TR Daily Privacy Enforcement, State Preemption Debated in FTC Proceeding
Tuesday, August 28, 2018

Privacy Enforcement, State Preemption Debated in FTC Proceeding

The need for innovation in antitrust approaches to new tech markets, the best way to deal with privacy issues, and the need for preemption of state laws are among the areas of disagreements in the opening salvo of a Federal Trade Commission effort to examine whether market and technology changes require it to modify its approach to competition and consumer protection.

Parties were responding to a request by the FTC ahead of a series of agency hearings planned for September through next January that will look at “whether broad-based changes in the economy, evolving business practices, new technologies, or international developments might require adjustments to competition and consumer protection law, enforcement priorities, and policy.” The FTC plans to solicit additional comments on the specific topic of each hearing session.

In this first round of comments, the FTC asked for input on, among other things, “[t]he state of antitrust and consumer protection law and enforcement, and their development,” since the agency’s 1995 hearings on global competition and innovation under then Chairman Robert Pitofsky; “competition and consumer protection issues in communication, information, and media technology networks”; issues in markets featuring “platform” businesses; privacy, big data, and data security; vertical mergers; monopsony power in labor markets; and “[t]he role of intellectual property and competition in promoting innovation” (TR Daily, Aug. 6). Most parties addressed each of the 11 topics enumerated by the FTC separately in their comments.

Preliminary hearing topics announced in June included competition and consumer protection related to communications, information, and media networks; privacy and data security; and privacy, big data, and competition (TR Daily, June 20).

Sen. Richard Blumenthal (D., Conn.), a former state attorney general, submitted comments urging the FTC to develop tools to address dominance in Internet platforms by companies like Facebook, Inc., Google, and Amazon, Inc., and to create a new, comprehensive framework for assessing and addressing risk in areas of privacy violations and discrimination from the use of artificial intelligence.

With respect to the harmonization of state and federal statutes and regulations, a coalition of 29 state attorneys general urged the FTC “to continue its partnership with the State Attorneys General to the ultimate benefit of all consumers.”

Regarding competition and consumer protection issues in communications, information, and media technology networks, the AGs said they “would like to continue to collaborate with the Commission to address consumer protection issues in communication, information, and media technology networks.”

Regarding the consumer welfare implications associated with the use of algorithmic decision tools, artificial intelligence, and predictive analytics, the state AGs said, “As the State Attorneys General have historically done with previous technological developments, it is important that we monitor industries’ use of these emerging technologies for unfair or deceptive conduct.”

The state AGs in the coalition were from Arizona, Arkansas, California, Connecticut, Delaware, the District of Columbia, Florida, Hawaii, Illinois, Iowa, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Minnesota, Mississippi, Nebraska, New Jersey, New Mexico, New York, North Carolina, Oregon, Pennsylvania, Rhode Island, Tennessee, Vermont, Virginia, and Washington. Regarding competition and consumer protection issues in communications, information, and media technology networks, AT&T, Inc., said that the FTC should “apply a unified, technology-neutral framework for analyzing competition and consumer-protection issues in this convergent environment.”

Regarding antitrust standards, AT&T urged the FTC to “reject proposals to revert to the more nebulous antitrust doctrine of the mid-twentieth century, when courts applied subjective value judgments to protect inefficient businesses against innovative or low-priced competitors at the expense of consumers.”

It added, “Platform markets are not new. Current antitrust doctrine is fully capable of addressing what types of enforcement action are appropriate to protect consumer welfare in connection with online platforms.”

Regarding merger analysis, AT&T said, “Any updated vertical merger guidelines should reflect the broad economic consensus that vertical mergers are usually procompetitive. Such guidelines should thus harmonize review of vertical integration by merger with the bright-line rules governing vertical integration by contract.”

It added, “Conduct remedies can be both appropriate and superior to structural remedies for the limited number of vertical mergers that do raise competitive concerns.”

Regarding privacy and data security, AT&T said, “There is no basis for subjecting broadband ISPs to a framework different from the one applicable to the rest of the internet ecosystem.”

