FTC Regulation of Cybersecurity and Surveillance

Article Source: in The Cambridge Handbook of Surveillance Law, David Gray and Stephen Henderson, eds., Cambridge University Press, 2017, pp. 708-726
Publication Date:
Time to Read: 2 minute read
Written By:

Search for the full article on Bing



The Federal Trade Commission (FTC) regulates monitoring and tracking activities by private-sector entities in the United States. Such activities include intrusive web monitoring or insecure product design. Under principles established in FTC cases, firms may be liable for direct surveillance of consumers, or for surveillance by third parties.


Policy Relevance:

The FTC's actions support civil liberties and make firms more responsible for tracking and monitoring of consumers.


Key Takeaways:
  • Marketers and advertisers use extensive tracking infrastructure to watch how people act online and off.
    • Private-sector tracking affects civil liberties, because authorities use private actors to monitor individuals.
    • By regulating intrusive private sector-tracking, the FTC supports civil liberties.
  • The FTC has broad power to regulate unfair or deceptive practices; the FTC need not wait until after a consumer has been injured to bring an action; however, to balance its broad powers, the FTC’s power to levy fines is limited.
  • The FTC’s cases impose liability on firms for direct invasions of privacy, such as the distribution of online tracking apps or the use of spyware to obtain information from devices such as smartphones.
  • FTC cases also impose liability on firms for indirect invasions of privacy; for example, a firm that sold webcams was found liable because the camera was insecure, allowing strangers to share images from inside people's homes on the Internet.
  • The Communications Decency Act (CDA) immunizes online services from liability for third party users’ actions; however, a website that paid for investigators to post confidential information is not entitled to immunity under the CDA.
  • The FTC's cases have established rules requiring enhanced consent before people agree to surveillance, in effect banning some types of tracking.
  • The FTC's actions have had three main effects:
    • Creators of tracking tools must monitor users more carefully.
    • Software vendors and other service providers must take reasonable security precautions.
    • Online services are no longer entirely immune for their user’s gross misconduct.



Chris Hoofnagle

About Chris Hoofnagle

Chris Jay Hoofnagle is Professor of Law and of Information in Residence at the School of Law, University of California, Berkeley. He is a Faculty Director of the Berkeley Center for Law & Technology. Additionally, he is affiliated faculty with the Simons Institute for the Theory of Computing, UC Berkeley. Professor Hoofnagle helps students from different disciplinary perspectives understand the effects of law on technology. He teaches cybersecurity, privacy, consumer protection, forensics, and seminars on new technologies.