House Members Expect to Weigh FTC Authority, Privacy Obligations at Hearing
Expect the House Digital Commerce Subcommittee's Wednesday hearing to focus on whether the FTC has proper authority to protect consumers’ digital privacy (see 1807110060), members told us. “I want to see more authority given to the Federal Trade Commission,” said ranking member Jan Schakowsky, D-Ill. “Unfortunately, they don’t have the authorities that are needed in order to provide the kind of data security that we need. I think it’s the appropriate agency to do it, but presently they don’t have the capacity.”
Chairman Bob Latta, R-Ohio, noted the hearing will be the first time Chairman Joe Simons and Noah Phillips, Rebecca Slaughter and Rohit Chopra will testify as FTC members. Commissioner Maureen Ohlhausen, who is awaiting Senate confirmation for her judgeship (see 1806070037), will also testify. Christine Wilson will replace Ohlhausen when she leaves the agency. “We want to talk with them, have them in and hear what they have to say,” Latta said, adding the subcommittee wants to know whether the FTC can properly do its job.
“We tell them they have the authority, but they don’t have the resources to do what they have to do,” said Rep. Doris Matsui, D-Calif. “I don’t know whether at some point down the road we’re going to have to factor in whether we have another group looking at this, but we’re definitely going to have to figure out what’s going to happen with FTC.”
Schakowsky said some have suggested the federal government might need a separate agency focused on digital consumer protection: “At the very least, we need to empower the FTC more. So I want to hear from them about how they view their capacity now, if they need more authorities what are those, and get a sense from the committee about how we can do a much better job.” Legislation setting standards for earlier breach notification “would be a good start,” she said, citing her Secure and Protect Americans' Data Act (HR-3896).
“There’s a debate between the FCC and the FTC [over jurisdiction], but I want to hear the views about the FTC,” said Rep. Leonard Lance, R-N.J. “I want commitments [from the FTC] that it will recognize that we should have the greatest amount of privacy for the American people.”
ACT|The App Association President Morgan Reed said the FTC needs to take decisive action against a specific company, identify the data misuse clearly and provide a remedy, which will deter future bad behavior. The commission needs to “be more active, needs to use their bully pulpit, not in terms of making new law but enforcing the laws that are already on the books,” he told C-SPAN’s The Communicators. The agency needs to “stretch” its “legs” with existing regulations, he said.
Expect lawmakers to suggest what topics the agency should discuss when it holds a series of public meetings this year on consumer protection, said R Street Institute Technology Policy Manager Tom Struble. The agency is accepting public comments for those discussions through Aug. 20. Also expect questions from lawmakers about various data and privacy breaches, most notably the Facebook-Cambridge Analytica privacy breach, and cases involving Equifax (see 1710020021) and Uber (see 1804120056), said Struble. He said the FTC is the best agency available for data privacy and consumer protection, but it might be under-resourced. The FCC had 1,688 employees to regulate the telecom industry in 2016, while the FTC listed 1,140 employees in 2018.
Another possible item is the FTC’s recent defeat in LabMD’s data breach case before the U.S. Court of Appeals for the 11th Circuit (see 1806070015). The court said the commission can't require a company to completely overhaul its data security program but can ban specific acts or practices (see 1712070068). Observers said the case has important implications for FTC authority, with TechFreedom President Berin Szoka saying it jeopardizes the validity of past data security consent decrees. Struble said the agency has been criticized rightfully for relying too heavily on consent decrees. Struble suspects Simons will request more authority to go after informational injury cases like the Facebook-Cambridge Analytica breach. He cited recent comments from new Consumer Protection Bureau Chief Andrew Smith, who said it’s very difficult for the FTC to prove harm when consumers haven’t technically suffered financial loss (see 1806010051).
Digital Citizens Alliance Executive Director Tom Galvin noted new commissioners are fleshing out strategy to better scrutinize digital platforms. The slate was sworn in during an era with increased attention on digital platforms, Galvin noted. Privacy problems stem from a business model that has been the same for decades, he said: scrape as much data as possible, monetize it and provide as much content as possible to drive traffic. Platforms have fine-tuned this model, and the evolution is striking, he said, comparing the birth of social media to Pong and 2018 to Xbox. “When Facebook first emerged, the sophistication to scrape was minimal,” he said.