Members of the Federal Trade Commission today repeatedly urged senators to move ahead with federal privacy legislation, to expand their authority over common carriers, and to give them targeted rulemaking authority with respect to privacy issues.
Testifying remotely during an FTC oversight hearing before the Senate Commerce, Science, and Transportation Committee, the FTC five commissioners also highlighted issues such as the need to reauthorize its authority to work with foreign law enforcement agencies under a statute that sunsets next month. They also generally resisted suggestions that the FTC has a role in policing how social media platforms treat political speech.
In his opening remarks, committee Chairman Roger Wicker (R., Miss.) noted that the committee approved S 3132, which would extend the Undertaking Spam, Spyware, And Fraud Enforcement With Enforcers beyond Borders Act of 2006 (US SAFEWEB), in March (TR Daily, March 11), He added, “Soon we will have a finalized committee report. Once this is completed I urge Congress to reauthorize the US SAFEWEB Act quickly before it expires next month.”
S 3132, which was co-sponsored by committee members Jerry Moran (R., Kan.) and Richard Blumenthal (D., Conn.), would extend the sunset of the US SAFEWEB Act from Sept. 30, 2020, to Sept. 30, 2027. It would also require the FTC to report within three years to Congress on its use of and experience with the authority granted by the US SAFE WEB Act to work with foreign law enforcement agencies to combat cross-border crimes.
Chairman Wicker also said, “I hope we can all agree that the COVID pandemic further underscores the need for strong, uniform, national data privacy legislation. Such a law would provide all citizens with more transparency, choice, and control over their data. It would also provide certainty and clear workable rules for businesses across all 50 states.”
He also said that the hearing was “an opportunity to review how the FTC is working with the Department of Commerce to develop interim guidance for thousands of U.S. companies, including many small and medium sized businesses impacted by” the European Union’s Court of Justice to invalidate the U.S.-EU “Privacy Shield” pact that enabled cross-border data transfers by allowing U.S. companies to comply with European privacy rules by agreeing to follow a standard set of principles, under the oversight of the U.S. Commerce Department and subject to FTC enforcement.
Later in the day, Chairman Wicker joined committee ranking minority member Maria Cantwell (D., Wash.) and House Energy and Commerce Committee Chairman Frank Pallone Jr. (D., N.J.) and ranking minority member Greg Walden (R., Ore.) in a letter to Commerce Secretary Wilbur Ross and FTC Chairman Joe Simons urging them to work with their European counterparts on such interim guidance (see separate story).
Chairman Simons focused his prepared statement on privacy and data security. Section 5 of the FTC Act, which authorizes the FCC to bring enforcement actions against unfair and deceptive practices, “is a 100-year-old statute that is an imperfect tool” for addressing privacy and data security issues, he said.
He asked that, as Congress develops a federal privacy statute, it provide the FTC with the ability to seek civil penalties; jurisdiction over non-profits and common carriers; and targeted rulemaking authority under the Administrative Procedure Act to address market and technological changes. He said such an approach would be similar to the rulemaking authority Congress granted the FTC in the Children’s Online Privacy Protection Act.
He also urged Congress to clarify the FCC’s authority under section 13(b) of the FTC Act “to get money back for consumers.” He noted that “recent court decisions threaten this authority,” which is pending review by the Supreme Court.
As for the US SAFE WEB Act, Chairman Simons said, “I would like your continued support in pushing this [reauthorization] effort across the goal line, and keeping SAFE WEB in our enforcement arsenal.”
Republican FTC Commissioner Noah Phillips focused his prepared testimony on data security. “I believe data security legislation is the best thing we can do for privacy,” he said.
Democratic Commissioner Rohit Chopra focused his prepared testimony on the need to protect small businesses from practices such as loan sharking.
Democratic Commissioner Rebecca Slaughter discussed the important of children’s privacy under conditions of remote learning during the COVID-19 pandemic.
“The solutions parents and school districts are considering pose increased risks of privacy harms to kids, particularly kids in communities already battling the equity gap; we need to acknowledge that privacy and data issues are also equity and civil rights issues,” she said.
