December 3, 2022

Volume XII, Number 337

Advertisement

December 02, 2022

Subscribe to Latest Legal News and Analysis

December 01, 2022

Subscribe to Latest Legal News and Analysis

FTC Announces Proposed Rulemaking On Privacy and Data Security

The FTC recently announced an ambitious Advance Notice of Proposed Rulemaking (ANPR) broadly aimed at a host of privacy and data security issues. This is the first step by the agency to explore using its Section 18 rulemaking authority under the FTC Act to issue a broad consumer privacy-focused trade regulation rule. The ANPR poses 95 questions and various topics, ranging from collection of information from children, to consent, data security, biometrics, artificial intelligence, and automated decision-making. The ANPR is focused on the impact to consumers and as workers or employees in a business capacity.

In its overview, the FTC points to the rise in privacy and security regulation at the international and state levels, suggesting a need for a more comprehensive approach at the federal level. The Agency also noted limitations in its own regulatory parameters, citing limits to its ability to issue remedies. Because the agency generally lacks authority to seek monetary remedies for initial violations of the FTC Act, the Commission believes that enforcement of the FTC Act alone may not be enough to protect consumers. As a result, the Commission views rules that establish privacy and data security requirements as arguably providing the FTC the authority to seek financial penalties for first-time violations and thereby driving compliance.

Section 18 of the FTC Act authorizes the FTC to issue trade regulation rules that define with specificity acts or practices that are unfair or deceptive (known as “Mag Moss Rulemaking”). Under Section 18, the agency must show that the unfair or deceptive acts or practices in question are prevalent. This determination can be made only if the FTC has previously “issued cease and desist orders regarding such acts or practices,” or if it has any other information that indicates a widespread pattern of unfair or deceptive acts or practices. That said, the FTC’s stated purpose for the ANPR is to generate a public record about prevalent commercial surveillance practices or lax data security practices that are unfair or deceptive. The Commission concedes that the comments might not ultimately result in the promulgation of new rules, but that the comments will inform the Commission’s enforcement work and may inform reform by Congress or other policymakers.

Putting it Into Practice. While it is too soon to say whether this process will result in any substantive rules (Mag Moss rulemaking is a lengthy process taking several years if successful), the ANPR is nonetheless informative. The questions posed in the ANPR provide clues on the FTC’s perspective on certain activities and potential enforcement priorities. Comments to the ANPR must be received 60 days after publication of the notice in the federal register. The FTC will also be holding a public forum on September 8, 2022. Comments can be submitted online or by paper. Other guidelines for submitting comments can be found in the ANPR.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XII, Number 234
Advertisement
Advertisement
Advertisement

About this Author

Julia Kadish is an attorney in the Intellectual Property Practice Group in the firm's Chicago office.

Areas of Practice

Julia's practice focuses on data breach response and preparedness, reviewing clients' products and services for privacy implications, drafting online terms and conditions and privacy policies, and advising clients on cross-border data transfers and compliance with US and international privacy regulations and standards. She also workes on drafting and negotiating software licenses, data security exhibits, big data licenses, professional...

312.499.6334
Advertisement
Advertisement
Advertisement