Welcome

New FTC Leadership Likely to Put Consumer Privacy in Crosshairs

Jan. 22, 2021, 7:47 PM

A Democrat-led Federal Trade Commission is likely to increasingly focus on policing companies’ privacy practices even as it contends with the high-profile Facebook Inc. monopoly investigation, attorneys say.

While the agency—with its broad purview of antitrust and consumer protection—isn’t focused solely on privacy, it has continued to ramp up actions against companies whose data-sharing practices don’t match their stated policies.

“There were significant settlements related to data security issues under Trump, but we’re likely to see even more,” said Elizabeth McGinn, a privacy and cybersecurity partner at Buckley LLP in Washington.

President Joseph R. Biden named Rebecca Kelly Slaughter acting chair of the agency Jan. 21. He’s tasked with choosing replacements for Joseph Simons, who is stepping down as chairman Jan. 29, and Commissioner Rohit Chopra, who’s been tapped by Biden to lead the Consumer Financial Protection Bureau.

Whether Slaughter remains as permanent chair remains to be seen, but she and Biden’s picks are likely to have a dedicated eye toward privacy enforcement, said Greg Szewczyk, a privacy and cybersecurity partner at Ballard Spahr LLP in Denver.

“It’s hard to imagine a situation where we’re not taking a step that’s going to be more consumer-driven,” Szewczyk said.

An FTC spokesperson didn’t immediately respond to a request for comment about Slaughter’s priorities as acting chair.

Slaughter’s Role

Slaughter, who has served as a commissioner since May 2018, has been outspoken about the abuse of consumers’ data and advocated for greater resources at the agency.

Slaughter in November dissented from a Zoom Video Communications Inc. settlement that required the company to implement measures to protect user security but didn’t require changes to directly protect user privacy.

“Too often we treat data security and privacy as distinct concerns that can be separately preserved,” Slaughter wrote in the dissent. “In reality, protecting a consumer’s privacy and providing strong data security are closely intertwined, and when we solve only for one we fail to secure either.”

She has also indicated a willingness to go after companies for unfair privacy practices instead of relying on deception claims, which can be more straightforward to prove, said Cynthia Cole, a technology and data privacy attorney at Baker Botts LLP in Palo Alto, Calif.

“She’s really paying attention in the privacy space,” Cole said. “You might see more actions less focused on data breaches and more focused on going after high-profile privacy violations.”

Focus Areas

Biometric privacy could prove to be an enforcement priority for the agency going forward, said Frank Nolan, a partner at Eversheds Sutherland (US) LLP in New York.

Only a handful of states have laws that specifically regulate biometric information, but the agency has pursued those types of cases, including a settlement with now-defunct photo storage app Everalbum Inc. earlier this month.

“The FTC seems to be stepping into that void,” Nolan said. “Whether or not privacy laws get enacted, the FTC is going to be active in this space.”

Children’s privacy could also find itself under the spotlight, McGinn said. The FTC in 2019 initiated rulemaking to update the Children’s Online Privacy Protection Rule to better address interactive media and new technologies, and it’s likely these efforts will continue under the Biden administration, she said.

Slaughter and Biden’s new appointees could also push to investigate mobile applications that collect geolocation data, as well as algorithms and artificial intelligence tools that implicate consumer data, Szewczyk said.

The agency in December issued orders to Snap Inc., Twitter Inc., and other large social media companies requiring them to provide data on how they collect and use personal information, as well as how their practices affect children and teens.

“Too much about the industry remains dangerously opaque,” Slaughter, Chopra, and Commissioner Christine Wilson wrote in a statement regarding the news.

There’s been a “fairly unified enforcement front” in terms of data breach actions, but a Democrat-led commission could result in more aggressive penalties for businesses and a broader focus on pursuing privacy violations that aren’t tied directly to a breach, Szewczyk said.

“Over the next four years, I think we’re going to see higher and more frequent monetary fines,” he said. “I wouldn’t be surprised to see some attempts to go after individual executives, which has been something that the Republican commissioners have generally resisted.”

To contact the reporter on this story: Jake Holland in Washington at jholland@bloombergindustry.com

To contact the editors responsible for this story: Kibkabe Araya at karaya@bloombergindustry.com; Keith Perine at kperine@bloomberglaw.com

To read more articles log in. To learn more about a subscription click here.