It’s been a busy week for the U.S. Federal Communications Commission (FCC).
On Monday, the FCC announced its largest enforcement action to date by hitting TerraCom and its affiliate YourTel America with a $10 million fine for poor data security practices. That’s not chump change. Plus, the previous “largest enforcement action” for the agency only stood for seven months. In May, the FCC fined Sprint $7.5 million for violating the Telephone Consumer Protection Act. And just last month, the FCC fined Verizon $7.4 million for unlawfully marketing to its customers without consent or proper notification of their privacy rights.
But that’s not all.
On Tuesday, the FCC announced it has joined the Global Privacy Enforcement Network (GPEN), making it the second U.S. regulatory agency to join GPEN. That other agency? You guessed it, the Federal Trade Commission (FTC).
GPEN includes data protection authorities from across the world, and to date, they’ve conducted two “global sweeps.” The first analyzed the transparency of businesses, and earlier this year, the sweep analyzed mobile apps. Among the four tasks adopted by GPEN is an initiative to “support joint enforcement initiatives and awareness campaigns.”
And who is quoted in each of these FCC press releases?
That would be FCC Enforcement Bureau Chief Travis LeBlanc, and he’s no stranger to privacy enforcement. In fact, in his previous gig, he served as top deputy and senior advisor to current California Attorney General Kamala Harris, who is also known for being a privacy-protecting powerhouse.
Since being appointed to his FCC position, LeBlanc has helped lead this regulatory charge, saying in the GPEN press release that “threats to consumer privacy and data security often require the cooperation of numerous law enforcement agencies around the world” and adding that “it is critical that we work closely with our international partners abroad, as well as our federal, state and local partners here at home.”
So now the FCC has joined the global stage and it has leadership focused on privacy.
In the U.S., the FTC is considered by many the leading U.S. privacy regulator. In a Perspectives post in October 2013, Steptoe & Johnson Partner Jason Weinstein, CIPP/US, wrote, “The FTC has made itself America’s de facto Data Protection Authority (DPA) through aggressive use of Section 5 of the FTC Act…”
That was followed just months later by Divonne Smoyer, CIPP/US, and Aaron Lancaster, CIPP/US, who argued that state attorneys general (AGs) are also a major part of the U.S. privacy regulatory landscape. They argued that state AGs have less hurdles to face in regulation than the FTC, noting most “AGs have authority to protect privacy under their state unfair and deceptive trade practice statute…” They concluded, “Thus, rather than having one de facto DPA in the FTC, the U.S. actually has 50+ such DPAs.”
Well, we can surely add the FCC to this mix now.
“I think you’re going to see more cooperation and cross-jurisdiction between these two agencies,” said Hogan Lovells Partner Christopher Wolf of the FCC and FTC.
On Wednesday, Wolf told me, “Just because a company is directly regulated by the FCC does not mean all of its business activities are exempt from FTC scrutiny. The scope of the FTC Act Section 5 prohibition against deceptive practices is broad. And likewise, the FCC has authority to protect privacy in certain ways even though the FTC is thought of as the leading federal privacy authority. Notably, FTC Commissioner Maureen Ohlhausen recently observed that the FTC is well-positioned to enforce net neutrality promises.”
Plus, in what seems like a game of privacy regulator musical chairs, the FTC on Tuesday announced it is suing AT&T under the deception prong of the FTC Act for promising users “unlimited” data plans and then subsequently “throttling” their accounts by slowing down service.
I asked Wolf about the other, newer, regulator in the U.S.: the Consumer Financial Protection Bureau (CFPB) and where it fits into all of this.
“For a wide range of financial service companies, the CFPB is another regulator to be reckoned with,” he said. “One can imagine a company being subject to the jurisdiction of the FTC, FCC and CFBP—a trifecta of regulators.”
Not to mention those 50 state attorneys general, of course.
Expect to see more coordinated enforcement efforts, increased scrutiny and maybe a little saber-rattling. No regulator wants to be known as the pushover, right?
If you want to comment on this post, you need to login.