She added, “I want to be realistic about the best-case scenario many families face for the current academic year: shared devices, hastily filled with emerging apps and platforms, being used by kids for hours with little oversight by adults. Current law provides very little protection in these circumstances, particularly for applications targeting teenagers or general audiences.”
Commissioner Slaughter said that she hoped that “the pandemic’s catastrophic consequences for children will serve as the final push for [federal privacy’ legislation. Until then, I believe the mounting data harms emerging from the crisis demand that the Commission consider initiating a rulemaking under [the] Magnuson-Moss [Warranty Act] to identify and address serious data abuses.”
Republican Commissioner Christine Wilson also said that Congress could help the FTC in its mission of protecting consumers and competition by enacting federal privacy legislation and by “maintaining the focus on consumer welfare and economics-driven enforcement in antitrust.”
She noted that “gaps” have emerged in existing sector-specific data privacy laws. “For example, HIPAA [the Health Insurance Portability and Accountability Act] covers the privacy of sensitive health data collected by a doctor or pharmacist, but not by apps or wearables.”
In addressing the COVID-19 pandemic, “effective contact tracing requires consumer trust,” which is lacking,” she said, adding that privacy legislation would help build trust.
During the question period of the hearing, Chairman Wicker asked Chairman Simons about the FTC’s role in addressing concerns about the use of the liability protections with respect to third-party content for social media platforms and other Internet intermediaries in section 230 of the Communications Decency Act of 1996.
In an executive order issued in May, President Trump called for the FTC—which is an independent agency not subject to administration directives—to “consider taking action, as appropriate and consistent with applicable law, to prohibit unfair or deceptive acts or practices in or affecting commerce, pursuant to section 45 of title 15, United States Code. Such unfair or deceptive acts or practice may include practices by entities covered by section 230 that restrict speech in ways that do not align with those entities’ public representations about those practices” (TR Daily, May 28).
Chairman Simons said, “We haven’t taken any action according to the executive order.” He noted that the FTC receives complaints on this issue, including complaints from members of the committee. “We’re an independent agency so we review all of them independently … [and] look to see if they’re within our authority,” he said, adding, “Our authority focuses on commercial speech, not political speech.”
Chairman Wicker asked the other commissioners to weigh in on the issue.
Commissioner Chopra noted that there is “[g]rowing consensus that it [section 230] has been abused. … In general I think the scrutiny has been warranted.”
He added that the FTC should take a look at this issue, “particularly when it comes to behavior-based consumer advertising.”
Sen. Amy Klobuchar asked Chairman Simons whether the FTC should “look back at consummated mergers, … potentially to take enforcement action.”
Chairman Simons said, “I don’t think it would be appropriate for me to comment on any particular investigation, but I’ve said in the past that I think we have authority to look at past mergers and undo them.”
Sen. Klobuchar also raised the issue of staffing levels at the FTC. “You’re a shadow of yourself, yet you’re dealing with trillion dollar companies and expected to be the counterweight to trillion dollar companies.” She noted that she and Sen. Chuck Grassley (R., Iowa) “have a bill to add some resources with some filing fee changes for mega mergers.”
Chairman Simons agreed, “We dearly need the resources. … We’re having trouble staffing the existing [reviews of] mergers as it is.”
Sen. Moran said that the European court’s invalidation of the Privacy Shield is an “extremely urgent matter for digital commerce in the United States.” He asked whether companies can expect a similar approach to enforcement from the FTC as it undertook after a European court invalidated the EU-U.S. “Safe Harbor” agreement that preceded it (TR Daily, Feb. 2, 2016).
Chairman Simons said, “Companies could put on their website that they’re no longer certified under the Privacy Shield, but they would still be expected to protect data according to the promises they made.”
Sen. Moran asked the commissioners if they would support his proposed Consumer Data Privacy and Security Act (TR Daily, March 12), which would set a federal standard for data privacy protection.
Chairman Simons, Commissioner Phillips, and Commissioner Wilson said yes.
