WASHINGTON, November 30, 2021 – Privacy experts call on the Federal Trade Commission to initiate the empowerment process to penalize internet service providers who collect unnecessary data from their customers to serve targeted ads.
As discussions of privacy issues have focused overwhelmingly on big tech companies and how they use customer data, experts at a Federal Communications Bar Association privacy symposium on Nov. 16 said that ISPs should be in the crosshairs of federal regulators.
More precisely, according to Alain butler, chairman of the Electronic Privacy Information Center, the collection of unnecessary data from ISPs “demands action” from the FTC.
“The current status is that Internet service providers are under the jurisdiction of the FTC and the FTC must act” and not wait for other federal players to initiate ISP consumer privacy rules, Butler said. In 2017, the Congress vote prohibit the Federal Communications Commission, which regulates the telecommunications space, from making regulations on protecting the privacy of ISP consumers, leaving the door open for the FTC to regulate provider privacy practices.
But there is a wrinkle. While the agency can investigate and sanction business practices that are “unfair” and “deceptive,” according to the Federal Trade Commission Act, the FTC cannot issue its own federal privacy rules under its current privacy authority. consumers. To do this, the FTC should initiate a policy development process whereby the agency develops and publishes regulations, which can then become federal policy.
Some experts believe that the FTC would be the best entity to develop such rules and should initiate the process, while others believe that the FTC’s regulatory process was not designed to give the agency its own authority in confidentiality.
A separate federal agency for privacy regulation
As the FTC could receive funds to establish a privacy office under the direction of the House of Representatives reconciliation invoiceButler left open the question of whether the FTC should proceed by issuing general privacy regulations or whether it should be “analyzed” into specific issues.
“The FTC must adopt rules that establish fair data practices and seek to protect uses of secondary data and sensitive data,” such as biometrics and customer demographics, he said. Butler said the FTC’s privacy regulations would be a “temporary fix,” but that there must be a separate federal agency that regulates privacy in the United States. “Funding an FTC privacy office in the reconciliation bill is an important step forward,” he said.
The law at stake for an FTC privacy authority
The FTC’s ability to regulate privacy would be governed by the Magnuson-Moss Warranty-Federal Trade Commission Improvement Act. The Magnuson-Moss Act is known to add several steps beyond the normal federal policy-making process, including a requirement that the FTC must find problematic conduct “prevalent” in the marketplace.
“Magnuson-Moss was designed to stifle the FTC’s ability to engage in rule-making,” said the Georgetown law professor. David Vladeck. Issuing FTC privacy rules would be difficult, he said, because the FTC must overcome substantial hurdles before it can enforce privacy rules. “There is a clear implication that the FTC is not in a position to promulgate a rule unless it can prove to a post-rule-making court that intrusive conduct is ‘prevalent.’ Well, the Congress does not define ‘prevalent’, ”he added.
Butler argued that it will not be difficult to find the prevalence of data abuse. “The FTC would have no trouble finding problems endemic to the industry,” he said. “The [agency] is able to find that its widespread use of unrelated location data with the use of the service as prevalent in the market, and online behavioral tracking. Thus, according to Butler, the FTC would be able to prove that the abuse of data significantly harms consumers and properly uses its [proposed] the authority to enforce privacy rules for technology companies.
Kahn said changes to the rule-making process would remove “unnecessary and onerous procedures” that only delay the release of FTC rules.
FTC process could ‘surface’ problems
Despite the difficulty of issuing privacy regulations, Vladeck said it might be useful to initiate the process anyway, including “to bring out the issues” of privacy and data collection by individuals. ISP.
Vladeck pointed to “illegal dark models” as an example of a narrow problem the FTC can tackle. The FTC characterizes “Dark patterns” as methods used by businesses to keep consumers trapped in subscription services.
“The FTC is the only police officer on this pace,” Vladeck said, adding that it could act as an effective enforcement regime against data abuse that affects consumers.