The bipartisan legislation to establish a federal privacy law in the United States – the American Data Privacy and Protection Act – moves through Congress. Meanwhile, the Federal Trade Commission (FTC) has now taken steps to address issues related to commercial data. Read on to learn how you can potentially influence the data privacy direction of the FTC’s work.
On August 11, 2022, the FTC announced that it seeks public comment regarding its Advance Notice of Proposed Rulemaking (“ANPR”). It asks a series of questions related to commercial surveillance and data security. An ANPR signals to the public that the FTC is considering an area for rulemaking and requests written comments on its appropriate scope or on specific topics. It provides an opportunity for concerned stakeholders to weigh in on which questions deserve the FTC’s consideration and which direction the FTC should take.
For purposes of this ANPR, the FTC defines “commercial surveillance” as the business of collecting, analyzing and profiting from consumer data.
The FTC seeks comment on whether the Commission should implement new rules governing the ways in which companies (1) collect, aggregate, protect, use, analyze and retain consumer data, as well as (2) transfer, share, sell or otherwise monetize consumer data in ways that are unfair or deceptive.
• To what extent do commercial surveillance practices or weak security measures harm consumers, including children and teenagers?
• How should the FTC balance the costs and benefits of existing or emerging commercial surveillance and data security practices? What would be the costs and benefits of establishing and enforcing rules to address them?
• Should the FTC regulate harmful commercial surveillance or data security practices? If it acts to do so, what would those regulations entail?
The FTC’s announcement highlights that everyday technologies enable “near constant surveillance of people’s private lives.” Further, that surveillance exposes individuals to identity thieves, as well as heightens the risks of deception and other abuses.
The European Commission’s announced in December that it has begun its process to adopt an adequacy decision for the EU-U.S. Data Privacy Framework (the Framework). Companies seeking to transfer data from countries in the European Union to the United States will need to take steps to be in alignment with this new change.