House members expect to weigh FTC authority, privacy obligations at hearing
Expect lawmakers to suggest what topics the agency should discuss when it holds a series of public meetings this year on consumer protection, said R Street Institute Technology Policy Manager Tom Struble. The agency is accepting public comments for those discussions through Aug. 20. Also expect questions from lawmakers about various data and privacy breaches, most notably the Facebook-Cambridge Analytica privacy breach, and cases involving Equifax (see 1710020021) and Uber (see 1804120056), said Struble. He said the FTC is the best agency available for data privacy and consumer protection, but it might be under-resourced. The FCC had 1,688 employees to regulate the telecom industry in 2016, while the FTC listed 1,140 employees in 2018.
Another possible item is the FTC’s recent defeat in LabMD’s data breach case before the U.S. Court of Appeals for the 11th Circuit (see 1806070015). The court said the commission can’t require a company to completely overhaul its data security program but can ban specific acts or practices (see 1712070068). Observers said the case has important implications for FTC authority, with TechFreedom President Berin Szoka saying it jeopardizes the validity of past data security consent decrees. Struble said the agency has been criticized rightfully for relying too heavily on consent decrees. Struble suspects Simons will request more authority to go after informational injury cases like the Facebook-Cambridge Analytica breach. He cited recent comments from new Consumer Protection Bureau Chief Andrew Smith, who said it’s very difficult for the FTC to prove harm when consumers haven’t technically suffered financial loss (see 1806010051).
