FTC Regulation of Cybersecurity and Surveillance

Privacy and Security

Article Snapshot


Chris Hoofnagle


in The Cambridge Handbook of Surveillance Law, David Gray and Stephen Henderson, eds., Cambridge University Press, 2017, pp. 708-726


The Federal Trade Commission (FTC) regulates monitoring and tracking activities by private-sector entities in the United States. Such activities include intrusive web monitoring or insecure product design. Under principles established in FTC cases, firms may be liable for direct surveillance of consumers, or for surveillance by third parties.

Policy Relevance

The FTC's actions support civil liberties and make firms more responsible for tracking and monitoring of consumers.

Main Points

  • Marketers and advertisers use extensive tracking infrastructure to watch how people act online and off.
    • Private-sector tracking affects civil liberties, because authorities use private actors to monitor individuals.
    • By regulating intrusive private sector-tracking, the FTC supports civil liberties.
  • The FTC has broad power to regulate unfair or deceptive practices; the FTC need not wait until after a consumer has been injured to bring an action; however, to balance its broad powers, the FTC’s power to levy fines is limited.
  • The FTC’s cases impose liability on firms for direct invasions of privacy, such as the distribution of online tracking apps or the use of spyware to obtain information from devices such as smartphones.
  • FTC cases also impose liability on firms for indirect invasions of privacy; for example, a firm that sold webcams was found liable because the camera was insecure, allowing strangers to share images from inside people's homes on the Internet.
  • The Communications Decency Act (CDA) immunizes online services from liability for third party users’ actions; however, a website that paid for investigators to post confidential information is not entitled to immunity under the CDA.
  • The FTC's cases have established rules requiring enhanced consent before people agree to surveillance, in effect banning some types of tracking.
  • The FTC's actions have had three main effects:
    • Creators of tracking tools must monitor users more carefully.
    • Software vendors and other service providers must take reasonable security precautions.
    • Online services are no longer entirely immune for their user’s gross misconduct.


Get The Article

Find the full article online

Search for Full Article