The newly filled Federal Trade Commission testified before Congress recently, with Chairman Joseph Simons calling for more agency power to provide additional consumer privacy protections.
Appearing before the Committee on Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection, Simons discussed the agency’s dual mandate to protect consumers and promote competition. “Year after year, privacy and data security top the list of consumer protection priorities at the Federal Trade Commission,” Simons testified. “These concerns are critical to consumers and businesses alike.”
The chairman highlighted several recent data security and consumer privacy enforcement actions, including a recently expanded settlement with Uber Technologies related to allegations that the company failed to reasonably secure sensitive consumer data stored in the cloud, and a deal with PayPal, Inc., to resolve allegations that its Venmo peer-to-peer service misled consumers about their ability to control the privacy of their transactions.
Simons reported that the FTC remains seriously committed to protecting children’s privacy, and he informed lawmakers about the commission’s first children’s privacy case involving Internet-connected toys. That action, against manufacturer VTech Electronics under the Children’s Online Privacy Protection Act, compelled VTech to implement a comprehensive data security program and pay a $650,000 fine.
Despite these successes, the FTC could use a little help, Simons said.
“Section 5 … cannot address all privacy and data security concerns in the marketplace,” he testified. “For example, Section 5 does not provide for civil penalties, reducing the Commission’s deterrent capability. The Commission also lacks authority over non-profits and over common carrier activity, even though these acts or practices often have serious implications for consumer privacy and data security. Finally, the FTC lacks broad [Administrative Procedure Act] rulemaking authority for privacy and data security generally. The Commission continues to reiterate its longstanding bipartisan call for comprehensive data security legislation.”
To help provide a “fresh perspective” on privacy and data security issues, Simons noted that the agency will conduct hearings on the current state of the FTC. “The Commission’s remedial authority with respect to privacy and data security will be a key topic in these hearings, and the comments and discussions on these issues will be one source to inform the FTC’s enforcement and policy priorities.”
Simons also discussed the agency’s efforts to ensure that advertising is truthful and not misleading, and he mentioned the FTC’s suits against companies claiming their products could alleviate the symptoms of opioid withdrawal. He also highlighted agency efforts to protect consumers from fraud and combat illegal robocalls (which resulted in a record-setting civil penalty of $280 million in a case against Dish Network).
Simons added that consumer education and outreach is yet another way the FTC fulfills its mission. It conducts advertising campaigns, it disseminates materials and articles on dozens of consumer issues, and it posts blog comments and social media updates.
Why it matters: While Simons shared the successful enforcement actions recently achieved by the FTC, he did not hesitate to ask lawmakers for assistance. “In my view, we need more authority,” Simons said in separate oral remarks before the subcommittee. “I support data security legislation that would give us three things: (1) the ability to seek civil penalties to effectively deter unlawful conduct, (2) jurisdiction over non-profits and common carriers, and (3) the authority to issue implementing rules under the Administrative Procedure Act. And we should consider additional privacy authority as well.” Even without these additions, however, Simons vowed that “under my leadership, privacy and data security will continue to be an enforcement priority, and the FTC will use every tool in our arsenal to redress consumer harm to the extent we can.”