Welcome to WileyConnect, the Internet of Things blog by
Wiley Rein LLP.

As the FTC Re-Examines its Approach to Consumer Privacy, It Faces Echoes of Past Failed Rulemaking

As the FTC Re-Examines its Approach to Consumer Privacy, It Faces Echoes of Past Failed Rulemaking

April 9, 2019

This article is co-authored by Duane Pozza and Boyd Garriott.

On Tuesday, the FTC kicks off a two-day hearing to help it reevaluate its approach to consumer privacy.  At the same time, the push for federal privacy legislation is moving forward in 2019, and one common theme from the bills that have been introduced is a greater role for the FTC.  But, despite these developments, the FTC so far has been relatively conflicted about seeking wide-ranging power from Congress to set privacy rules across the country -- a reluctance that reflects the agency’s history, and in particular its ill-fated history with attempting to regulate children’s advertising.

As Congress considers privacy legislation, the FTC has broadly supported maintaining its role in privacy enforcement.  In February, FTC Chairman Joseph Simons reiterated his support for “privacy legislation that would be enforced by the FTC.”  Chairman Simons has also called the FTC’s privacy enforcement program “a top priority.”  And the FTC’s upcoming hearing looks to reexamine its current approach to privacy to address “fundamental questions about what the goals of policymaking and enforcement in the privacy area should be . . .”

But, the FTC has also expressed some not-so-veiled hesitation about being given broad policymaking authority in this arena.  In comments to an NTIA consumer privacy proceeding, the FTC pitched its enforcement credentials but also noted that crafting privacy legislation would “involve difficult value judgements that are appropriately left to Congress.”  Chairman Simons used almost identical language in remarks before the Senate in November, noting that the privacy policymaking process “will involve difficult value judgments and tradeoffs that are appropriately left to Congress.”  Commissioner Phillips has also been vocal.  He warned that “[g]iven the value judgments that must be made, Congress is the place to make them,” and argued that “[b]road delegations to an expert agency are a poor substitute for the lawmaking process that our founders created.” 

Why the apparent reluctance for a broad privacy mandate?  In this case, there may be a larger institutional concern at play.  The Commission’s attitude appears to harken back to the agency’s “kid vid” controversy:  a failed FTC rulemaking from the late 1970’s, in which the FTC proposed regulating certain television advertisements to children.  In a 2006 postmortem from one of the principal architects of the rulemaking, Tracy Westen described the intense pushback the Commission received:  “During the FTC’s three-year rulemaking period, the FTC was called a ‘National Nanny’ by the Washington Post. The rhetoric stuck.”  Congress allowed the agency’s funding to lapse, and the agency was shut down for a brief time.  Under pressure from Congress, the FTC released its 1980 policy statement on unfairness, which limited the agency’s unfairness jurisdiction to a three-part test, now codified at 15 U.S.C. § 45(n)

And in a move directly relevant to today, Congress passed the Federal Trade Commission Improvements Act of 1980, which placed significant restrictions on the FTC’s rulemaking authority.  One commentator has calculated that promulgating rules after the Improvements Act has taken the FTC an average of more than five and a half years.  In contrast, in the few areas where the FTC has been able to conduct APA rulemakings, promulgation has averaged less than a year. 

The Commission’s hesitance to accept primary responsibility for crafting substantive federal privacy policy is very likely grounded in its desire to avoid another kid vid scenario where it becomes a widespread target for its policymaking choices.  Nor should this fear be unfounded.  Federal privacy policy will have to confront a host of difficult questions involving tradeoffs with different constituencies.  Should there be a codified right to data portability?  Should consumers be able to require companies to delete their data?  Should privacy regulations apply to small businesses?  The list could go on, and each choice would provide disappointed interest groups with ammunition to label the FTC as a “national nanny.”  The Commission’s rulemaking history will weigh on the agency as it navigates its way forward on privacy in the coming months. 

Print Friendly and PDF
What You Need to Know About the FTC’s Hearing on Consumer Privacy

What You Need to Know About the FTC’s Hearing on Consumer Privacy

116th Congress Focuses on 5G, with New Legislation on Security

116th Congress Focuses on 5G, with New Legislation on Security