FTC Begins New Efforts to Pass Federal Data Privacy Rules
As major multinational technology companies such as Apple, Microsoft, and Google, among many others, continue to exert influence over individuals from around the world due to modern society’s current reliance on the internet and mobile devices and services, regulators have been working to govern the ways in which these companies interact with consumers. From content moderation to data privacy concerns, there is a litany of issues that are associated with interactions that take place via the internet. With all this being said, the Federal Trade Commission (FTC) is the latest regulatory authority to take efforts aimed at safeguarding the personal data privacy of consumers that reside within the U.S.
Subsequently, the FTC announced on Thursday of last week that the government authority would begin taking steps to regulate the data privacy practices of companies and businesses that serve customers within the U.S. More specifically, the agency stated in a press release that “Rules that establish clear privacy and data security requirements across the board and provide the Commission the authority to seek financial penalties for first-time violations could incentivize all companies to invest more consistently in compliant practices”. Moreover, current FTC chair Linda Khan has made regulating big tech companies a priority for the FTC, as she herself has been a major critic of such companies, including Amazon, as well as others.
The FTC’s legal basis
In order to facilitate the regulation of the data protection practices of major tech companies, the FTC will look to the recently created rule-making group that was established by former commissioner Rebecca Kelly Slaughter in April of 2021. This approach is a departure from the ways in which the FTC has regulated the deceptive and unfair trade practices of U.S. companies in the past, where much of the efforts of the regulatory agency were geared toward protecting consumers from the actions of big tech companies as opposed to regulating these companies outright. Nevertheless, expanding the scope and applicability of the FTC’s data privacy protection regulation abilities is a complex and nuanced undertaking for a number of different reasons.
First and foremost, despite the perception that the FTC may have with respect to the American populace, the small government agency is just one of many, and as such, the resources the agency has to fight the influence of big tech companies are somewhat limited. What’s more, passing the privacy regulations that the FTC desires is an inherently cumbersome process, as these rules must pass through the hands of Congress just as any other federal law would. On top of this, the FTC specifically has a history of a perceived overreaching of its authority as it pertains to the regulation of major businesses. This dates back to the 1970s, when the government agency attempted to ban children’s television advertisements in the U.S.
In addition to the steps that the FTC has been taking to protect the personal information of American consumers within the past few years, U.S. Congress representatives Pallone, Rodgers, Schakowsky, and Bilirakis also introduced HR 8152, otherwise known as the American Data Privacy and Protection Act in June of 2022. Likewise, the notion of the federal government passing two major privacy regulations within such a short period of time would be a complete deviation from the ways in which such matters have been handled in the past. In spite of this fact, in the wake of several comprehensive data privacy laws that have been enacted in U.S. states in the past few years, including The Virginia Consumer Data Protection Act (VCDPA) and the Colorado Privacy Act, just to name a few, many privacy advocates have called for the federal government to enact similar legislation.
This being said, laws such as the VCDPA and the Colorado Privacy grant residents within these respective states a number of rights as it relates to the collection and processing of their personal information, effectively putting more onus on major businesses to consider whether their data privacy practices are putting data subjects at risk. Furthermore, businesses that fail to adhere to these data protection laws are also subject to a wide range of penalties, ranging from monetary damages to legal consequences. The EU’s General Data Protection Regulation (GDPR) is perhaps the most prominent example of such legislation on a global scale, as businesses operating within the EU that are found to be in violation of the law can be hit with monetary fines of up to 4% of a business’s annual turnover for a given fiscal year.
While talks of the U.S. federal government regulating the data collection, processing, and transfer practices of major businesses have been an ongoing discussion for several decades as of 2022, there are several factors that have aligned in the past few years that make this notion much more of a reality than it has ever been. Most notably, the current reliance that people all over the world currently have on online and digital services makes the passing of such legislation all but inevitable, a sentiment that was recently echoed by President Joe Biden when discussing the FTC in May of this year. To this point, the chances of a major data privacy law or regulation passing at the U.S. federal level remains to be seen.