FTC Consumer Protection Chief Cites Paradigm Shift for Privacy
The FTC’s cases against Facebook and Google show a paradigm shift in privacy enforcement, Consumer Protection Bureau Director Andrew Smith told an FCBA event Monday. The Facebook case (see 1907240042) provided a new model for relief, while the Google case, which involved Children’s Online Privacy Protection Act (COPPA) allegations (see 1909040066), established a new approach for liability, said Smith. The broader message in the Google case is that if users are violating the law, the platform can’t necessarily escape enforcement when there’s knowledge of the violations, he said.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
FCC Commissioner Geoffrey Starks, speaking separately, said he remains focused on advertising tech practices involving location data. He and Rep. Yvette Clarke, D-N.Y., issued a statement in August saying communities of color and protesters are at particular risk of the digital ad industry improperly tracking consumers (see 2007310061). “It caught my attention because the FCC has separately been investigating the wireless carriers' use of location data,” he said Monday.
Starks noted he sent a letter independently to AT&T and Verizon asking for information about bitstream advertising processes. Those companies have subsidiaries involved in adtech and customer proprietary network information practices, he said. He received responses and is continuing to “digest those issues” but said there was “nothing in particular to announce” Monday. He said it’s a “broad issue” that isn’t going away.
The FCC needs to “do more” to protect Lifeline program users, Starks said: “I was outraged to learn that some Lifeline customers have received phones loaded with malware that allows outside parties to install programs without the owners’ knowledge or consent. The commission needs to do a better job of ensuring that Lifeline recipients get the same level of privacy protections as other consumers.”
Privacy Shield is “stumbling,” but conversations continue about replacing it, just like the Safe Harbor Agreement, said NTIA Telecommunications Policy Analyst Travis Hall. The data hasn’t stopped flowing between the U.S. and EU, despite the PS’ “stumbles,” he said. Hall argued bipartisan consensus is developing with privacy legislation, industry best practices. He suggested a need for ambiguity in any statute, maybe so an agency could use its rulemaking authority to verify codes of conduct.
Both voluntary and regulatory regimes have a role, but industry best practices should come first, said NCTA Vice President Svetlana Gans: Enforcement should be necessary only on a case-by-case basis.
The panel that included Gans discussed potential state privacy laws to watch. CTA is monitoring privacy legislation in Oregon, given member responses, said Vice President-Policy and Regulatory Affairs Jamie Susskind. Because of Washington state’s privacy negotiations and a potential law, it rivals California, said Electronic Frontier Foundation Senior Staff Attorney Lee Tien. Washington is more corporate-focused than California, which is more consumer-focused, he added.
Susskind discussed CTA’s participation in the FTC’s review of COPPA (see 1912120062). COPPA has an important role, but CTA wants more clarity surrounding voice recording data collection and some changes regarding parental consent, said Susskind. CTA thinks consent should be updated to allow text- and social media-based adult consent to keep pace with innovation, she said.