Addressing the IAPP Global Privacy Summit, recently appointed Federal Trade Commission (FTC) Chair Edith Ramirez indicated a focus on enforcement of COPPA and other directives, regulating the mobile space and an exploration of the impact of the “Internet of Things” on privacy would be priorities for the FTC going forward under her watch. She also mentioned optimism on aligning the EU’s Binding Corporate Rules (BCRs) with APEC Cross-Border Privacy Rules (CBPR). Ramirez was appointed FTC chair by U.S. President Barack Obama just five days ago. She addressed the IAPP in a back-and-forth discussion led by Jim Halpert, partner in the communications, e-commerce and privacy practice at lawfirm DLA Piper.
Early in her remarks, Ramirez indicated the FTC values the big stick it carries. “I just want to emphasize the importance of enforcement,” she said. “We haven’t been shy about taking on the tech giants…That’s vital and will continue.”
Where will that enforcement activity be focused going forward? Ramirez was non-specific but agreed with Halpert that enforcing the Congressional mandate passed along by COPPA “is a priority for us.”
“I personally feel quite proud of the work we did in that arena,” she said. “We addressed on that front mobile apps, plug-ins--I really think that rule is current and we absolutely intend to enforce it vigorously.
Look, too, for the FTC to continue use of its unfairness authority under Section 5. “I feel we’ve used that authority very judiciously,” she said, “and I want to see us continue to do that.” However, she said, “that’s not a blank check for us to go after privacy violations.
The standard, she said, will be, “Is there a real harm? A harm that isn’t speculative?”
She did agree with Halpert, though, that a harm needn’t be monetary or financial in nature. She cited by way of example the FTC’s DesignerWare enforcement, where it halted rent-to-own firms from spying on consumers by logging their computer keystrokes, capturing screenshots and even taking webcam pictures of people in their hom
es without notice or consent.
“There I think it’s very clear that it falls within our unfairness authority,” Ramirez said. “There are harms here that go beyond monetary harm.”
She also noted the FTC’s Facebook enforcement action. “Without communicating to its users, Facebook made available what was previously private information that included friends, likes and there, too, I thought we were well within our authority.”
Where might enforcement focus increase going forward? Ramirez called the mobile space an area “of increasing importance.”
“That continues to be an area of tremendous focus,” Ramirez said. “For me, it’s a major priority, considering the penetration is so high among American consumers.”
She also said issues surrounding identity theft, specifically child and senior identity theft--expect an upcoming workshop on senior issues, would be a point of focus, while indicating continuing support for progress in Do-Not-Track initiatives.
Ramirez was also asked about APEC CBPR, the progress being made there and how it might affect relations in the privacy arena with the EU.
She called the consensus-based efforts in developing those rules challenging, considering difference in privacy regimes and privacy cultures among the different nations involved, but “I really do see this as a huge step as we try to deal with the challenges in our global economy.”
“The Article 29 Working Party has been very interested in the work that has taken place in APEC,” Ramirez said, “and has been in a dialog with the economies of APEC to try to map the APEC system to the EU BCRs.” She called recent discussions “very productive” and pronounced herself “optimistic” that APEC and BCR commonalities can be found.
As for new initiatives under her watch, she called the Internet of Things “one area that I’ll want us to examine,” indicating there may be a workshop in upcoming months. “No matter what we do at the FTC,” she said, “the reality is that technology is just developing at a pace that we can barely keep up with. We need to be conscious of this, and it absolutely needs further study, and I certainly want to make sure the agency is looking at all these developments.”
In order to follow through on that promise, she said, the FTC would continue to bring on more technologists along the lines of initial chief technologist Ed Felten and current chief Steven Bellovin. Further, she said the FTC would look to reach deeper into the world of academia for contributions. She noted that the FTC was founded during the Progressive era and has emphasized from the outset its research mandate and a directive to act on evidence and data--something she talked about as recently as January in front of the New York Bar.
“We want to take that theory and marry it,” Ramirez said, “with the more practical solutions that we can convey and recommend to companies.”
In detailing the FTC’s significant achievements since she joined as a commissioner three years ago, Ramirez first pointed to the FTC’s “instrumental role in elevating the importance of Privacy by Design.”
“I think the conversation has changed materially in the last several years,” she said, noting the shift from lengthy privacy notices to a better focus on simplifying communications about privacy with consumers.
“I’m really encouraged when I go out to Silicon Valley by the stories that I hear about how seriously companies are taking privacy,” she said. “I know that privacy professionals within companies are very pleased when they hear their engineers talking about finding privacy solutions.” She mentioned specifically initiatives like Apple’s just-in-time notices as encouraging developments.
“All of these developments are critical and I hope to see more progress in that area,” she said.
Comments
If you want to comment on this post, you need to login.