January 29, 2023

Volume XIII, Number 29


January 27, 2023

Subscribe to Latest Legal News and Analysis

FTC Chair Speaks at IAPP Global Privacy Summit

On April 11, 2022, Federal Trade Commission Chair Lina Khan spoke at the opening of the International Association of Privacy Professionals’ Global Privacy Summit. This speech marks Khan’s first major privacy address since her appointment last June.

In her remarks, Khan stated that the FTC has been focused on adapting its existing authority to address and rectify unlawful data practices. She noted a few key aspects of the FTC’s current approach:

  • The FTC focuses its “scarce resources to maximize impact,” with a particular focus on dominant firms with business practices that cause widespread harm and intermediaries that “may facilitate any unlawful conduct on a massive scale.”

  • The FTC takes an interdisciplinary approach by “assessing data practices through both a consumer protection and a competition lens.”

  • The FTC has been building up its team of technologists (including data scientists, user experience designers, AI researchers etc.) to work alongside skilled lawyers, economists and investigators to lead the FTC’s enforcement work.

  • When addressing violations, the FTC focuses on “designing effective remedies that are informed by the business incentives that various markets favor and reward,” with the intention of “pursuing remedies to fully cure the underlying harm and deprive lawbreakers the fruits of their misconduct.” She cited the FTC’s recent settlement with WW International Inc. and Kurbo, Inc. as an example of such approach. Moreover, the FTC also is focused on ensuring that remedies “reflect the latest best practices in security and privacy.” She cited the FTC’s recent settlement with CafePress as an example, where as part of the proposed settlement CafePress must implement a comprehensive information security program, with measures such as multi-factor authentication.

Due to the “realities of how firms surveil, categorize and monetize user data in the modern economy,” however, the FTC is considering how it might need to update its approach. For example, the FTC is “considering initiating a rulemaking to address commercial surveillance and lax data security practices.” Khan stated that the FTC also needs to “reassess the frameworks it presently uses to assess unlawful conduct” and specifically expressed concern that “the present market realities may render the present notice and present paradigm outdated and insufficient.” Khan urged that, going forward, the FTC should approach privacy and data security protections by considering “substantive limits” rather than procedural protections. She reasoned that the latter tends to create “process requirements while sidestepping more fundamental questions about whether certain types of data collection and processing should be permitted in the first place.” Lastly, Khan stated that privacy legislation from Congress also may help “usher in this new paradigm shift” at the FTC.

Copyright © 2023, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XII, Number 108

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct