FTC chair: Agency reassessing rules amid current U.S. privacy landscape

FTC Chair Lina Khan, in remarks delivered Monday at the International Association of Privacy Professionals’ (IAPP) Global Privacy Summit, said “the realities of how firms surveil, categorize, and monetize user data in the modern economy invite us to consider how we might need to update our approach further yet.” She noted rulemaking the agency might consider, in addition to laws in place that could be updated to reflect the modern privacy landscape.

What Khan did not address was whether the FTC itself would consider launching rulemaking to provide the United States with a comprehensive data privacy law, as some members of Congress have requested. Many believe such important legislation should be crafted by elected representatives rather than a regulator, especially with four states now having privacy laws of their own on the books after Utah joined California, Colorado, and Virginia last month.

Indeed, Republican FTC Commissioner Noah Joshua Phillips said during a separate session at the IAPP’s conference that the responsibility should remain with Congress.

“The attitude that the more rules we make, the better society will be, I don’t think is right,” he said, according to the IAPP. “One of the big reasons is competition. One of the rules we may adopt may be bad for competition. Sometimes it’s worth it to offset competition to avoid some kind of harm.”

Khan said during her speech that the FTC is taking “an interdisciplinary approach, assessing data practices through both a consumer protection and competition lens. Given the intersecting ways in which widescale data collection and commercial surveillance practices can facilitate violations of both consumer protection and antitrust laws, we are keen to marshal our expertise in both areas to ensure we are grasping the full implications of particular business conduct and strategies.”

Regarding privacy-related actions currently underway, Khan said the FTC is considering initiating rulemaking to address commercial surveillance and lax data security practices. She further expressed concern the current “notice and consent” model is “outdated and insufficient,” with the criticality of modern technology to everyday life limiting consumers’ alternatives.

“The central role that digital tools will only continue to play invites us to consider whether we want to live in a society where firms can condition access to critical technologies and opportunities on users surrendering to commercial surveillance,” she said, adding national privacy legislation from Congress could address this issue.

Under its existing authority, the FTC is focusing on impact and defining effective remedies as part of its enforcement approach, Khan said. The agency has increased its recruitment of technologists to its staff to ensure their expertise is leveraged alongside lawyers, economists, and investigators when it takes action, she said.