Federal Trade Commission intends to regulate “trade surveillance” – Privacy Protection

To print this article, all you need to do is be registered or log in to Mondaq.com.

On August 11, 2022, the Federal Trade Commission (FTC) issued an Advance Notice of Proposed Rulemaking (ANPR) and announced an upcoming public forum on “Trade Surveillance and Data Security Practices.” The long-awaited ANPR reflects the FTC’s growing attention and interest in regulating privacy and data security business practices, in addition to pursuing enforcement actions on a case-by-case basis. The announcement represents the first step in a lengthy rule-making process that will likely take at least twelve to eighteen months.

ANPR asks a series of open-ended questions about the need for new privacy rules in today’s “commercial surveillance economy”, an ever-expanding commercial ecosystem on the Internet where companies monitor the online activities of consumers and collect and monetize their personal data, often using automated and algorithm-based processes.

ANPR invites comments on a wide range of issues, including:

  • The evil of commercial surveillance activities and lax consumer and child data security practices;

  • How the FTC should balance costs and benefits in regulating commercial surveillance and data security;

  • Whether the FTC should start developing rules on commercial surveillance and data security, and what kinds of requirements the FTC should impose;

  • What is the prevalence of algorithmic errors in automated decision-making systems and how the FTC can regulate automated decision-making systems and reduce the harmful effects of algorithmic errors;

  • What is the extent of algorithmic discrimination in automated decision-making systems and how the FTC should address algorithmic discrimination;

  • Whether consumer consent remains effective or viable as a tool for regulating companies’ commercial surveillance and data security practices;

  • How to improve the effectiveness of reporting, transparency and disclosure of corporate commercial surveillance practices;

  • consumer redress; and

  • How any regulations on commercial surveillance and data security should take into account changes in commercial advertising models and commercial surveillance practices.

The FTC opened the ANPR with concern that consumers share “a wide range of personal information about themselves with companies”, often without realizing it, and that an “elaborate and lucrative market” allows businesses to use this information to individually target goods and services to consumers. It then seeks public comment on the harms associated with lax data security standards, including identity theft, fraud and cyberattacks on national critical infrastructure; the potential for misuse of consumer data, such as to automate the targeting of fraudulent products and services to vulnerable consumers, or enable harassment, cyberbullying and distribution of harmful material; and harm to children, including from services that collect data about children and create dependency for them. Additionally, the agency asks about practices that require consumers to share their data in order to obtain a service or that materially change privacy practices after a consumer signs up for the service. Additionally, the FTC requests information about discrimination and inaccuracy in automated decision-making systems, including the algorithms that support them. Finally, the commission asks questions reflecting its growing interest in “dark model” practices, or efforts to manipulate consumers into sharing personal information.

The FTC passed ANPR by a 3-2 vote, with Commissioners Wilson and Phillips dissenting and arguing that Congress should regulate privacy through a comprehensive federal privacy law. In late July, the U.S. House of Representatives Committee on Energy and Commerce sent the U.S. Data Privacy and Protection Act (“ADPPA”) to the entire House for a vote. If passed by both the House and Senate, ADPPA would establish the first comprehensive federal data privacy framework. FTC Chairman Khan noted that if Congress passes a federal privacy law, the commission would reassess the need for business regulation rules on commercial surveillance and data security. Commissioners Slaughter and Bedoya issued statements supporting both FTC and Congressional privacy action.

Comments to ANPR will be due 60 days after the ANPR is published in the Federal Register. The FTC will host a virtual public forum on ANPR, including both panel discussions and a public comment session, on September 8, 2022.

ANPR is the first step in the FTC’s process to issue trade regulation rules under Section 18(a)(1)(B) of the Federal Trade Commission Act. 1 Based on the public filing developed in response to the ANPR, the FTC will decide whether to issue, as planned, a Notice of Proposed Rulemaking (NPRM), proposing specific rules to regulate commercial data collection and trading practices. data security. Any NPRM would be followed by a public comment period before the adoption of the final rules.


1. 15 United States Code § 57a(a)(1)(B)

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.


CCPA may soon apply to employee and B2B information

Sheppard Mullin Richter & Hampton

Companies subject to California’s Consumer Privacy Act (CCPA) will soon have to figure out how to adapt their privacy programs to include employee and B2B information.

The Sephora case: don’t sell, but do you sell?

Goodwin Procter LLP

Businesses have barely had time to recover from a busy privacy summer, with US privacy legislation moving over the Hill and the US Federal Trade Commission launching United by a broad regulatory initiative…

Aurora J. William