An updated working paper by Andy Serwin:
The Federal Trade Commission and Privacy: Defining Enforcement and Encouraging the Adoption of Best Practices. (Version 2.0)
Andrew B. Serwin
Abstract:
This article examines the history of privacy enforcement by the Federal Trade Commission, including the FTC’s jurisdiction under Section 5, and its privacy enforcement matters, as well as the FTC’s recently issued report, “Protecting Consumer Privacy in an Era of Rapid Change: Aproposed Framework for Businesses and Policymakers”, in which the FTC examines pastenforcement models, noting their failings. In light of the FTC’s examination of past enforcementmodels, this article then analyzes these models, including the accountability-centric model thathas previously been utilized in the United States, as well as the FTC’s proposed solution to theprivacy problems of the Web 2.0 World–the adoption of best practices, including a “privacy by design” framework. The article then argues that the method to achieve the FTC’s goal ofvoluntary adoption of best practices is to focus on proportional protection for data based uponthe sensitivity of the data in question, and to create a “safe harbor” from enforcement forbusinesses that choose to adopt the framework. This proposed framework could be linked in ameaningful way to existing EU processes, such as Binding Corporate Rules or the existing EU Safe Harbor program. By combining these elements, the FTC can achieve meaningful andfocused self-regulation and provide appropriate protection to consumers, while giving businessan incentive to adopt best-practices, and also increase the level of international cooperationregarding privacy.
Download the full article from SSRN.