As the FTC kicks off its hearings on Competition and Consumer Protection in the 21st Century in Washington DC, it is the perfect time to welcome Tim Sparapani, Founder & Principal of SPQR Strategies, PLLC, as our guest author. Prior to launching SPQR Strategies, Tim served as the first Director of Public Policy at Facebook and in recent years has served as the VP of Policy, Law and Government Affairs for the Application Developers Alliance and continues to advise start-up tech companies on a wide range of policy matters. Tim's insight into privacy and policy are invaluable and his article is a must-read for companies and consumers alike.
Newly-minted Federal Trade Commission Chairman Joseph Simons and the FTC have given the Commission a rare chance; which is the chance to break truly new ground to help consumers with the most pressing privacy problems. The Commission is seeking to replicate the influential hearings from two decades before held by then-FTC Commissioner Bob Pitofsky. Those hearings built a record that guided prudent policymaking and enforcement actions by the Commission in the time since. By holding a series of hearings this fall concerning Competition and Consumer Protection in the 21st Century, the Commission has a chance to step back and rethink its goals with respect to what’s working and what’s not in our economy with respect to technology policy generally and privacy specifically.
My unsolicited advice to the Commission: Go Big and Go Broad!
While the Commission has worked hard to pick meaningful cases for enforcement actions, it’s no secret that the Commission is resource constrained. Given those constraints, the Commission has unfortunately ignored important violations of the law or abuses of consumers’ privacy. It has quite logically chosen to build its privacy and security jurisdiction consent decree-by-consent decree, typically choosing to bring actions against either fraudsters committing egregious violations of the law or the highest profile companies. The former cases are slam dunks, usually quickly resolved for the public’s benefit, and the latter cases -- typically targeting the world’s best-known tech companies -- are premised on the heretofore correct assumption that the press would broadcast those investigations and consent decrees around the globe so that all other companies would be put on notice about what constitutes a privacy or data security violation.
Those choices were reasonable but they have left too many privacy and security abuses unchecked, keeping consumers too often exposed. A change in direction could and should be inaugurated by these hearings. There’s a ton for the Commission to do as it builds a record for broadening and redirecting its enforcement actions.
Here are some recommendations for the Commission with how to use these hearings.
Every company has data so broaden your focus from Uber, Google, Facebook, Amazon, Apple and Microsoft. It’s been true for two decades now; in addition to producing whatever goods and services a business is offering for sale, that business also has consumer data that it collects and that deserves protection. Anyone who doubts this ought to look at the size of the membership -- tens of thousands now -- of registered members of the International Association of Privacy Professionals. It’s an important signal. Every company has a Privacy Officer now but the problems stemming from data misuse aren’t limited to just traditional tech companies. Since every company has data responsibilities, the FTC cannot always limit its efforts to protect consumers to the same handful of companies that are internationally known tech companies.
If consumers are giving their data to dozens, if not hundreds of companies in any given year, does it make sense to solely, repeatedly focus all efforts of the Commission on just a handful of companies? Don’t consumers deserve protections from misuses of data from all the companies who might obtain their data? If the Commission broadens its focus surely the benefits to consumers will grow commensurately from a broader policing of companies.
Just as every company is now a consumer data engine that needs to be policed, the list of harms to consumers from all those companies is growing and those new harms deserve scrutiny. Everyone truly fears a broader set of harms than the Commission is addressing. A too-careful focus on data security and data breach or ad tech privacy issues misses all the real, emerging threats to consumer data from misuse of consumer data.
New harms are emerging in the digital age. Three examples of these emerging harms prove this point. The Commission ought to take testimony about those harms and take actions to prevent them from harming consumers before those harms from misuse of consumers’ data become commonplace. Data brokers are buying and reselling consumers’ data without providing any recourse to consumers who will have no idea their data has been sold, to which companies it has been sold, or what the potential consequences to them are from those sales. The Commission needs to take action to prevent the misuse of genetic information to prevent people from being insured or employed. Similarly, price discrimination that forces some consumers to pay more than others for the same goods or services deserves scrutiny and action by the Commission.
In short, the FTC has an important opportunity to rethink and reframe the Commission’s efforts in the digital age. If the Commission embraces the opportunity and thinks more broadly, these hearings will have even more consequence for consumers than did those that these hearings were modeled after.
Founded by Tim Sparapani in 2011, SPQR Strategies is a full-service strategic consulting firm that offers customized, high-quality solutions to a growing list of prominent Fortune 500 companies, including GE, Google, Intuit, Kayak and Syniverse, as well as many startup companies, such as Bytes Media, Caremob, Hero, Koozoo, Quizlet, Spend Consciously, Womply and Xcinex. In addition to many of these multinationals and startups, SPQR advises a leading technology trade association, CALinnovates, as well as two privacy advocacy organizations, the Family Online Safety Institute and World Privacy Forum. Additionally, SPQR previously provided support to the Application Developers Alliance. To learn more visit: http://www.spqrstrategies.com.
Mark Jaffe leads the Rivian ethics, compliance, and privacy program, which includes ethic...Read More
Elise Houlik is Chief Privacy Officer at Intuit. In this role, she drives Intuit’s data...Read More
Meredith K. Grauer is Deputy General Counsel and Head of Privacy at Marqeta, leading a te...Read More