The Fundamental Gap in Data Privacy Enforcement

Michael Volkov

The Volkov Law Group

We have seen a significant evolution in data privacy compliance and enforcement.  With the advances in technology, the public has become concerned about the collection, analysis and application of personal data. 

For years, such concerns have been focused in the health care and financial sectors.  As the Internet and cell phone use has advanced, consumers have become alarmed as social media companies, cell phone carriers and data miners have been using personal data to profile, target ads and seek consumer demand.

With the importance of personal data, companies have suffered serious data breaches resulting in the theft of large amounts of personal and sensitive data. 

Companies are subject to a patchwork of regulation among the fifty (50) states with California and other states leading the way in data privacy enforcement.  This patchwork, however, is unworkable in practice.  In response to this federal vacuum, Europe and other countries have filled the field with the GDPR.

Data regulation and compliance needs to evolve.  A federal statute and regulatory framework is desperately needed.  Unfortunately, although there have been numerous attempts to enact federal law to govern this area, Congress has been unable to enact a solution.  It is a perfect example of a governing failure.

The Federal Trade Commission has sought to fill this vacuum by stretching its statutory authority.  The FTC’s effort, however, is by definition limited.  The FTC does not have clear tools to use for enforcement purposes – it does not have a specific privacy law, civil penalty authority or the resources to enact an aggressive enforcement program.

To address data privacy concerns, the FTC relies on general consumer protection statutes.  The FTC relies on Section 5 of its authorizing act and its ability to challenge “unfair and deceptive practices.”  The FTC also lacks the resources needed to build a real and substantial data privacy enforcement program.  Without such clear enforcement responsibilities and resources, the FTC’s ability to enforce basic data privacy requirements has been —and will remain — limited and ineffective.

Congress’ prior attempts to enact a data privacy law have been unsuccessful because of several difficult policy issues. 

First, Congress has been divided over a requirement that companies notify law enforcement and the public when a data breach occurs.  To ensure such a requirement, Congress has considered a criminal or civil penalty for failure to comply with such a requirement.

Second, Congress has sought to preempt state data privacy requirements in order to establish a federal uniform standard for data privacy standards.  Some representatives oppose federal preemption and want to preserve state regulation of data privacy standards in tandem with a federal standard.

Third, Congress has been divided over whether to supplement federal enforcement with private, class action lawsuits based on violations of federal standards.  This issue usually divides Republicans and Democrats over whether to create another class action liability for companies that usually benefit plaintiff lawyers in organizing and prosecuting class action cases.

These three issues are significant but while Congress remains stymied on data privacy, the states and foreign government continue to fill the gap in data privacy regulation and enforcement.  Companies will continue to face a patchwork of requirements across the states and around the globe.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Michael Volkov, The Volkov Law Group | Attorney Advertising

Written by:

Michael Volkov

The Volkov Law Group on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.