Scholars Chris Hoofnagle, Woodrow Hartzog, and Daniel Solove Say the FTC Can Rise to the Privacy Challenge

By TAP Staff Blogger

Posted on August 28, 2019


Share

Chris Hoofnagle (University of California, Berkeley), Woodrow Hartzog (Northeastern University), and Daniel Solove (George Washington University) have joined forces to bring their expertise and insights to the Federal Trade Commission’s (FTC) privacy regulatory efforts. Their essay, “The FTC Can Rise to the Privacy Challenge, but Not Without Help from Congress” is published online on the Brookings Institution.

 

Last month, the FTC imposed a $5 billion penalty and sweeping new privacy restrictions on Facebook. This is the “the largest ever imposed [penalty] on any company for violating consumers’ privacy and almost 20 times greater than the largest privacy or data security penalty ever imposed worldwide.” There were many critics of the settlement (see: “Whopping $5 billion FTC settlement still a bargain for Facebook, critics say” – C|Net and “How the FTC Settlement Could Let Facebook Off the Hook” – Fast Company). And some question whether the FTC is the appropriate agency for protecting privacy (see: “FTC strikes $5B Facebook settlement against fierce Democratic objections” – Politico).

 

In “The FTC Can Rise to the Privacy Challenge, but Not Without Help from Congress”, Professors Hoofnagle, Hartzog, and Solove share their belief that “the FTC is still the right agency to lead the US privacy regulatory effort.” In their essay, the professors “explain the FTC’s structural and cultural strengths for this task, and then turn to reforms that could help the FTC rise to modern information privacy challenges.” They conclude by saying that the agency “does need to evolve to meet the challenge of regulating modern information platforms.”

 

Below are a few excerpts from “The FTC Can Rise to the Privacy Challenge, but Not Without Help from Congress”.

 

The FTC Wields Great Powers Tempered with Experience

 

The FTC has remarkable powers. At its creation a century ago, Congress gave it unprecedented investigatory and enforcement tools. These have been broadened over time as the FTC has faced new wrongs. Today, the FTC can examine business practices even where there is no investigatory predicate, and as a general-purpose consumer protection agency, it can sue almost any business.

 

As a result, the FTC is nimble and can adapt to new technologies without an act of Congress. Founded in the days of misleading newspaper advertising, the FTC was quick to pivot to radio, television, and internet fraud. The breadth and generality of its powers are also a source of strength. Much more than just data protection, modern consumer problems involve platforms, power, information asymmetries, and market competition. In theory, the FTC has a broad enough jurisdiction and charge to handle diverse issues often labeled as “privacy,” such as algorithmic manipulation and accountability.

 

In the information economy, privacy is among the most important values that law and norms should protect. Yet at the same time, privacy must also accommodate other important values, including the risks inherent in economic development. In our view, privacy is a means to the ends of freedom and autonomy in our personal lives and in our polity. It is a key component for human flourishing.

 

Reinforcing the FTC’s Existing Powers

 

The FTC has powers that could create more deterrence, if used. The DC Circuit recently affirmed a broad power to impose personal liability on people who directly participate in or control deceptive practices. This would seem to be an excellent remedy for platform companies like Facebook and Google. These companies continue to be founder-controlled in a real sense, and the founders have demonstrated little or inconsistent respect for users’ privacy interests. In its investigations, the FTC has uncovered numerous emails by executives in which they discuss information predations. Holding these executives more responsible could have a dramatic deterrent effect.

 

The FTC’s existing powers would be strengthened by broadening its economic analysis. Some within the FTC see privacy as an economic interest, but the FTC’s application of economic principles has been overly doctrinaire. The FTC takes businesses’ claims of utility gained from personal information at face value—just look at how the agency kowtowed to subprime lenders. At the same time, the FTC has been skeptical of the economic consequences to consumers from information trade, including the transaction costs that businesses can shape and opportunistically impose on consumers. The FTC is out of step with the best behavioral evidence concerning how consumers (mis)conceive of the information economy. With a broader economic conception of consumer behavior and privacy wrongs, the FTC could use its power to police many norm-violating practices.

