Monday, 23 December 2024

The Need for Federal Data Privacy Legislation

From EPIC’s perspective, the FTC has not done enough to address the growing threats to consumer privacy. Our federal laws do not create adequate data protection standards and do not give the FTC authority to impose meaningful data protection obligations. Moreover, the FTC has failed to use the authorities that it does have to bring necessary enforcement against bad actors and prevent widespread privacy harm to consumers. Meanwhile, the collection, aggregation, and monetization of personal data have expanded at a rapid pace. Americans have no meaningful choice in limiting the collection and use of their personal data online, and they cannot simply “log off” services that have become central to our modern society. 

The monetization of Americans’ personal data has an acute influence on economically disadvantaged and minority communities and has created an architecture of surveillance that is also being leveraged by law enforcement and national security agencies to circumvent constitutional privacy protections. In addition, because so many U.S. companies offer global services that involve the collection of personal data online, including from European consumers, the failure to implement a comprehensive federal privacy regime threatens economic interests and the viability of international trade.

The FTC Privacy Playbook: Consent Decrees, Infrequent Penalties, and No Meaningful Changes in Business Practices

The FTC does not have the motivation or the tools necessary to enforce meaningful privacy and data protection rights in 2020. Over the last twenty years, the FTC has taken on a role as a regulator of companies’ data collection practices, but the Commission’s focus has been limited and its impact has been minimal. Several of the FTC’s most significant settlements followed complaints that EPIC and other consumer advocates filed with the Commission, but these settlements have not improved the privacy practices of the companies involved or of the industry writ large.

Future Steps

There are plenty of steps that the FTC could take to bolster data protection standards without being given new authority, and the Commission should use its resources to do so rather than convening workshops to discuss policy topics unrelated to the enforcement of consumer protection laws. The FTC should codify definitions of unfair and deceptive trade practices that reflect an understanding of consumer harm presented by companies that fail to enforce strong data protection standards.  The FTC should use its existing authority to write energy privacy rules.

The FTC is empowered to impose data protection standards under Section 5 by promulgating trade regulation rules that are directly enforceable.

Direct Publication Source: https://epic.org/documents/revisiting-the-need-for-federal-data-privacy-legislation/

Comments


You May Like These Too


Get Latest Updates