FTC Publishes Statement Prioritizing Privacy and Data Governance Rulemaking

On December 10, 2021, the Federal Trade Commission ("FTC") published its Statement of Regulatory Priorities, which announced the FTC's intent to establish rulemakings on a myriad of data governance issues, such as unfair methods-of-competition stemming from surveillance-based business models and privacy.

Surveillance-Based Business Models

The FTC is considering establishing a rule to “confront . . . abuses stemming from surveillance-based business models.” These models reportedly threaten fairness toward consumers and bolster “unfair methods of competition,” which are expressly prohibited by Section 5 of the FTC Act.

An Executive Order issued on July 9, 2021, encourages the FTC to “consider competition rulemakings relating to non-compete clauses, surveillance, the right to repair, pay-for-delay pharmaceutical agreements, unfair competition in online marketplaces, occupational licensing, real-estate listing and brokerage, and industry-specific practices that substantially inhibit competition.”

Although no official rulemakings have been initiated, the FTC has published notice with the Office of Management and Budget citing a projected date of February 2022 for “initiating a rulemaking under section 18 of the FTC Act to curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.”

Privacy

The FTC has initiated review of the Children’s Online Privacy Protection Rule ("COPPA"), which “imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.” The FTC is currently analyzing and reviewing comments, which closed on December 9, 2019. The comments addressed all major provisions of the COPPA Rule, which includes: “definitions, notice and parental-consent requirements, exceptions to verifiable parental consent, and safeharbor provision.”

The FTC provides this review is necessary considering “changes in the marketplace.” These changes appear to be at the forefront of legislative minds, as the California Privacy Rights Act, Virginia’s Consumer Data Protection Act and the Colorado Privacy Act will all be effective in 2023.

Considering these potential rulemakings, we recommend a review of your organization’s currently policies and programs to ensure compliance with legislative best practices as well as the proposed text of these new legislative actions.

For questions of concerns about how these changes could impact your organization, please contact Kennedy Sutherland.