FTC Must Provide More Guidance for Unfairness Argues ICLE/TechFreedom Amicus Brief in Wyndham Case
Today, the International Center for Law & Economics (ICLE) and TechFreedom filed an amici curiae brief in the federal District Court of New Jersey arguing that the FTC’s unfairness claim against Wyndham Hotels is unconstitutionally vague and inadequately pleaded, and, as such, should be dismissed by the Court. TechFreedom and ICLE were joined by a distinguished group of consumer protection scholars including Todd Zywicki, who previously served as Director of the Office of Policy & Planning at the FTC and Paul Rubin, who previously served as Assistant Director for Consumer Protection of the FTC’s Bureau of Economics.
The FTC alleges that Wyndham’s failure to have reasonable data security was an unfair trade practice under Section 5 of the FTC Act, and that consumers were harmed when their credit card numbers were obtained by hackers who breached the reservation systems of Wyndham Hotels. The following comment can be attributed to ICLE Executive Director Geoffrey Manne and TechFreedom President Berin Szoka:
Over the last nine years, the FTC has charged seventeen companies with engaging in unfair trade practices for failing to have reasonable data security. But the Commission has never established what that means nor exactly how its broad power to prohibit unfair practices applies in these cases. Until now, each case has been settled out of court, with almost no public analysis. The FTC has chosen not to use its existing rulemaking powers and has issued no further guidance. Instead, the FTC has built what amounts to “non-law law”: vague, unpredictable standards built on an infinite regress of unadjudicated assertions.
The FTC claims its past complaints provide ample guidance on data security, but it hasn’t developed the limiting principles for unfairness required by Congress. The Commission’s complaints don’t even meet minimum pleading standards. Precisely because unfairness is such an amorphous concept, the Commission bears a heavy burden of establishing the elements required by Section 5: substantial injury that consumers cannot reasonably avoid and without countervailing benefits. It hasn’t done so. Dismissing the FTC’s complaint against Wyndham would be a catalyst for long-overdue changes in the FTC’s approach, and courts can help protect consumers by clearly stating that it’s up to Congress to decide how to protect consumers against harms that the agency’s unfairness authority can’t properly reach.
Whatever the court decides, the Wyndham case could finally force Congress to decide how data security should be regulated. But we hope lawmakers will consider the more fundamental question of how the FTC operates. If neither the courts nor Congress disciplines the FTC’s use of unfairness authority, the FTC will continue to use unfairness as a blank check to regulate data security and other aspects of the Internet and new technologies more generally.
Manne and Szoka are available for comment at [email protected].