If you are a company operating in the United States, it is not unlikely that at some point in the the usual course of your business, you may receive an investigative inquiry from a U.S. government enforcer. Of course, as a responsible business, you endeavor to ensure that your practices keep within the bounds of legal norms and established principles. Even so, consumer protection regulators may come knocking with questions or allegations about your company’s practices based on media reports or consumer complaints.
For consumer privacy matters, more often than not initial regulatory scrutiny comes in the form of an inquiry letter from the U.S. Federal Trade Commission. Although this development can be scary and unwelcome, it is almost universally acknowledged that the best course of action in this situation is to engage constructively with the agency, work to set the record straight on any misconceptions, and, if relevant, begin to ameliorate the scrutinized practices. In fact, in Chris Hoofnagle’s authoritative book on privacy enforcement at the FTC, he includes this piece of advice: “The key to client advocacy at this stage is to find a way to satisfy the FTC’s curiosity and head off pursuit of the investigation.” By following this path, “there are indications that many, perhaps most, inquiries are ended early and informally.”
Another less tried-and-true course of action for responding to an FTC inquiry is to sue the agency in federal court, alleging that its structure violates the U.S. Constitution and that its investigative procedures violate your company’s right to due process. Last week, the mobile marketing and analytics firm Kochava appears to have taken this tack, filing a challenge against the FTC in the U.S. District Court for the District of Idaho.
The core of Kochava’s complaint is focused on whether investigative actions by the FTC should be subject to review and intervention by federal courts on constitutional questions before resolving through the FTC’s administrative procedures, rather than waiting for “years of protracted litigation” to conclude. The argument appears to be emboldened by a case pending at the U.S. Supreme Court, Axon Enterprise v. FTC. In that case, Axon seeks to overturn a federal court ruling that told the company to first allege constitutional issues about the FTC’s structure by following the FTC’s usual procedures before any such allegations can be reviewed by a federal judge. The Supreme Court will not be considering the actual constitutional questions, so if the Court sides with Axon, the case will return to lower courts to address the questions raised about the FTC’s “structure, procedures, and existence.” If not, the FTC will continue its enforcement as normal.
Kochava also argues that the FTC should not be able to seek injunctive relief — things like asset freezes or disgorgement — related to “past conduct that has ceased absent evidence that it is likely to recur.” In its complaint, Kochava explains that it has added features to its services that address the core allegations of the FTC inquiry, which appears to relate to the sharing of geolocation data that allegedly could be associated with locations related to reproductive health.
Notably, it appears based on Kochava’s filing that the FTC has merely taken the first step in its investigation, threatening via an inquiry letter to file a draft Complaint for Permanent Injunction and Other Relief in federal court. Rather than negotiate with the agency, Kochava is pursuing the risky — and very public — gambit of suing the FTC first. Explaining the move, a lawyer representing the company was quoted as saying: “The FTC's hope was to get a small, bootstrapped company to agree to a settlement with the effect of setting precedent across the adtech industry and using that precedent to usurp the established process of Congress creating law. Kochava disagreed with this scheme and asked the federal court in Idaho to intervene."
Here's what else I’m thinking about:
- In another FTC skirmish, Amazon recently accused the agency of “harassing” its executives via a Civil Investigative Demand served on the company related to its Prime service, which seeks expedited testimony from top executives. In a petition to the FTC, Amazon alleges that staff have been handling the investigation in an “unusual and perplexing” manner.
- On the rulemaking front, Omer Tene’s analysis of the FTC commercial surveillance rulemaking is worth a read. He explores the context of the endeavor, including its potential to arm the FTC with authority to seek enhanced relief for first-time violations. He also includes recommendations for how the FTC — and commenters — can “rein in the process and focus on results that are attainable.” The FTC’s Advanced Notice of Proposed Rulemaking has still not been published in the Federal Register, which means comments will be open until at least Friday, Oct. 21.
- Rumors are already circulating about who could replace FTC Commissioner Noah Phillips when he steps down later this year. Because the agency may only have three commissioners from the same party, the Senate minority leader generally makes a recommendation to the president for nominations of non-majority commissioners.
- As reported in the trade press publication Communications Daily, potential names include Olivia Trusty, a longtime staffer to Sen. Roger Wicker, R-Miss., and the policy director at the Senate Subcommittee on Communications, Technology, Innovation, and the Internet; Crystal Tully, another Wicker staffer who serves as deputy staff director at the Senate Commerce, Science, and Transportation Committee; Mark Meador, deputy chief counsel for antitrust and competition policy to Sen. Mike Lee, R-Utah; Josh Divine, chief counsel to Sen. Josh Hawley, R-Mo.; Rachel Bissex, senior counsel for the Senate Judiciary Committee; and Svetlana Gans, an attorney at Gibson Dunn who formerly served as Chief of Staff to FTC acting Chairman Maureen Ohlhausen.
- Meanwhile, a consortium of populist conservative groups called on Sen. Mitch McConnell, R-Ky., to recommend someone who would help break the “bipartisan FTC cabal that has emboldened Big Tech for over a decade.”
- NIST published the second draft of its AI Risk Management Framework. The National Institute of Standards and Technology is working on the voluntary framework to better manage risks to individuals, organizations, and society associated with artificial intelligence. Comments on the updated draft are due on Sept. 29 and a workshop is scheduled for Oct. 18-19.
- Two Congressional representatives sent letters to law enforcement agencies asking about their use of personal data purchased on the commercial market, rather than through “statutory authorities, court order, or legal process.” Reps. Jerrold Nadler, D-N.Y., and Bennie Thompson, D-Miss., sent the letters to the Department of Justice, the Federal Bureau of Investigation, the Department of Homeland Security, the Drug Enforcement Agency, and the Bureau of Alcohol, Tobacco, Firearms, and Explosives. The letters state: “While comprehensive information on the widespread use of this practice is unavailable, the evidence indicates it is pervasive and that your agencies have contracts with numerous data brokers, who provide detailed information on millions of Americans.” In a related development, immigration advocates have filed a lawsuit against LexisNexis.
Under scrutiny
-
- TikTok pushed back on a memo the U.S. House Chief Administrative Officer sent to lawmakers warning of security concerns with the platform. Meanwhile, Oracle has begun auditing TikTok’s algorithms.
- Airbnb is under renewed scrutiny from advocacy group EPIC, which has filed an amended letter to the FTC questioning the short-term rental company’s planned deployment of an algorithm that would prophesize about which guests appear most likely to throw banned parties.
- AI’s lack of progress in health care, despite the claims of radically changing the field, is the subject of a Politico article, which also explores the role of the government in regulating AI.
Please send feedback, updates and your favorite FTC letters to cobun@iapp.org.