It added, “The Commission should work with Congress to enact federal legislation that reinforces the Commission’s leadership role in this area and ensures national consistency in privacy policy.”

Regarding competition and consumer protection issues in communications, information, and media technology networks, the U.S. Telecom Association said, “The FTC should not limit competitive analysis narrowly to ‘fixed’ broadband, because mobile technology is increasingly competing for fixed broadband business and traditional notions of fixed broadband are changing.”

It added that the FTC’s authority under section 5 of the Federal Trade Commission Act “is broad enough to reach not just internet service providers, but also edge providers, which is necessary to ensure that consumers can have a relatively common set of expectations as they use the internet.”

NCTA said that “the longstanding consumer protection and antitrust laws administered by the FTC are more than adequate to address any isolated harms that may arise, and enforcement of these laws will help ensure that the same standards are applied consistently to all Internet actors.”

Regarding competition and consumer protection issues in communications, information, and media technology networks, the Computer & Communications Industry Association said that it believes the FCC’s current transparency rule — its only remaining net neutrality rule in the wake of the 2017 restoring Internet freedom (RIF) order, which mandates certain network-management disclosures by broadband Internet access providers (BIAPs) that could open them to FTC enforcement if they fail to adhere to their stated practices — is “insufficient” to address broadband Internet access market concerns.

“Even if the FTC were to detect and intervene regarding a BIAP’s hypothetical practice of favoring an affiliate’s offering, an unaffiliated startup could be irreparably damaged before the FTC resolves an investigation into the practice. Such a practice would also hinder the startup’s ability to engage enough users to reach long-term viability,” CCIA said.

“The FTC itself has acknowledged that it can be ‘costly, difficult, and time consuming to detect and document’ anticompetitive discrimination on telecommunications networks, i.e., network neutrality violations. Insofar as the FTC will prospectively have enforcement responsibilities given the changes in the regulatory landscape, it must be adequately equipped with the resources necessary to build its capacity to enforce actions for anticompetitive practices occurring in the broadband marketplace,” CCIA added.

CCIA said that it is “concerned that due to the ex post nature of the FTC’s enforcement authority and resource constraints, the Commission may not be able to catch or address every or even most instances where a BIAS provider could block, throttle, or otherwise favor some Internet traffic over others.”

“The importance of policing BIAPs’ business practices becomes even more relevant given that many of these carriers compete at the downstream level with companies that also offer their products and services on the Internet, and therefore are dependent upon the Internet being a level playing field. As vertically integrated firms that own essential infrastructure for which there is little or no meaningful competition, BIAPs have the incentive and ability to engage in anticompetitive practices to distort downstream markets. Given the importance of online commerce to the United States, discrimination in the provision of BIAS to disadvantage or exclude downstream rivals will severely harm consumer welfare,” CCIA added.

Regarding the intersection between privacy, big data, and competition, CCIA said, “Promoting interoperability between services with different data protection features is one mechanism of increasing competition on privacy features where there are marked disparities in the net utility of services. However, designing interoperability for complex digital systems may introduce security risks that may lessen or negate the net privacy utility derived by consumers.”

“These potential pitfalls do not mean that data portability and interoperability of digital systems are unrealistic aims,” CCIA added. “They point to principles that can help ensure that these risks are mitigated and consumers are empowered. In particular, they suggest that to ensure data transfers between systems are private, secure, and balanced, data portability tools should be voluntary, industry-developed, and responsive to actual consumer needs. For example, they should: (1) allow users to move data they have provided to the service, but not data that may relate to other users; (2) afford consumers control over how and when the tools are used; and (3) be tailored to the privacy and security expectations of specific products and services. Further, access to data portability tools should enable machine-to-machine transfers where technically feasible.”

