Earlier this week, Maureen Olhausen, the Federal Trade Commission’s newest commissioner, shared her perspective on “The Federal Role in Privacy: Getting It Right” in a discussion at the Hudson Institute, a conservative-leaning think tank in Washington, DC. Her straightforward comments indicated she intends to take a cautious and holistic approach toward any expansion of the FTC’s role in safeguarding consumer privacy – an approach informed by her 11 years of service at FTC, which she noted is more experience than any of her fellow commissioners. Ultimately heading the Office of Policy Planning under Republican Chairwoman Deborah Platt Majoras from 2004 to 2008 no doubt gave her a broad view of FTC’s work on competition and economics, in addition to consumer protection. Among the views Olhausen expressed were:
- The core of the FTC’s mission is challenging deception, particularly fraud, and “should remain so.”
- Section 5 of the FTC Act – the “heart” of the Commission’s authority – is simple, but flexible and effective, as demonstrated by the recent settlement with DesignerWare, LLC and several rent-to-own stores for conduct that violated both the deceptive and unfairness prongs, and by the over one hundred spam and spyware cases and thirty-some data security cases brought by the FTC.
- She’s skeptical of calls for legislation to grant the FTC additional authority to protect privacy and criticized the Commission’s March report for not specifying what harms FTC’s current Section 5 authority can’t reach and not considering the impact of reducing “information flow” in the marketplace, citing ABA Antitrust Section comments on the latter point. New measures to protect consumer privacy, such as restrictions on data collection/usage for advertising, have to be weighed against their potentially negative impact on competition and improved products/services.
- Nonetheless, she supports a uniform federal law for data security and breach notification because there are gaps that could be closed and because a single standard would be better for company compliance and consumer expectations than the current patchwork of state laws. A federal law must be carefully crafted to provide reasonable precautions for safeguarding various types of data to avoid imposing undue costs not justified by consumer benefits.
- In addition to using its enforcement authority, the FTC must continue to educate business and consumers and conduct/spur research to inform its policy development.
Olhausen’s point of view on the adequacy of FTC’s current authority would seem to be at odds with that of many privacy advocates in Congress, including Senate Commerce Committee Chairman John Rockefeller, who has a bill to empower the FTC to write and enforce “Do-Not-Track” online regulations and who recently opened an investigation into the business practices of data brokers. Rockefeller’s October 9 letter to 11 industry CEOs quotes the FTC report (regarding shortcomings of industry self-regulation) that Olhausen criticized and asks a series of detailed questions about data sources, collection mechanisms, product offerings, FCRA compliance, consumer access, etc. As information collection and targeted marketing become even more sophisticated, technology - particularly with mobile devices - evolves, and data breaches increase, these differing points of view will almost certainly come to a head in the next Congress. How they are resolved - as with taxes, spending and so many other issues - may ultimately depend on what happens at the ballot box on November 6.