the sharing of health-related data with third parties, the collection and sharing of sensitive television viewing data, and the failure to implement reasonable security measures to protect sensitive personal data such as Social Security numbers.^[5]

The FTC will closely scrutinize any claims that competition must be impeded to advance privacy or security.

While certain safeguards for privacy and security can impede interoperability, interoperability can coexist with privacy and security—and even enhance them—in various contexts. Indeed, the Commission has highlighted how interoperability can protect privacy and security.^[6]

As the FTC staff observed in the 2021 Nixing the Fix Report, “manufacturers may assert that restrictions on competition in aftermarkets are necessary for privacy [and] data security,” but such “justifications need to be scrutinized on a case-by-case basis and should be rejected if found to be a mere pretext for anticompetitive conduct.”^[7] Similarly, during the FTC’s 2020 workshop, Data to Go: An FTC Workshop on Data Portability, several expert panelists discussed the importance of identifying when companies raise security concerns as a pretext for anticompetitive conduct.^[8]

The FTC is no stranger to considering privacy and security and anticompetitive conduct. Through vigorous law enforcement, the FTC strives to support a vibrant marketplace where new businesses can emerge, new products can compete, and where consumers’ digital privacy and security are protected. The agency will continue to use our full range of tools to identify anticompetitive behavior and closely scrutinize claims that restrictions or bars on interoperability are the appropriate way to protect privacy or security.

Where dominant market participants use privacy and security as a justification to disallow interoperability and foreclose competition, the FTC will scrutinize those claims carefully to determine whether they are well-founded and not pretextual, and whether the chosen approach is tailored to minimize anticompetitive impact.

[1] See e.g.,https://www.ftc.gov/system/files/documents/public_events/1568699/data-portability-workshop-summary.pdf at 3, 5-6, https://www.ftc.gov/system/files/documents/reports/anticipating-21st-century-competition-policy-new-high-tech-global-marketplace/gc_v1.pdf Chapter 8 III.C.1, Chapter 9 IV.B, Chapter 10 II.A, https://www.ftc.gov/sites/default/files/documents/reports/protecting-consumers-next-tech-ade-report-staff-federal-trade-commission/p064101tech.pdf at 17.

[2] https://www.ftc.gov/legal-library/browse/statutes/federal-trade-commission-act  

[3] https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa, https://www.ftc.gov/legal-library/browse/rules/health-breach-notification-rule, https://www.ftc.gov/legal-library/browse/rules/safeguards-rule  

[4] https://www.ftc.gov/legal-library/browse/cases-proceedings?field_mission%5B29%5D=29&field_consumer_protection_topics=1420

[5] See e.g., https://www.ftc.gov/news-events/news/press-releases/2023/03/ftc-ban-betterhelp-revealing-consumers-data-including-sensitive-mental-health-information-facebook, https://www.ftc.gov/news-events/news/press-releases/2023/02/ftc-enforcement-action-bar-goodrx-sharing-consumers-sensitive-health-info-advertising, https://www.ftc.gov/news-events/news/press-releases/2023/05/ovulation-tracking-app-premom-will-be-barred-sharing-health-data-advertising-under-proposed-ftc, https://www.ftc.gov/news-events/news/press-releases/2017/02/vizio-pay-22-million-ftc-state-new-jersey-settle-charges-it-collected-viewing-histories-11-million, https://www.ftc.gov/news-events/news/press-releases/2019/07/equifax-pay-575-million-part-settlement-ftc-cfpb-states-related-2017-data-breach.

[6] See e.g., https://www.ftc.gov/system/files/documents/public_events/1568699/data-portability-workshop-summary.pdf at 4.

[7] https://www.ftc.gov/system/files/documents/reports/nixing-fix-ftc-report-congress-repair-restrictions/nixing_the_fix_report_final_5521_630pm-508_002.pdf at 10.

[8] See https://www.ftc.gov/system/files/documents/public_events/1568699/transcript-data-portability-workshop-final.pdf at 28:12-18, 152:2-16, 176:18-20, 177:3-17, 215:6-8, 232:12-233:5.