Security: The FTC has been active in bringing data security cases and is exploring its remedial authority related to data privacy.
Transparency: The FTC supports transparency as an important means for building trust in privacy disclosures. Challenges arise with “how and when to be transparent” so that consumers have access to meaningful information at the right time. While privacy disclosures provide accountability, the FTC staff comment notes that many “are characterized by bloat, opacity, and legalese.” The FTC supports a more consumer-oriented approach to disclosures, including context-specific and sector-specific approaches.
Control: The FTC supports a balanced approach to consumer control of collection and use of data in a manner that “takes consumer preferences, context (including risk), and form into account.”
FTC Enforcement: The staff comment reports that the FTC has “used its enforcement authority vigorously” and “should continue to be the primary enforcer of laws related to information flows in markets.” However, the FTC’s enforcement capabilities are limited by lack of authority over non-profits and common carrier activity and the absence of civil penalty authority. FTC enforcement can be constrained because certain privacy laws are either targeted narrowly to specific risks or do not include in statutory definitions the kinds of data collection made possible as the result of technological advances.
The FTC staff comment urged Congress to act on data security and breach notification legislation. The Commission noted that “legislation should balance consumers’ legitimate concerns about the protections afforded to the collection, use, and sharing of their data with business’ need for clear rules of the road, consumers’ demand for data-driven products and services, and the importance of flexible frameworks that foster innovation.”