Commissioner Slaughter said, “I support the standard of a national floor, but I’d be concerned about a law where that floor was too low,” or if federal legislation preempted higher state standards or state laws that “fill gaps” in the federal law.
Commissioner Chopra said, “I agree a national law would be helpful.” However, he added, “I have concerns about deleting all the state laws.”
Sen. Blumenthal said that given the recent Twitter hack and the fact that “Twitter has been under a consent order since 2007 for exactly these kinds of problems, … I think the public is rightly skeptical about the FTC’s use of its existing tools and its inadequate and inconsistent enforcement of tools already on the books.”
Sen. Marsha Blackburn (R., Tenn.) asked Chairman Simons whether he is “satisfied” with the “progress” of Facebook, Inc., under its privacy consent order with the agency.
Chairman Simons said, “I can’t comment on any investigation.” He added, “If there is any problem [with compliance] we will be on it.”
Sen. Blackburn asked the FTC chairman to “speak to whatever kind of legislative balance we need to strike to empower you to hold big tech accountable.”
Chairman Simons said, “What you and your colleagues are doing in terms of new federal privacy legislation is really important.”
Sen. Blackburn noted that “some of the European data protection authorities [have] signaled that they do not foresee a grace period to allow data flows to continue during the negotiations of a successor agreement” to the Privacy Shield, as occurred during negotiation of the Privacy Shield in the wake of the Safe Harbor in 2015 and 2016.
Chairman Simons said, “We are working with the Commerce Department and other parts of the administration. We stand by ready to help them in whatever way we can be useful to them. They are carrying the water on this, and we’ll have to see what direction they head in, and we’ll support them as much as we can.”
Commissioner Phillips said, “We will continue to hold companies accountable to the privacy promises they make.”
Sen. Shelley Moore Capito (R., W.Va.) asked what the FTC is doing to protect children’s privacy online during the pandemic.
Chairman Simons cited outreach and education efforts. “One of the things this points to is that we really need privacy legislation,” he added.
Commissioner Slaughter said that COPPA is limited to issues of parental consent and data security, but doesn’t give the FTC authority over privacy practices in general. “I hope federal privacy legislation will address that,” she said.
Sen. John Thune (R., S.D.), the chairman of the communications, technology, innovation, and the Internet subcommittee, noted that he and Sen. Brian Schatz (D., Hawaii), the subcommittee’s ranking minority member, have introduced the Platform Accountability and Consumer Transparency (PACT) Act which exempt civil enforcement by federal agencies or state attorneys general from the liability protections of section 230 of the Communications Decency Act.
Chairman Simons said that the FTC in “a number of instances” has confronted defenses citing section 230 defenses in court, and that it “would be helpful” to be able to bring cases against platforms “in the right circumstances.”
Sen. Thune also asked about the “FTC’s efforts to engage with industry initiatives such as the USTelecom Traceback Group” on robocall call-authentication issues.
Chairman Simons said, “This has been extremely helpful to us.”
Sen. Gary Peters (D., Mich.) asked whether Americans have sufficient control over secondary uses of sensitive data, such as location data gathered by apps.
Commissioner Slaughter suggested that the FTC should think about whether it needs to “dust off our ‘Mag-Moss’ rulemaking authority.”
Sen. Mike Lee (R., Utah) asked whether having the FTC evaluate online content for political bias would implicate the First Amendment.
Chairman Simons had suffered a power outage and was not online to respond, but Commissioner Phillips said, “The issue of content moderation is something a lot of big firms face. It’s also something that a lot of small firms face. … It’s a difficult question. … At the end of the day, when it comes to moderating political speech, the First Amendment is implicated.”
Among other issues raised by lawmakers during the hearing were price gouging during the pandemic; the food supply chain during the pandemic; and the right of student athletes to control their names, likenesses, and images. —Lynn Stanton, [email protected]
MainStory: FederalNews Congress FTC Privacy Cybersecurity InternetIoT Covid19
Interested in submitting an article?
Submit your information to us today!Learn More