In a keynote address at the European Data Protection Days conference on May 4, 2015, Federal Trade Commission (“FTC”) Commissioner Julie Brill said that the FTC has enforcement authority under Section 5 of the FTC Act governing unfair and deceptive trade practices to address the data privacy and security risks posed by Internet-connected devices.  These devices, also known as the Internet of Things, employ new technology to connect everyday objects to the Internet and transmit data about consumers. 

While Congress did not have electronic commerce in mind when it passed Section 5, the FTC has used this provision to bring data privacy and security-related enforcement actions.  Commissioner Brill explained that Section 5 gives the FTC “broad, flexible authority to remedy harms to consumers in the market place” and “is a useful source of protection against inappropriate data collection, use, and disclosure with respect to the Internet of Things.”  She identified the FTC’s three areas of focus for the Internet of Things: (i) the security of data collected from connected devices; (ii) the collection and use of sensitive health, location, and financial information, and (iii) the fair and ethical use of big data generated from connected devices in data analytics.

Commissioner Brill urged industries to start developing best practices for consumer protection that focus on providing consumers with information and control over the use of their data.  She encouraged industries to “think bigger” and “get creative” in how to protect consumers, and suggested the use of new tools called “command centers” that could allow consumers more choice and control over multiple connected devices at once.  Commissioner Brill’s remarks echo a report released by the FTC in January detailing the risks associated with the Internet of Things and encouraging industry self-regulation.

Please click here for a copy of Commissioner Brill’s keynote address.