Some consumer advocacy groups released their own privacy framework last week, criticizing the Federal Trade Commission (FTC) for failing to crack down on Big Tech and calling for a new data protection agency to enforce privacy laws.
Any new federal privacy law, the consumer groups argue, should also set up this new agency.
“The FTC lacks rulemaking authority,” the groups stated. “The agency has failed to enforce the orders it has established (referring to Facebook’s violation of the FTC’s 2011 consent decree). The U.S. needs a federal agency focused on privacy protection, compliance with data protection obligations, and emerging privacy challenges. The agency should also examine the social, ethical, social, and economic impacts of high-risk data processing and oversee impact-assessment obligations.”
The privacy framework also calls for increased transparency of algorithms used by social media giants like Facebook, search engines like Google and fintech companies, and seeks to limit government access to consumer data.
The consumer groups released the framework almost two months after the FTC testified before the Senate Committee on Commerce, Science and Transportation and asked for greater rulemaking authority to crack down on Big Tech, the authority to fine tech companies for privacy violations, and more resources to tackle privacy issues.
Given the FTC’s apparent willingness to hold tech companies accountable for misconduct, especially when involving consumer data protection, the American Enterprise Institute’s Visiting Scholar Roslyn Layton thinks a new data protection agency is unnecessary and a waste of resources.
“FTC as a federal agency offers tremendous taxpayer value — they handle literally millions and millions of consumer complaints every year,” Layton told InsideSources. “The conversation should really be about strengthening the FTC, not punishing it.”
Regarding the FTC’s failure to enforce the 2011 consent decree, Layton thinks that is the Obama administration’s fault for cozying up to Silicon Valley.
“There is a fair critique to say hey, they didn’t enforce this consent decree on the big players, and I would attribute that to the Obama administration which was very close to the tech industry, that’s how they came to power,” she said. “That’s always an issue, but that’s part of why you have two parties on the commission.”
Aram Sinnreich, chair of communication studies at American University, takes a different view. Because the FTC’s primary responsibility is to regulate trade and competition, he said, a new agency is better suited to regulate privacy.
“Having a dedicated agency whose one sole purpose is policing the integrity of consumer citizen data is a great idea,” he told InsideSources. “It would be less susceptible to regulatory capture and have less conflict of interest in terms of interpreting what its function is and hopefully less susceptible to the vagaries of political pendulum swings. So I love that.”
Sinnreich thinks the FTC often fails to truly punish companies for wrongdoing, partly because industry leaders frequently become FTC commissioners and vice versa, confusing the objectives of the commission.
“Part of it has to do with political philosophies of trade that vary from administration to administration,” Sinnreich said. “Sometimes you’re going to have a more cautious, consumer-friendly administration and sometimes a more light-touch, business-friendly administration. That’s an issue that needs to be separate from the area of data privacy and security, which is essential to a functional democracy.”
Because consumer data protection and privacy issues are not trade issues, the FTC doesn’t really have a responsibility to regulate them.
“It’s not just about trade, it’s about functional democracy, human rights, civil rights, free speech,” Sinnreich said. “The issues that are raised by the flow of consumer data between state, commercial and criminal entities, are much broader than trade issues. It’s the kind of challenge that’s more appropriate for an independent agency to address.”
At the same time, many tech companies’ business models rely on the flow of consumer data — including Facebook, Google, and fintech companies like SoFi and Kabbage, which use consumer data to provide and consolidate different kinds of loans. Because consumer data and the modern tech industry depend on one another, Layton argues, the FTC does have jurisdiction over consumer data protection.
“This notion that consumer interests and market interests are conflicted, that’s not necessarily the case,” she said. “Consumers have benefited tremendously as a result of the online economy, and there’s multiple views on consumer interests.”
Congress hasn’t signaled whether it plans to set up a new agency to regulate consumer data protection or privacy, in fact, the Senate Committee on Commerce, Science and Transportation unanimously confirmed that the FTC should be the primary enforcer of any future privacy laws.
Multiple senators including Brian Schatz (D-Hawaii) and Marco Rubio (R-Fla.) introduced data protection bills over the last few months, reinforcing FTC authority and strengthening consumer data privacy.