FTC Aims To Tighten Data Security Laws

Federal Trade Commission Chairwoman Edith Ramirez defended a recently released draft of the Consumer Privacy Bill of Rights at a privacy conference last week, saying the draft document included some loopholes that concerned her but calling it “a discussion document” on which a more robust privacy law can be built, SC Magazine reported.

Speaking at a Washington, D.C., privacy forum hosted by the International Association of Privacy Professionals on Thursday (March 5), Ramirez said some elements of the draft were a problem for her, including language that would preempt state privacy laws but wouldn’t be enforceable for two years. “The gap created is something I find concerning,” she said.

Ramirez added that self-regulation — which the advertising industry has said should be the basis for privacy regulation — should be “a complement to the enforcement work done at the [FTC].” There has been no Internet-focused federal privacy and data-protection legislation, which has resulted in the FTC’s string of successful rulings and enforcement actions becoming the defacto law for how companies must safeguard personal data and how they’re allowed to use it.

That doesn’t mean the draft privacy bill, which was released by the White House at the end of February, has been welcomed. Privacy advocates have complained that the bill has weak enforcement provisions and that the bill’s protections are predicated on a risk of actual harm, rather than on the principle of protecting consumer privacy.

Meanwhile, the Association of National Advertisers’ top lobbyist, Dan Jaffe, called the draft “a bill whose time has not come” and complained that it would require the ad industry to develop its own code of conduct on handling of consumer information, but would put the FTC in charge of making sure the codes satisfy requirements like informing consumers about how information will be used and shared, Advertising Age reported.

However, that’s already the primary way the FTC has regulating privacy — by allowing retailers and advertisers to establish their own published privacy policies, and then launching enforcement actions in cases where the business has failed to operate according to its own privacy policy.

The FTC also laid out specific areas of concern it had over both privacy and other issues as they relate to mobile financial services in an official set of comments last fall.