FTC PrivacyCon 2020 Examines Health Apps and IoT
On July 21, 2020 the Federal Trade Commission (FTC) hosted its fifth annual PrivacyCon, an annual forum where privacy researchers share their latest research on topics related to consumer privacy and security. The research the FTC chooses to highlight at the annual conference provides a glimpse into the data privacy and security issues that are top of mind for the agency and may telegraph enforcement priorities moving forward. Based on Wiley’s work with the FTC and tech innovators, we expect policymakers and enforcement authorities to take cues from these presentations and research, which did not feature much representation from the private sector and thus may overlook or undervalue the consumer and economic benefits of various technologies and use cases, from health apps to video analytics.
PrivacyCon 2020 Focused on The Growing Health Data and IoT Ecosystem
This year’s PrivacyCon was divided into six sessions, with a heavy focus on the growing ecosystem of health apps and IoT devices.
For example, in the first session on health apps, the FTC featured research on the data sharing practices of health apps, connected sensor technologies in health services, assessment and implementation of healthcare apps, and transparency for electronic health records in healthcare apps. The panelists opined that in many cases, healthcare apps are not regulated under the Health Insurance Portability and Accountability Act (HIPAA), and while there is significant value in many health apps, the privacy and data security risks remain high. Critically, the FTC has the ability to the enforce the FTC Act to address privacy and security issues with health apps in cases where HIPAA does not apply.
Other sessions focused on IoT, featuring research into how connected devices disclose data, how devices communicate with third party and tracking companies, and privacy and security labels being added to IoT device packaging to inform consumers about certain metrics. In general, panelists indicated a need for more transparency in the IoT ecosystem.
The event highlighted research on other topics as well, touching on a range of privacy and data protection-related issues including AI algorithms, the impacts of the GDPR, and data security in the payment card industry. It also featured a deep dive into consumer expectations and privacy concerns in the use of video analytics, an increasingly pervasive technology being used by numerous industries. In a session entitled “Bias in Algorithms,” panelists presented research on algorithmic bias, and opined that guidance from regulators is important to better define algorithmic bias and illuminate steps to address it. As AI is increasingly scrutinized by regulators in the U.S. and abroad, the trajectory of U.S. policy here will be critical to the future use of this technology.
The FTC’s PrivacyCon 2020 Focus May Telegraph Future Enforcement Activity
As the Director of the Bureau of Consumer Protection—Andrew Smith—noted in his opening remarks, “PrivacyCon informs all of the work that [is done] at the FTC, whether it be enforcement, business or consumer education, or rulemaking and policy efforts.” Director Smith discussed the FTC’s privacy-related enforcement activity over the past year and reinforced the FTC’s commitment to continued enforcement, particularly in the growing ecosystem of health apps and devices. He explained that the technological developments being discussed—including mobile health apps and IoT—“could be a boon to consumers, but  also present risks to privacy, security, and in at least one instance, equal opportunity.” Director Smith warned that “wherever data flows increase, the opportunity for data compromise increases as well.”
PrivacyCon presentations tend heavily towards academia, with little-to-no representation from industry, so the conclusions of individual presentations do not necessarily reflect the views of the agency and are not necessarily balanced with competing views. However, the choice to highlight certain areas shows the FTC’s priorities, and as such, stakeholders are wise to pay attention to these topics and the choices made by the agency, as harbingers of future scrutiny and activity.
* * *
The FTC has made the full event available for viewing here and here. Additionally, Wiley has prepared a summary and analysis of each panel. If you are interested in any of the individual presentations, please reach out to one of the authors listed above.