On February 18, 2015, Commissioner Julie Brill spoke to students at the Tuck School of Business at Dartmouth concerning the Federal Trade Commission’s (FTC’s) recent data privacy and security enforcement, as well as the FTC’s interactions with international regulators in this area. In her prepared remarks, Commissioner Brill described ways she hopes the FTC and other regulators can improve their current data privacy enforcement regimes to “develop practical, effective, and interoperable frameworks that will allow data to be adequately protected.”
Commissioner Brill addressed the skepticism of those who believe the United States is the “Wild West” of data privacy, by highlighting the FTC’s enforcement of Section 5 of the Federal Trade Commission Act. However, she made clear that the U.S. “consumer privacy and data security framework can and should be improved.” She specifically endorsed President Obama’s proposed legislation as described during a recent visit to the FTC. These legislative proposals include strengthening the FTC’s existing data security enforcement tools by authorizing the FTC to obtain civil penalties from companies that break the law. Further, the White House and the FTC seek legislation that would provide consumers with greater transparency concerning how their data is collected and used by data brokers.
In addition to her comments concerning methods to improve the U.S. data security regime, Commissioner Brill described ongoing discussions with foreign data security regulators, especially those in Europe, concerning the global flow of personal data. Like their counterparts in the U.S., European regulators are in the process of drafting a new regulation to heighten data security protections and address the dynamic new ways companies are using personal data. As they modify their own data security frameworks, the FTC and foreign regulators are engaged in a dialogue concerning the interoperability of their data privacy laws. Both groups recognize the importance of the flow of data to their respective economies, but each seeks to protect the interests of consumers and companies under their own laws. Commissioner Brill is “optimistic” that agreements will be reached to promote the interoperability of the data privacy regimes.
As more companies create products that will collect and transmit personal data, there will likely be significant changes to the data privacy regimes attempting to protect consumers from harm. To avoid potential regulatory action, any company that collects, uses or shares consumers’ personal data should ensure that there are protections in place to secure personal data from breaches or hacks. In addition, companies should promote transparency by providing clear statements about their data collection and use to consumers.