Privacy, Data Security & FTC Reform

There may be no Federal agency whose importance is more underappreciated than the Federal Trade Commission. Section 5 of the FTC Act gives the Commission sweeping jurisdiction — over nearly every company in America — and broad powers over unfair and deceptive acts and practices and unfair methods of competition. The FTC has increasingly wielded these powers over the high tech sector, becoming the de facto Federal Technology Commission.

Much of what the FTC does is uncontroversial, including routine antitrust, fraud and advertising cases. Yet as the FTC has dealt with cutting-edge legal issues, like privacy, data security and product design, it has raised deep concerns not merely about the specific cases brought by the FTC, but also about the agency drifting away from the careful balance it struck in its 1980 Unfairness Policy Statement and its 1983 Deception Policy Statement.

More broadly, privacy and data security have become an increasingly important concern for lawmakers and courts. Routine data breaches and data leaks, discovered security vulnerabilities, and hacking incidents have repeatedly exposed the fault lines in our legal system around data usage.

ICLE’s scholars work on the frontiers of privacy and data security, and have a deep expertise on the FTC’s historical and contemporary practices.

For LabMD, the Devil is in the Not-So-Well Specified Details

The Eleventh Circuit’s LabMD opinion came out last week and has been something of a rorschach test for those of us who study consumer protection law. Neil Chilson found the result to be a disturbing sign of slippage in Congress’s command that the FTC refrain from basing enforcement on “public policy.” Berin Szóka, on the other hand, saw the ruling as a long-awaited rebuke against the FTC’s expansive notion of its “unfairness” authority.