The FTC’s expertise and long history as privacy enforcer in the U.S. make it best suited to be the chief enforcement agency for a federal privacy bill.
It has been more than 50 years since America enacted one of the first federal privacy laws: the Fair Credit Reporting Act (FCRA).
Passed in 1970, the FCRA governs the collection, assembly, and use of consumer information for employment, insurance underwriting, and credit eligibility, and provides the framework for the credit reporting system in the U.S. This law was monumental because it was one of the first to govern how businesses use personal information, just as computers and the digital age were about to change the landscape of data privacy. But perhaps most importantly, the law built on the Federal Trade Commission’s (FTC) role as a champion of American consumers and established the FTC as the chief enforcement agency for consumer privacy violations in the U.S.
For decades, the FTC has used its existing authorities to pursue cases against companies that engage in fraud and deception and educated consumers and businesses to protect consumers’ personal information. These laws were written before the widespread use of the Internet and the advances of the modern data-driven economy. It’s past time to modernize these laws to enhance the FTC’s ability to protect consumers’ privacy now and in the future.
Privacy for America has proposed a framework for a comprehensive data privacy bill that prioritizes the FTC as a strong enforcement body to help ensure compliance, accountability, and meaningful consumer protections. This includes equipping the FTC with more resources to do its job effectively, such as the establishment of a new Data Protection Bureau to oversee privacy and data security issues. Our framework would also empower state attorneys general to enforce the law in federal court to ensure a thorough system of enforcement across all jurisdictions. And finally, our framework would authorize the FTC and state AGs to seek civil penalties for first-time violations.
To be truly effective, however, lawmakers must pass a comprehensive privacy law that pairs strong enforcement with clear rules of the road and comprehensive accountability requirements. In addition to equipping the FTC with strong enforcement capabilities, our framework would establish this clear set of rules, including the prohibition of a defined set of practices that could leave consumers’ data vulnerable to misuse or theft. It would also establish accountability and transparency requirements for businesses, including maintaining a privacy compliance plan that would require companies to frequently assess their compliance with the law.
Privacy for America stands with many stakeholders in insisting that a federal privacy law must include increased resources and clear enforcement authority for the FTC as important ways to ensure compliance. That’s also why we recently sent letters to leadership at the House Energy and Commerce and Senate Commerce Committees calling for bipartisan action to grant the FTC authority under Section 13(b) to seek monetary relief from companies engaging in activity that they have clear notice is harmful to consumers. This is exactly the type of enhanced enforcement the FTC should be given to provide meaningful privacy protections to consumers and aligns closely with the privacy framework we’ve set forth to lawmakers. We look forward to working with members of both parties on this issue and the passage of a federal privacy law as soon as possible.
Learn more about our approach here: https://www.privacyforamerica.com/overview/principles-for-privacy-legislation/