Regarding the FTC’s remedial authority to deter unfair and deceptive conduct in privacy and data security matters, CCIA said, “The FTC should consider hosting a recurring workshop and producing a report on data security, updating its guidelines on compliance with its children’s privacy rules more frequently, and otherwise providing a clearer set of rules around the privacy requirements facing companies when interacting with consumers — without resorting to an enforce-first approach that prescriptively mandates specific conduct and technical standards on the digital ecosystem.”

CCIA urged the FCC to undertake additional data-driven analysis to “ensure that it focuses on measurable consumer injuries” and to “consider seeking additional funding to conduct the necessary empirical studies to quantitatively evaluate the net consumer benefits and harms of particular business practices to ensure that its regulatory approach is grounded in facts.”

Regarding competition and consumer protection issues in communications, information, and media technology networks, Public Knowledge said that the FTC could apply its “dim view” of non-transparent or unauthorized billing to “free” platforms that require users to provide data.

Public Knowledge encouraged the FTC to “use its full statutory arsenal” with respect to broadband providers.

Regarding the intersection between privacy, big data, and competition, Public Knowledge said that the FTC “should strive to use antitrust laws, where it can, to protect consumer privacy, but it must also advocate for comprehensive privacy legislation to truly protect consumers’ privacy in the digital age.”

Regarding the intersection between privacy, big data, and competition, the Free State Foundation said, “The FTC should regulate the privacy practices of both edge providers and ISPs in a consistent manner, and to the extent that a ‘patchwork’ of state laws and regulations develop that impose more stringent requirements on service providers than those imposed at the federal level, then those state laws and regulations that conflict with federal policy should be preempted.”

FSF emphasized the importance of timely and adequate disclosure of privacy practices and advocated an “opt-out” approach to data collection and use.

Regarding the FTC’s role in regulating broadband access, the communications industry, and the media industry, Larry Downes, project director for the Georgetown Center for Business and Public Policy, said, “To the extent that specific protections and sui generis enforcement powers are still warranted for lingering Open Internet concerns, the solution remains, as many commenters on the 2007 Report suggested, highly focused legislation. That legislation would, in essence, codify [FCC] Chairman [Michael] Powell’s four ‘Internet Freedoms’ and assign enforcement of them to either the FTC, the FCC, or some combination of the two.”

Regarding platform businesses, Mr. Downes said that the FTC should continue to ignore calls to “radically alter its approach” to antitrust and market power issues by “hipsters” who argue that “modern antitrust analysis fails to account for other, undefined harms to competitors and the market generally.”

“The hipsters have it backwards. For the last forty years, antitrust analysis has sensibly focused on measurable consumer harm, and in particular evidence of price increases, as a pre-condition for enforcement. It is highly flexible, and its appointed enforcers have proven fully capable of evaluating market power and anticompetitive conduct in all kinds of industries,” Mr. Downes said.

Regarding the intersection between privacy, big data, and competition, Mr. Downes urged “the FTC to continue its leadership in protecting U.S. consumers from poor practices and bad actors, using the tools described in the 2015 IoT Report: ‘enforce laws, educate consumers and businesses, and engage with consumer advocates, industry, academics, and other stakeholders…to promote appropriate security and privacy protections.’

“In addition to those tools, the Commission should also encourage, through challenge grants, contests, and other modest financial incentives, entrepreneurial solutions to specific data collection and use problems. For example, the Commission’s 2012 Robocall Challenge inspired the creation of Nomorobo, which continues to provide relief for millions of consumers at no or minimal cost, even as the FCC continues to work with the communications industry on a systemic technical solution,” he added.

Mr. Downes said that the FTC “should resist expanding its enforcement actions beyond cases where a collector fails to follow its own security practices, as promised to consumers and other stakeholders, leading to an avoidable security breach or other demonstrable consumer harm.”

He also opposed calls for “broad, vague, general ‘privacy’ legislation” which “threaten new and emerging technologies including the IoT, autonomous vehicles, robotics, applied artificial intelligence, connected medical devices and smart infrastructure,” and he said that the FTC “should stop recommending passage of such legislation.” —Lynn Stanton, [email protected]


Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More