WASHINGTON, D.C. — Consumer Reports and the Electronic Privacy Information Center (EPIC) today released a white paper that provides a detailed roadmap for how the Federal Trade Commission (FTC) should issue privacy rules under its unfair practices authority.
Justin Brookman, director of technology policy at Consumer Reports, said, “We have been waiting decades for Congress to provide baseline privacy protections over our data. Given the continued erosion of consumer privacy, the FTC should press forward in crafting rules that prohibit by default unnecessary data collection, use, and disclosure.”
Alan Butler, executive director and president of EPIC, said, “The Federal Trade Commission has the authority and the ability to make the internet safer and more private for everyday people. For too long the data practices of companies online have been dedicated by large and powerful corporations, and users have been subject to invasive surveillance and dangerous profiling. It is time for rules that put users first and end these invasive and unfair business practices.”
The paper urges the FTC to establish a Data Minimization Rule to prohibit all secondary data uses with limited exceptions, ensuring that people can safely use apps and online services without having to take additional action. It also lays out two additional options to consider should the FTC decline to prohibit all secondary uses: prohibit specific secondary data uses, such as behavioral advertising or the use of sensitive data; or mandate a right to opt out of secondary data use, including through global opt-out controls and databases.
Additionally, the paper encourages the FTC to adopt data transparency obligations for primary use of data; civil rights protections over discriminatory data processing; nondiscrimination rules, so that users cannot be charged for making privacy choices; data security obligations; access, portability, correction, and deletion rights; and to prohibit the use of dark patterns with respect to data processing.
As outlined in the paper, the FTC has wide authority to issue prescriptive rules in order to forestall business practices that can cause consumer injury. With respect to judicial interpretation, the courts generally give broad deference to expert agencies’ interpretation of their substantive statutes, and these privacy regulations are likely to withstand First Amendment scrutiny.
The two groups submitted the paper to the FTC in support of the privacy rulemaking petition from Accountable Tech, which calls on the FTC to prohibit surveillance advertising under its authority to regulate unfair competition in the marketplace. Last year, CR and EPIC joined over 40 groups in calling on the FTC to begin a privacy rulemaking.
The groups also support Congressional efforts to provide $500 million to the FTC over ten years to fund an office focused on policing privacy abuses and other data violations. New funding will be crucial in enabling the FTC to meet its responsibilities to protect consumer privacy, including pursuing a privacy rulemaking. CR and EPIC, along with dozens of other groups, recently called on Congress to adequately fund the FTC, and urged Congress to support the provision, currently in the Build Back Better Act, that gives the FTC civil penalty authority for first-time violations.
DOWNLOAD: How the FTC Can Mandate Data Minimization Through a Section 5 Unfairness Rulemaking
Source: advocacy.consumerreports.org.