Addressing the Senate Judiciary Committee's Subcommittee on Privacy, Technology and the Law, Federal Trade Commission Chair Edith Ramirez and Commissioner Maureen Ohlhausen discussed the agency's efforts with regard to consumer privacy.
The legislators called the hearing to examine the Federal Communications Commission's proposed privacy rules, asking the members of the FTC to share their experiences in the privacy realm.
In joint testimony, Ramirez and Ohlhausen talked about the FTC's three-pronged approach to privacy: enforcement, policy initiatives, and business guidance and consumer education. "Although the privacy landscape has evolved, the FTC's interest in privacy issues has remained constant over the last 40 years," they told lawmakers.
Emphasizing the Commission's "unparalleled experience in consumer privacy enforcement," Ramirez and Ohlhausen noted that the agency has brought more than 500 actions protecting the privacy of consumer information, with cases covering both offline and online information against companies large and small. "The FTC's current privacy enforcement priorities include mobile, health, the Internet of Things, and data security," the Commission members told lawmakers. It highlighted a recent action involving a popular app operator over deceptive claims that photos and videos sent through its app would disappear at a time set by the sender. In reality, easy work-arounds allowed the messages to be kept forever.
Data security has been the subject of 60 cases against companies that failed to implement reasonable safeguards for the data they maintained, the Commissioners added. It recalled a settlement with computer hardware company ASUS for neglecting to timely address vulnerabilities found in its routers or notify consumers about the availability of security updates.
Policy initiatives with regard to consumer privacy have included workshops—dating back to the first workshop on Internet privacy in 1996—as well as reports, including the agency's 2012 Privacy Report, "which set forth key privacy principles that should apply across diverse technologies and business models," Ramirez and Ohlhausen said. More recently, the FTC published reports on the Internet of Things and the data broker industry, while hosting workshops on issues like cross-device tracking and the upcoming fall technology series that will focus on the privacy and security of ransomware, drones, and smart TVs.
Consumers and businesses have benefited from the FTC's education and guidance in a variety of tools (publications, online resources, workshops, and social media), the Commissioners told the Subcommittee, and the agency has developed privacy guidance for specific industries, such as mobile app developers.
Finally, Ramirez and Ohlhausen discussed the FTC's "long history of successful cooperation with the FCC on consumer protection issues, including issues related to privacy and data security." Although the agencies formalized their collaboration in a Memorandum of Understanding just last year, the prior decades have included work together on the federal Do Not Call Registry, investigations into "pretexting," and joint enforcement efforts, such as cases challenging the practice of mobile cramming.
To read the Commission testimony, click here.
Why it matters: The FTC members shared with lawmakers the Commission's history of regulation and enforcement in the privacy realm and discussed its joint efforts with the FCC. Although legislators expressed concern about the FCC's entry into the privacy realm, FTC Chair Ramirez expressed confidence in the agencies' abilities to share the sandbox. "Our goal in working together is to use our complimentary expertise and authority to protect consumers as effectively and efficiently as possible, avoid duplication, and promote consistency," she said. "I commend the FCC for focusing on the important issue of consumer privacy." The FTC intends to file a formal comment on the FCC's proposal, she added.