FTC weighs sweeping new rules on ‘commercial surveillance’ and Big Data

The Federal Trade Commission is considering whether to write sweeping new regulations that could restrict how businesses collect and use consumer data, hinting at a possible crackdown on commercial algorithms and a sprawling economy powered by the personal information of millions of Americans.

On Thursday, the FTC announced it is accepting public input on whether to draft new data privacy rules, a prelude to a possible rulemaking action.

To continue reading this CNN report, go to:
edition.cnn.com/2022/08/11/tech/ftc-new-rules-big-data/index.html

Also see:

FTC looking at rules to corral tech firms’ data collection
Whether it’s the fitness tracker on your wrist, the “smart” home appliances in your house or the latest kids’ fad going viral in online videos, they all produce a trove of personal data for big tech companies.

How that data is being used and protected has led to growing public concern and officials’ outrage. And now federal regulators are looking at drafting rules to crack down on what they call harmful commercial surveillance and lax data security.

The Federal Trade Commission announced the initiative Thursday, seeking public comment on the effects of companies’ data collection and the potential benefit of new rules to protect consumers’ privacy.
apnews.com/article/technology-data-privacy-federal-trade-commission-congress-7da655c7793d5fe26493a0fa8f10e297

FTC aims to counter the “massive scale” of online data collection
The Federal Trade Commission has kicked off the rulemaking process for privacy regulations that could restrict online surveillance and punish bad data-security practices. It’s a move that some privacy advocates say is long overdue, as similar Congressional efforts face endless uncertainty.
https://arstechnica.com/tech-policy/2022/08/ftc-aims-to-counter-the-massive-scale-of-online-data-collection/

FTC Explores Rules Cracking Down on Commercial Surveillance and Lax Data Security Practices [news release]

The Federal Trade Commission today announced it is exploring rules to crack down on harmful commercial surveillance and lax data security. Commercial surveillance is the business of collecting, analyzing, and profiting from information about people.

Mass surveillance has heightened the risks and stakes of data breaches, deception, manipulation, and other abuses. The FTC’s Advance Notice of Proposed Rulemaking seeks public comment on the harms stemming from commercial surveillance and whether new rules are needed to protect people’s privacy and information.

Note: The FTC hosted  a virtual news conference on the ANPR announcement. View the webcast.

“Firms now collect personal data on individuals at a massive scale and in a stunning array of contexts,” said FTC Chair Lina M. Khan. “The growing digitization of our economy—coupled with business models that can incentivize endless hoovering up of sensitive user data and a vast expansion of how this data is used—means that potentially unlawful practices may be prevalent. Our goal today is to begin building a robust public record to inform whether the FTC should issue rules to address commercial surveillance and data security practices and what those rules should potentially look like.”

The business of commercial surveillancecan incentivize companies to collect vast troves of consumer information, only a small fraction of which consumers proactively share. Companies reportedly surveil consumers while they are connected to the internet – every aspect of their online activity, their family and friend networks, browsing and purchase histories, location and physical movements, and a wide range of other personal details.

Companies use algorithms and automated systems to analyze the information they collect. And they make money by selling information through the massive, opaque market for consumer data, using it to place behavioral ads, or leveraging it to sell more products.  

The FTC is seeking comment on a wide range of concerns about commercial surveillance practices. For example, some companies fail to adequately secure the vast troves of consumer data they collect, putting that information at risk to hackers and data thieves. There is a growing body of evidence that some surveillance-based services may be addictive to children and lead to a wide variety of mental health and social harms.

While very little is known about the automated systems that analyze data companies collect, research suggests that these algorithms are prone to errors, bias, and inaccuracy. As a result, commercial surveillance practices may discriminate against consumers based on legally protected characteristics like race, gender, religion, and age, harming their ability to obtain housing, credit, employment, or other critical needs.

Other concerns stem from the ways in which companies make commercial surveillance difficult to avoid. Some companies require people to sign up for surveillance as a condition for service. Consumers who do not wish to have their personal information shared with other parties may be denied service– or required to pay a premium to keep their personal information private. After consumers sign up, companies may change their privacy terms going forward to allow for more expansive surveillance. Companies increasingly employ dark patterns or marketing to influence or coerce consumers into sharing personal information. 

In the last two decades, the FTC has used its existing authority under the FTC Act to bring hundreds of enforcement actions against companies for privacy and data security violations. These include cases involving the sharing of health-related data with third parties, the collection and sharing of sensitive television viewing data for targeted advertising, and the failure to implement reasonable security measures to protect sensitive personal data such as Social Security numbers.

The FTC’s past work, however, suggests that enforcement of the FTC Act alone may not be enough to protect consumers. The FTC’s ability to deter unlawful conduct is limited because the agency generally lacks authority to seek financial penalties for initial violations of the FTC Act. By contrast, rules that establish clear privacy and data security requirements across the board and provide the Commission the authority to seek financial penalties for first-time violations could incentivize all companies to invest more consistently in compliant practices.

Information about how to submit comments on the FTC’s Advance Notice of Proposed Rulemaking is included in the Federal Register notice. The deadline for submitting comments will be 60 days after the notice is published in the Federal Register in the coming days. Submitted comments will be posted to Regulations.gov.

The public will also have an opportunity to share their input on these topics during a virtual public forum on September 8, 2022.

The Commission voted 3-2 to publish the notice in the Federal Register. Chair Khan, Commissioner Rebecca Kelly Slaughter and Commissioner Alvaro Bedoya issued separate statements. Commissioners Noah Joshua Phillips and Christine S. Wilson voted no and issued dissenting statements.
ftc.gov/news-events/news/press-releases/2022/08/ftc-explores-rules-cracking-down-commercial-surveillance-lax-data-security-practices

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.