PrivacyCon 2022: FTC Hears from Researchers on Wide Range of Topics, Many of Which Overlap With Its Ongoing Privacy and Security Efforts

On November 1, 2022, the Federal Trade Commission (FTC) hosted PrivacyCon 2022, its seventh annual conference in which the Commission looks to academics and researchers to inform its efforts to address emerging consumer privacy and data security trends. This year’s event included panels on “Commercial Surveillance,” automated decision-making systems, children’s privacy, interfaces and dark patterns, and AdTech, among others. The event also included opening remarks from two FTC officials: Chair Lina Khan and Chief Technology Officer Stephanie Nguyen. 

This year’s PrivacyCon topics notably overlapped with the Commission’s current enforcement and regulatory agenda. The Commission continues to make privacy and data security issues a top priority, and recently launched a related rulemaking proceeding, releasing an advance notice of proposed rulemaking (ANPR) titled “Trade Regulation Rule on Commercial Surveillance and Data Security.” PrivacyCon topics that overlapped with the Commission’s priorities include the following:

• “Commercial surveillance,” a key focus of the ANPR. One issue raised in the ANPR is whether the agency’s privacy and security authority extends beyond traditional consumers to include employees. Indeed, two PrivacyCon panelists — both on the “commercial surveillance” panel — extensively discussed worker data practices. 
• Many of the same topics asked about in the FTC’s broad-ranging ANPR — including Artificial Intelligence (AI), children’s privacy, and targeted advertising.
• PrivacyCon participants and panelists also discussed the FTC’s available remedies in its enforcement cases. The FTC has been imposing more far-reaching remedies in recent consent orders — including requiring companies to delete or destroy models or algorithms where a company’s practices to obtain data to help develop such models or algorithms are alleged by the FTC to be unlawful. In her PrivacyCon remarks, Ms. Nguyen discussed the work that FTC technologists — including AI and security experts, software engineers, and data scientists — perform across the Commission, including by helping to craft remedies in data security-related enforcement actions that the FTC would like to be a model for industry best practices.

Overall, Chair Khan highlighted that the FTC actively seeks to incorporate academic work and research into its “bread and butter work,” and that doing so helps the Commission address business practices that the FTC sees as problematic before they become commonplace. 

While it remains to be seen how and to what extent the FTC will address each of the PrivacyCon 2022 panel topics, the research points to areas of interest to the Commission, as it continues to remain active in the privacy and data security space.

***

Wiley’s Privacy, Cyber & Data Governance team has helped companies of all sizes from various sectors proactively address issues related to consumer privacy and data security, including through engagement with the FTC. Please reach out to any of the authors with questions.