Intel Urges Tenfold FTC Privacy Staff Increase; ex-FTC Privacy Chief, Industry at Odds
The FTC should add at least 500 new privacy staffers so agency enforcement can keep pace with the digital economy, Intel Global Privacy Officer David Hoffman blogged Monday. Intel released its latest iteration of a federal comprehensive privacy bill, declaring a “privacy crisis.” The Consumer Protection Bureau’s Division of Privacy and Identity Protection has about 50 full-time employees. About 500 employees are within Consumer Protection overall and about 600 within Competition.
The agency should at least double the size of the “grossly under-resourced” privacy office, said ex-FTC Chief Privacy Officer Marc Groman in an interview. If the agency were granted the resources needed to add 500 privacy staffers, it could potentially handle dozens more cases as complex as the Facebook-Cambridge Analytica probe, Groman said. A larger privacy office would mean greater investigatory firepower, but it’s more important for Congress to grant additional statutory authority to strengthen the agency, said Public Knowledge Competition Policy Counsel Charlotte Slaiman, a former Competition Bureau staffer.
House Consumer Protection Subcommittee Chair Jan Schakowsky, D-Ill., and House Commerce Committee Chairman Frank Pallone, D-N.J., recently asked the FTC what it would do with an additional $50 million-$100 million in annual funding (see 1905010183). Chairman Joe Simons told the lawmakers he could hire 160-360 more employees.
Industry officials weren’t as direct or bullish as Groman about adding privacy staff. Information Technology and Innovation Foundation Vice President Daniel Castro said the FTC needs more staffers to close investigations, including probes without merit, and manage existing consent decrees. “If the FTC needs more staff to do its job then it should have it,” said NetChoice Vice President Carl Szabo. “With new staff the FTC should focus on enforcing current law, and Congress should resist the temptation to burden the FTC with excessive enforcement obligations.”
Many backing more FTC resources have noted the FTC’s European counterparts carry hundreds of privacy staffers. Comparisons with the size of the U.K. Information Commissioner aren’t fair, Castro said, because the volume of complaints and reports that office must process is “very high” under the EU’s general data protection regulation.
Others suggested creating a new data protection bureau within the agency. Adding hundreds to the privacy office wouldn’t necessarily make sense when the Consumer Protection Bureau carries about 500, Groman said. Creating a new bureau would be a significant undertaking, even if Congress grants the necessary funding, he said: “It’s not that they get the money and have hundreds of qualified lawyers” applying. The task of creating a new bureau is “significant but doable,” Slaiman said.
Intel’s Hoffman argued the FTC should have “narrowly tailored” rulemaking authority. Simons told Congress earlier this month (see 1905080067) not to give the agency “broad” rulemaking authority. Intel also wants the FTC to have civil penalty authority for violations of a new law. And state attorneys general should have “concurrent jurisdiction” so they can enforce in the absence of FTC activity, Hoffman said.
Intel joined BSA|The Software Alliance as have ServiceNow and Sitecore. Intel Executive Vice President Steve Rodgers, ServiceNow General Counsel Russ Elmer and Sitecore Chief Legal Officer Rich Foehr will join BSA’s board.