The FTC: A Federal Agency Privacy Advocates Can Love?

By Casey C. Sullivan, Esq. on June 18, 2015 | Last updated on March 21, 2019

The federal government doesn't usually get much praise from privacy advocates. Whether it's the NSA's mass data collection program, or Homeland Security's collection of facial recognition data, there's plenty of skepticism when it comes to the federal government and privacy.

But, if there's one agency that has gained the respect of privacy advocates, it may be the Federal Trade Commission. Over the past decade the FTC has evolved into America's primary "privacy cop," pursuing actions against companies that have fallen short of their privacy promises, violated consumers' privacy rights, or failed to keep sensitive data secure.

FTC's Privacy Authority

The FTC's ability to take privacy and data security actions comes from it's broad Section 5 authority. Section 5 of the FTC Act prohibits "unfair and deceptive acts and practices" in commerce. Under the unfairness prong, the FTC can investigate when a company subjects consumers to a risk of substantial injury which consumers cannot reasonably avoid on their own. This application of the law is controversial though and many business's who have been subject to FTC actions under it claim that the Commission has overstepped its bounds.

Those complaints haven't stopped the FTC, however, who has pursued dozens of data breach actions in the past years. FTC's data breach actions often start by looking at whether the measures taken before the breach were "reasonable." The FTC doesn't define what is and is not reasonable -- and it has the benefit of hindsight when bringing actions.

The FTC's Expanding Enforcement

The FTC is also looking to expand its enforcement actions into another corner of the scary world of privacy and data insecurity -- the "Internet of Things." The Internet of Things, you'll remember, is all the web-connected everyday devices that allow you to Tweet from your refrigerator, spy on your nanny, and regulate your home's air conditioning from two states away.

Regulators and privacy advocates agree that the IoT has major privacy and data security risks, though no laws or formal rule making has been undertaken to address them. That leaves the FTC as one of the few players filling the void.

The FTC is making furtive steps towards protecting privacy in the Internet of Things with its action against TRENDnet. TRENDnet makes nanny cams. In 2012, hackers breached the cam's security measures, spied on your babies and posted the pictures to TRENDnet's hacked website. A settlement required the company to institute strict security measures and submit to regular audits.

To help IoT companies avoid similar actions in the future, the FTC recently formed the Office of Technology Research and Investigation to focus on privacy, data security, and the tech industry (including the IoT, big data, and smart cars). This May, the FTC Commissioner indicated that the agency is most concerned with misleading consumers, failing to disclose data collection, and failing to reasonably secure consumer information.

For now, that's gaining the FTC praise from privacy advocates, but only time will tell if the love affair will last.

Related Resources:

Copied to clipboard