As the only federal agency with a dual mission to protect consumers and promote competition, the FTC is uniquely situated to comment on the future of privacy policymaking in the United States. So we welcomed the opportunity to respond to the Department of Commerce, National Telecommunications and Information Administration (NTIA) Request for Comment on “Developing the Administration’s Approach to Consumer Privacy.”
The FTC Staff’s Comment outlines the agency’s experience protecting consumers’ privacy through enforcement, education, and policy work. The Comment also explains the guiding principle of the FTC’s current approach: “balancing the risk of harm with the benefits of innovation and competition.”
Next, the Comment applies this guiding principle to four areas highlighted by the NTIA’s Request for Comment: security, transparency, control and FTC enforcement. Here are some highlights:
- Security: The FTC has a strong history of data security enforcement and renews its call for comprehensive data security legislation.
- Transparency: The FTC encourages a consumer-oriented approach that takes context, form, effectiveness, and consumer demand into account.
- Control: The FTC continues to encourage “a balanced approach” that considers consumer preferences, the context of the choice (such as the type of data use and any associated risk), and the choice mechanism.
- FTC Enforcement: Drawing on its history of leadership and expertise on privacy and security issues, the FTC will continue its vigorous enforcement on privacy and security.
Finally, the Comment considers potential future directions for privacy policy in the United States. As the Comment notes, “the FTC brings an unwavering commitment to protecting consumers’ privacy while promoting competition and innovation.” Specifically, the FTC plans to continue using Section 5 to police deceptive and unfair practices. And on the subject of legislation, the FTC had this to say:
“Data security concerns are an important part of the privacy debate and, in light of the issues described above, the FTC continues its longstanding call that Congress consider enacting legislation that clarifies the FTC’s authority and the rules relating to data security and breach notification. The FTC also understands that both Congress and the Administration are considering federal privacy legislation, and the Commission strongly supports those efforts. Any legislation should balance consumers’ legitimate concerns about the protections afforded to the collection, use, and sharing of their data with business’ need for clear rules of the road, consumers’ demand for data-driven products and services, and the importance of flexible frameworks that foster innovation. Should Congress decide to pursue such legislation or otherwise expand the FTC’s enforcement authority, the Commission is prepared to share its expertise and assist with formulating appropriate legislation. That said, any such process will involve difficult value judgements that are appropriately left to Congress. Ultimately, no matter the specific laws Congress enacts in the privacy or data security area, the Commission commits to using its extensive expertise and experience to enforce them vigorously, consistent with its ongoing and bipartisan emphasis on privacy and security enforcement.”
Want to know more? Read the entire FTC Comment.