On the keynote stage at the IAPP Global Privacy Summit 2022, U.S. Federal Trade Commission Chair Lina Khan
“The theory is that privacy harms, privacy violations are a symptom of monopoly, that it is the big guys and market power that enables the bad things we see on privacy,” Phillips said. “It’s not that competition will never yield privacy, surely it sometimes does. But on average, over time we see big guys creating privacy problems, but we also see little guys. To take our focus off the little guys would be putting a lot of privacy harms aside.”
The shifting data privacy, security landscape
Khan, who was appointed FTC chair last June, used her first public address on privacy to discuss how the state of data privacy and security today has shifted "significantly," leading the FTC to consider "how we might need to update our approach further again." Khan pointed to the commission’s consideration of a rulemaking process to address commercial surveillance and data security practices, saying, “market-wide rules could help provide clear notice and render enforcement more impactful and efficient.”
She added a reassessment of current frameworks may be necessary, pointing to the current notice and consent paradigm which she said may be “outdated and insufficient” given “present market realities.”
“Going forward I believe we should approach data privacy and security protections by considering substantive limits rather than just procedural protections, which tend to create process requirements while sidestepping more fundamental questions about whether certain types of data collection and processing should be permitted in the first place,” she said. “The central role digital tools will only continue to play invites us to consider whether we want to live in a society where firms can condition access to critical technologies and opportunities on users having to surrender to commercial surveillance. Privacy legislation from Congress could also help usher in this type of new paradigm.”
With a proliferation of state laws “making it harder for businesses” and consumers, the amount of “complexity to privacy policy and privacy practice,” and increased consumer awareness, Phillips said the time has come for a national privacy law. He expressed concerns with an FTC rulemaking process around privacy, saying changes are better suited to be made by Congress.
“Rules do have consequences, there are unintended consequences as well, and the attitude that the more rules we make, the better society will be, I don’t think is right,” he said. “One of the big reasons is competition. One of the rules we may adopt may be bad for competition. Sometimes it’s worth it to offset competition to avoid some kind of harm.”
‘Effective remedies’
Khan said the FTC is focused on “designing effective remedies that are directly informed by the business incentives that various markets favor and reward. This includes pursuing remedies that fully cure the underlying harm, and where necessary, deprive lawbreakers of the fruits of their misconduct.”
The FTC is also seeking to evolve remedies “to reflect the latest best practices in security and privacy,” she said, citing a recent anticipated to be appointed soon. Phillips said Bedoya “will be a real asset to the FTC” and that he anticipates the commission’s ability to explore and discuss issues with an eye toward reaching consensus “will remain true.”
“I think what you will see is we are going to continue to be aggressive on data security practices and continue to push in a bipartisan way for data protection legislation,” he said.
