The FTC and Privacy and Security Duties for the Cloud

In this essay, Daniel Solove and Woodrow Hartzog argue that in Section 5 of the Federal Trade Commission (FTC) Act there is a remedy to the seeming lack of consumer control over data held by organizations in the cloud or with other third parties. Certain key cases from the emerging body of FTC enforcement actions on data protection issues can be read together to create a double-edged set of duties—both on the organizations contracting with cloud service providers and on the cloud service providers themselves.