 

The FTC has not fully appreciated the challenge of the information marketplace and platform power, resulting in under-conceptualized cases and missed opportunities. The modern consumer challenge is not information scarcity and a discrete choice between buying an Abdominizer or Ab Roller. The modern information dynamic is of information glut, and many transactions are continuous, where companies attempt to capture consumers in a platform. Platforms have unfathomable means and poorly-understood ends, can change terms on consumers, and will keep user data forever if they can.

 

Platform power is thus bigger than our individual decisions. Platform powers shape our decisions and skew what we think is even possible. That is the modern challenge that the FTC needs to tackle. It is bigger than privacy, and an agency focused only on data protection could not tackle it.

 

Reforming the FTC

 

Additionally, as threats from platforms evolve and become clear, the FTC might need to go beyond pushing back against deception and unfair actions that cause harm, and also target manipulation and abusive practices. Platforms and apps are now regularly deploying manipulative interfaces, sometimes called “dark patterns,” to wheedle, pressure, and convince people to act against their own interests for the benefit of the company. These dark patterns are often not outright deceptive nor do they necessarily cause the significant kind of harm contemplated by unfairness rules. Rather, they leverage people’s own limitations against them in an adverse way. Congress could embolden the FTC to fight these dark patterns by modifying Section 5 to prohibit “abusive” trade practices in addition to deceptive and unfair ones, which would mirror the powers of the CFPB [Consumer Financial Protection Bureau].

 

The real thing that upset the two dissenting commissioners and many critics [of the recent FTC $5 billion settlement with Facebook] is that the FTC didn’t change Facebook’s business model; it just created a better paper trail for when Facebook surveils its users. However, if the FTC is going to get serious about privacy, Congress is going to have to get serious about limiting platform power, among other issues. The FTC can’t boldly do all the things that must be done without Congress also taking action.

 

Read the full essay from the Brookings Institution: “The FTC Can Rise to the Privacy Challenge, but Not Without Help from Congress”.

 

Chris Hoofnagle is an adjunct professor in the School of Law and the School of Information at the University of California, Berkeley, and the Faculty Director of the Berkeley Center for Law & Technology's information privacy programs. He is also a senior fellow to the Samuelson Law, Technology & Public Policy Clinic and an elected member of the American Law Institute. He is an expert in information privacy law. He teaches computer crime law and a seminar on the Federal Trade Commission and online advertising. Professor Hoofnagle’s research focuses on the challenges in aligning consumer privacy preferences with commercial and government uses of personal information. He is the author of Federal Trade Commission: Privacy Law and Policy (Cambridge University Press, 2016).

 

Woodrow Hartzog is Professor of Law and Computer Science at Northeastern University School of Law and holds a joint appointment in the College of Computer and Information Science department. Professor Hartzog teaches privacy and data protection issues, and his research focuses on the complex problems that arise when personal information is collected by powerful new technologies, stored, and disclosed online. He is also an Affiliate Scholar at the Center for Internet and Society at Stanford Law School and serves on the advisory board of the Future of Privacy Forum. Professor Hartzog is an internationally recognized expert in the area of privacy, media, and robotics law. His book, Privacy’s Blueprint: The Battle to Control the Design of New Technologies (Harvard University Press, 2018), has been called “one of the most important books about privacy in our times.”

 

Daniel J. Solove is the John Marshall Harlan Research Professor of Law at the George Washington University Law School. He is an internationally-known expert in privacy law. Professor Solove teaches information privacy law, law and literature, criminal law, and criminal procedure. Professor Solove is the author of numerous books, including Nothing to Hide: The False Tradeoff Between Privacy and Security (Yale University Press 2011), Understanding Privacy (Harvard University Press 2008), The Future of Reputation: Gossip, Rumor, and Privacy on the Internet (Yale University Press 2007), and The Digital Person: Technology and Privacy in the Information Age (NYU Press 2004). He has also written several textbooks on information privacy and law fundamentals. Professor Solove blogs at LinkedIn as one of its “thought leaders,” and he has more than 1 million followers.

 


Share