SANTA MONICA, CA – Five public interest groups have joined in proposing 10 key steps to the Federal Trade â€‹Commission that they said the agency must take to ensure the FTC adequately protects consumers.
In a letter to Acting FTC Chairwoman Maureen Ohlhausen and Commissioner Terrell McSweeney the groups wrote:
“American consumers today are at great risk of identity theft, financial fraud, and data breaches. Sensitive personal information is collected by many companies that simply do not do enough to safeguard consumer privacy. We also believe that proactive efforts to strengthen data protection will spur innovation and support business models that are sustainable over time.”
Read the group’s letter here:
Signing the letter were the Center for Digital Democracy, Consumer Federation of America, Consumer Watchdog, The Electronic Privacy Information Center and U.S. PIRG. Here are the 10 steps the groups advocated:
1. The FTC Must Enforce Existing Consent Orders
The effectiveness of FTC enforcement is determined by the agency’s willingness to enforce the legal judgments it obtains. The FTC should review substantial changes in business practices for companies under consent orders that implicate the privacy interests of consumers. Multiple prominent internet firms have been permitted to alter business practices, without consequence, despite being subject to 20-year consent orders with the FTC. This has harmed consumers and promoted industry disregard for the FTC.
2. The FTC Should Incorporate Public Comments on Proposed Settlement Agreements
The FTC should incorporate the public comments it requests on proposed settlement agreements. The agency has thus far failed to incorporate important suggestions from consumer advocates that would strengthen proposed settlements. The FTC’s failure to make any changes is: (1) contrary to the explicit purpose of the statutory provision that allows the Commission to request comments from the public; (2) contrary to the broader purpose of the Commission to police unfair and deceptive trade practices; and (3) contrary to the interests of American consumers.
3. The FTC Should Mandate Fair Information Practices in Consumer Privacy Settlements
The FTC should require compliance with Fair Information Practices under the terms of consent orders with companies in consumer privacy settlements. The Commission should mandate baseline privacy standards that are widely recognized around the world and necessary to protect the interests of consumers.
4. The FTC Should Promote Transparency
The FTC must improve transparency into how it handles complaints against companies
that are made by groups representing consumers’ interests. Specifically, the FTC should
promptly confirm receipt of such complaints and notify the complainants in a timely fashion if it decides not to bring formal action and provide the reasons for that decision.
5. The FTC Should Seek Greater Authority to Protect American Consumers
The FTC should seek legislative authority to protect consumer privacy and to reduce the risks of identity theft, security breaches, and financial fraud. Congress needs to understand that the FTC simply lacks sufficient legal authority to protect consumers
6. The FTC Should Bring More Actions Based on “Unfairness” Authority
The FTC should bring more enforcement actions over unfair trade practices. The Commission should adopt a broader understanding of consumer harm presented by companies that fail to enforce strong data protection standards. The unworkable “notice and choice” approach fails to provide meaningful privacy protections, and simply produces vague privacy policies. In contrast, the unfairness authority will establish substantive privacy protections that protect American consumers and reduce the risk of identity theft, data breach, and financial fraud.
7. The FTC Should Oppose Mergers that Consolidate User Data and Threaten Privacy
The FTC should use its antitrust authority to block the merger of companies that consolidate user data and threaten consumer privacy. The FTC has approved too many mergers, including Google/DoubleClick, Google/Nest, and Facebook/WhatsApp, that failed to safeguard consumer privacy. The FTC must explore the privacy implications of mergers and block those proposals that lack sufficient safeguards.
8. The FTC Must Produce Concrete Outcomes from Commission Workshops
FTC workshops provide an important opportunity for experts to provide input to the
Commission, but the workshops should produce meaningful, actionable outcomes. The FTC should produce substantive reports and concrete recommendations for future actions. To date, many of the workshops do not produce any tangible result and merely lead to unenforceable suggestions for industry. The FTC should issue effective guidance and propose legislative and regulatory solutions. The FTC should also use its authorities to address the consumer privacy issues raised in these workshops.
9. Enforce Privacy Shield and COPPA
Until there is a replacement for Privacy Shield, the FTC has an obligation to uphold its responsibilities and to bring enforcement action when necessary. The FTC must also enforce the Children’s Online Privacy Protection Act (“COPPA”). When companies collect personal information from children through the Internet, they incur serious legal obligations to protect children’s privacy. The FTC has an obligation to safeguard the privacy of young children by investigating and enforcing compliance with COPPA.
10. Support Establishment of a Data Protection Agency in the United States
The United States is one of the few democracies in the world that does not have a federal data protection agency, even though the original proposal for such an institution emerged from the U.S. in the 1970s. The FTC should back the long overdue establishment of a Data Protection Agency.
Visit our website at www.consumerwatchdog.org