On September 20, nine Democratic senators wrote a letter to the Federal Trade Commission (FTC), requesting that it create new rules to protect consumers’ personal data and privacy.
The senators played on FTC Chair Lina Khan’s aversion to Big Tech and aggressive antitrust agenda, which we discussed in a prior post, by stating that “Big Tech companies have used their unchecked access to private personal information to create in-depth profiles about nearly all Americans and to protect their market position against competition from startups.”
They also addressed concerns shared by Alvaro Bedoya, President Biden’s nominee to serve as an FTC commissioner, as we reported here, by noting that “communities of color have faced setbacks in the fight to protect their civil rights as new forms of discrimination have proliferated on social media platforms.”
The senators urged the FTC to use its rulemaking authority to craft a “national standard for data privacy and security.” And within that, they specifically urged the FTC to craft prohibitions on exploitative targeting of children and teens, opt-in consent rules for the use of personal information, and global opt-out standards.
According to the senators, the FTC is ideally situated to craft data privacy and security rules, given its “substantial institutional knowledge and expertise” and its track record of bringing data privacy and security enforcement actions, including actions brought under the Fair Credit Reporting Act (FCRA) and the Children’s Online Privacy Protection Act (COPPA).
Under the FTC Act, the commission can promulgate rules that prohibit unfair or deceptive acts or practices. And as we previously reported here, FTC Commissioner Christine Wilson, a Republican appointee, agreed that the FTC should use its rulemaking authority to craft comprehensive data privacy and security regulations, given the lack of congressional action on a comprehensive federal privacy statute and the expanding patchwork of state privacy laws.
Our Take. The FTC will likely engage in significantly more rulemaking under newly appointed Chair Lina Khan, and there is a growing consensus that data privacy and security regulations should be a priority. But federal data privacy and security regulations would not bar additional states from enacting data privacy and security laws, nor would it address the issues, like whether a federal privacy regime should include a private right of action or preempt state privacy laws, that have frustrated congressional efforts to craft a comprehensive federal privacy regime. But a successful rulemaking could discourage additional states from enacting data privacy and security laws, and that would be a true gain for privacy professionals and companies struggling to comply with the growing number of state laws.