Six months into his new role as commissioner at the U.S. Federal Trade Commission, Rohit Chopra is still settling into his role, but he knows he has at least two priorities going forward: First, is to bring “more enforcement teeth to everything that we do.” Second, though, follows on from the first: “We have to prove to the public that we’re up to the task. Otherwise that’s a recipe for disaster.”
Chopra, who spoke as part of a live recording of The Privacy Advisor Podcast here at the Privacy. Security. Risk. conference in Austin, Texas, has some experience with what happens when regulators fail at their jobs.
He was at the Consumer Financial Protection Bureau just after the financial crisis of 2007-2008. “Our government and our regulators failed dramatically there,” he said. “And I think the CFPB helped ensure that that doesn’t happen again.”
Looking at the landscape of the data-driven economy, he’s concerned that a similar regulatory dynamic is setting up. “There are a lot of facets of our economy that I think are just not working at all,” he said. “I’ve really been troubled by some of the things our federal law enforcers have done, which amount to slaps on the wrist. You can get away with massive fraud and pay a fine and be done with it.”
That, he said, doesn’t engender a competitive marketplace where everyone feels like they can participate and get a fair deal.
“Enforcing the law should mean something,” he said. “It means finding out who the individuals were that were responsible and holding them accountable, too. And repeat offenders should maybe be banned. We can’t have a market without even-handed enforcement.”
Does he see himself, host Angelique Carson, CIPP/US, asked, as fundamentally fighting for the little guy?
Yes and no, he said.
“My personal view is that we’re not just here to protect consumers. We’re here to protect all the businesses who are honest and playing by the rules. Those businesses are harmed when some firms can run roughshod over the law. … I’ve already raised concerns about settlements we do with no monetary penalties. I want to see monetary consequences for egregious breaking of the law.”
Chopra also called for rule-making powers for the FTC, and he said to look for the FTC to look more closely at the anti-competitive nature of large-scale data aggregation.
“I always want to live in a country where you can start a company in a garage and become big,” he said. “And I’m worried we’re not that country anymore. I want to make sure we’re living in an America that’s not isolated from the rest of the world.
“And when it comes to data protection and digital rights,” he continued, “we’re increasingly feeling that other countries, particularly Europe, are in the lead.”
Just look at the Privacy Shield program, he said, which, as he was speaking, was in the middle of its second-annual review. “The Privacy Shield literally gives greater rights and protections to Europeans over Americans in the U.S.,” he said. “And there are some basic standards in there about the ability to know what data a firm has on you, to file a complaint, to get your dispute resolved. Some of these things are very common sense, to be honest, and they remind me a lot of the rights consumers have under the FCRA, which is one of the most important data protection laws and is 50 years old.”
That speaks to the long history of privacy in the U.S., and the possibility for the U.S. getting it right.
What can privacy pros do to stay out of the FTC’s crosshairs and contribute to the forward momentum that Chopra wants to generate?
“Speak up,” he said. “Contribute. Be an advocate for what you value within your firms that care about doing it right. The agency should be on the side of companies trying to do it right. Because they are the ones who lose out when others break the law."
If you want to comment on this post, you need to login.