Departing FTC leaders reflect on tenure, share visions
By Jedidiah Bracy, CIPP/US, CIPP/E
In two keynote speeches at the IAPP Practical Privacy Series in Washington, DC, departing FTC Commissioner J. Thomas Rosch and Bureau of Consumer Protection Director David Vladeck reflected on their rich and eventful tenures at the agency while expressing differing views underlying the FTC’s role in consumer privacy protection.
Noting the last four years have been “stimulating, challenging and extremely productive,” Vladeck praised the hard work of his staff and provided a “personal overview of the agency’s work.”
Rosch expressed his concerns about what he called the “new privacy paradigm” that began in 2010 with the agency’s work drafting a staff report on privacy. “My primary disagreement with this new privacy paradigm” said Rosch, “is that it uses the ‘unfair’ prong, rather than the ‘deceptive’ prong, of the Commission’s Section 5 consumer protection statute, to frame how the FTC should govern information gathering practices (including ‘tracking’),” and added, “I am uncomfortable about centering the agency’s policy recommendations and law enforcement initiatives on unfairness.”
The unfairness prong of the FTC’s Section 5 authority “is an elastic and elusive concept,” said Rosch. “What is “unfair” is in the eye of the beholder.” The FTC’s final staff report includes “reputational harms,” and what Rosch calls “intangible harms.” He warned, “Implementing some of the recommendations in the final Privacy Report would install “Big Brother” —the form of the Commission or the Congress—as the watchdog over these practices not only in the online world but in the offline world.”
Rosch “remembers the Senate in 1980 not appropriating money for the FTC as a result of using unfairness to effectively ban children’s advertising,” said Arnall Golden Gregory Partner Bob Belair. “Rosch would say that unfairness is a draconian approach and requires that there be tangible and substantial harm, that that harm be unavoidable by the consumer and that harm outweigh any benefits. That’s an analysis that’s been blessed in the courts and an analysis that the FTC has not yet fully engaged in,” adding, “Nobody makes the case for not using unfairness better than Tom.”
Belair explained that Vladeck, “by contrast very much believes the commission must use its unfairness powers if it’s going to move the needle on privacy.” Emerging topics such as Do Not Track, Privacy by Design, a comprehensive privacy framework, new definitions of personally identifiable information “require, in David’s view, some use of the unfairness doctrine. He argues that unfairness is right there in Section 5 and it makes great sense to use it.”
In his review of the FTC’s work over the past four years, Vladeck not only highlighted the work involved in producing the Final Staff Report, but also the agency’s work reviewing biometrics, the mobile ecosystem, the Children’s Online Privacy Protection Act and the Fair Credit Reporting Act. Noting its importance, Vladeck said the agency “will be doing more work on mobile apps and children.”
Vladeck also reviewed the FTC’s enforcement actions, not only with Facebook, Google and other high profile cases, but in cases covering data security—such as Wyndham—COPPA, FCRA—such as Spokeo—and the mobile space.
Though Vladeck did not discuss much by way of the FTC’s efforts with Do Not Track, he did describe the FTC’s “close working relationship” with the Consumer Financial Protection Bureau (CFPB). “The advent of the CFPB is an important step forward for consumers,” he said, adding “we welcome the participation” of the new agency. Putting aside jurisdictional concerns between the FTC and the CFPB, Vladeck described two commitments both agency’s have given industry. He noted that companies will not be “double teamed” and will be given “consistent advice.” This is a “commitment both agencies have strived to honor,” Vladeck said.
“If we’re going to continue to protect privacy and not backslide,” said Belair, “then there needs to be new approaches, whether it’s based on self-regulation or based on legislation, or new law enforcement actions, we have to stay vigilant because the technology—the ecosystem—changes.”
Read more by Jedidiah Bracy:
Exploring model privacy programs at organizations both large and small
Top scholars and practitioners tackle privacy’s complex challenges
MIT unveils Big Data research initiative
Experts say cybersecurity legislation bolsters need for oversight board