The F.T.C. has nevertheless built a strong privacy program based largely on the Federal Trade Commission Act, which was passed more than 100 years ago, long before personal computers, the internet, social media or mobile phones were invented. This general-purpose law is supplemented by a few sector-specific privacy laws, like the Children’s Online Protection Act, which give the F.T.C. stronger authority to act in specific areas of the marketplace.
The F.T.C. Act gives the agency a lot to work with. The agency can investigate fraud, deception and clearly harmful practices by a wide array of companies. It can bring enforcement actions stopping such conduct and getting back money that consumers have lost. It can study trends in the marketplace and issue studies. And it can use the bully pulpit to call out troubling practices and educate the public, just as any government agency can.
Using this authority, the F.T.C. has challenged the privacy practices of some of the biggest companies (and prominent users of consumer data) in the world, including Facebook, Google, Twitter, Equifax, Microsoft, Uber, Wyndham and many others.
But the F.T.C. Act is not enough to protect privacy. Each action against these tech companies, for example, required painstaking investigation before the agency could obtain even the most basic privacy relief for consumers. Some also prompted controversy and litigation over the parameters of the F.T.C.’s privacy authority. At times, facing the reality of the limits on its powers, the agency has had to pull its punches.
[If you’re online — and, well, you are — chances are someone is using your information. We’ll tell you what you can do about it. Sign up for our limited-run newsletter.]
We are disappointed the California Assembly Privacy and Consumer Protection Committee will not hear A.B. 1760 , which would have substantially strengthened the California Consumer Privacy Act. Tomorrow, the Privacy Committee will instead vote on several bills backed by Big Tech interests that will erode the CCPA and the promises this law made to give all Californians the privacy rights they want and deserve.
Also, the F.T.C. can’t generally impose penalties on privacy wrongdoers, unless they’re already under an order for previous wrongdoing — as in the case of Facebook. Yes, it can get back money that consumers have lost, or order companies to “disgorge” its profits from illegal activities. But all of this can be very difficult to calculate in privacy, and even more difficult to prove in court, as many plaintiffs have learned in privacy class actions and similar litigation. That’s why the ability to obtain penalties is so important.
“While privacy regulation seeks to make tech companies betters stewards of the data they collect and their practices more transparent, in the end, it is a deception to think that users will have more “privacy.”” For one thing, large tech companies have grown huge privacy compliance organizations to meet their new regulatory obligations.