The Federal Trade Commission (FTC) is taking the first step in developing new federal privacy laws to protect users from invasive data-collection practices.
The agency today announced(Opens in a new window) it’s started a rule-making process geared toward cracking down “on harmful commercial surveillance and lax data security” occurring among companies.
The FTC is specifically asking(Opens in a new window) if it’s time to implement new rules about how companies “collect, aggregate, protect, use, analyze, and retain consumer data.” The other focus concerns when the data is transferred, shared, sold, or monetized in ways that “are unfair or deceptive.”
FTC Chair Lina Khan says that “potentially unlawful practices may be prevalent” across the tech industry, given that all kinds of companies are frequently collecting data about consumers in various ways, often without their knowledge.
The problem is that the US lacks a federal data privacy law. This has forced the FTC to crack down on offenders on a slower, case-by-case basis, using existing regulations, FTC Commissioner Rebecca Kelly Slaughter said during a press conference.
“The FTC’s ability to deter unlawful conduct is limited because the agency generally lacks authority to seek financial penalties for initial violations of the FTC Act,” the commission said in a statement. “By contrast, rules that establish clear privacy and data security requirements across the board and provide the Commission the authority to seek financial penalties for first-time violations could incentivize all companies to invest more consistently in compliant practices.”
The goal is to go after the “systemic” causes behind the data surveillance and lax cybersecurity practices by creating regulations that’ll force the entire industry to comply. For example, one aim could be to impose heavier civil penalties on companies that have suffered a data breach.
Still, the FTC notes “it’s too early to tell” what the rules will look like, and how they might protect consumers. The proposed rules could also take years to develop, delaying any greater enforcement in the near-term. In addition, the FTC risks facing opposition from Congress, which has been trying to pass its own data-privacy legislation.
“Today’s proposal from the FTC is another example of the agency thinking it can remake the economy to its liking. Congress must first give the FTC the authority before it can act,” the US Chamber of Commerce said in a statement(Opens in a new window).
However, the FTC says the rules will be developed under its existing consumer protection authority. Last year, the White House also issued an executive order that encouraged the FTC to exercise its authority to crack down on “unfair data collection and surveillance practices that may damage competition, consumer autonomy, and consumer privacy.”
Recommended by Our Editors
During Thursday’s press conference, the FTC also urged Congress to move forward on its own federal privacy legislation, which could arrive more quickly, and the agency would follow.
In a statement, US. Sen. Roger Wicker, R-Miss., urged the House to bring the American Data Privacy and Protection Act—of which he is a cosponsor—to the floor and for the Senate Commerce Committee to advance it through committee.
““o get real consumer data privacy protections, Congress must act. FTC commissioners have acknowledged that legislation, not regulation, is the preferred way to achieve these protections,” Wicker said.
In the meantime, the FTC will host an online forum(Opens in a new window) seeking public input about the rules on Sept. 8.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0
