New FTC Leadership Signals Stronger Privacy Enforcement and Greater Racial Equity Priorities
On February 10, 2021, Federal Trade Commission (FTC) Acting Chairwoman Rebecca Kelly Slaughter presented the keynote address at the Future of Privacy Forum’s 11th-annual Privacy Papers for Policymakers event. In her address, Slaughter discussed some of her top privacy-related priorities for the Commission. Her early signaling of privacy priorities from Washington adds to the sentiment felt by some privacy advocates that a new presidential administration and a Democrat-led Congress could usher in a new era of privacy policies and legislation.
In her first major speech since being appointed as Acting Chair of the FTC in January, Slaughter outlined three major privacy-related priority areas for the FTC for the immediate future: practicing efficient and effective enforcement, protecting privacy in the pandemic, and progressing racial equity goals.
More Efficient and Effective Enforcement
In her remarks, Slaughter acknowledged the challenge of pursuing consumer privacy enforcement in the absence of a federal privacy law or civil penalty authority (in most cases). However, she identified two types of relief for victims of privacy violations that she believes the Commission should pursue and develop further: meaningful disgorgement and effective consumer notice.
Some of Slaughter’s previous statements and dissents on FTC resolutions during her time as a commissioner provide some insight into how she will drive the Commission’s enforcement strategies. Last November, the FTC alleged that video conferencing platform Zoom misrepresented its end-to-end encryption and installed software that bypassed certain Apple privacy controls, compromising data security. The complaint also alleged that Zoom software remained on users’ computers even after they deleted the app, and that sometimes it would automatically reinstall without prompting from the user. Although the case ended in a settlement, then-Commissioner Slaughter’s dissent expressed dismay that the FTC’s order only focused on data security and did not address consumer privacy. Contrastingly, Slaughter praised the settlement in another earlier case involving Everalbum, a photo storage app. That settlement required the company to delete photo data taken without consent as well as the facial recognition algorithms trained on that data.
Privacy in the Pandemic: Health and Education Data
In her address to the Future of Privacy Forum, Slaughter signaled her interest in two pandemic-related areas of personal data: education tech (ed-tech) and telehealth. First, she confirmed the need to update the Child Online Privacy Protection Rule (COPPA), a federal law that imposes stricter requirements on websites that interact with children under 13 years of age. This rulemaking would formalize the guidance already shared by the FTC earlier in the pandemic that extended COPPA protections to ed-tech. Second, Slaughter also stated the importance of investigation and enforcement action in digital health data-sharing practices. According to FAIR Health, use of telehealth apps increased by 3,060% between October 2019 and 2020, a growth that has highlighted the lack of oversight and regulation. To illustrate the role that the FTC can play in this growing industry, Slaughter pointed to a recent FTC action against Flo Health, a women’s health app. In that case, the Commission successfully implemented a settlement to address the app’s violation of its own privacy promises to not share consumers’ sensitive data with third parties.
The Need to Address Racial Equity
Finally, Slaughter reiterated her concern and commitment to addressing racial discrimination and algorithmic bias in facial recognition technology (FRT). This is not the first time that Slaughter has discussed structural racism and the need for increased diversity in tech. Her recent comments regarding government use of FRT come on the heels of national and global advocacy movements that have been motivated by high-profile FRT misidentifications of people of color. For example, in two unrelated incidents in 2019, Robert Julian-Borchak Williams and Nijeer Parks were incorrectly identified by FRT and arrested in connection with crimes they did not commit (they were eventually released). On February 16, 2021, an ACLU-led coalition of civil rights activists, grassroots organizations, and privacy advocates signed a letter to President Biden asking for regulation of FRT. Among others, their request includes support of a federal moratorium on government use of FRT and limitations on government funding of FRT technologies.
From this first keynote address, it appears that Acting Chairwoman Slaughter’s privacy agenda for the FTC takes a stricter stance on holding Big Tech accountable for privacy violations and considers the societal harms caused by misuse of health data and algorithmic bias. Promisingly, several of Slaughter’s positions are reflected in two recently introduced Senate privacy bills. The Consumer Online Privacy Rights Act (COPRA), introduced by Sen. Maria Cantwell (D-WA), mandates privacy risk assessments and constrains companies’ ability to collect and transfer consumer data online. The Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act, introduced by Sens. Roger Wicker (R-MS), John Thune (R-SD), and Marsha Blackburn (R-TN), would also impose similar assessment requirements and data collection constraints. Both bills would grant greater enforcement power to the FTC and restore the Commission’s authority to obtain monetary remedies for injured consumers.
Whether the two sides can come to an agreement on a comprehensive privacy bill that would likely empower the FTC remains uncertain. Nevertheless, Slaughter and the FTC’s focus on privacy and proposed legislation from both political parties provide a hopeful start to 2021 for privacy and civil rights advocates.
GLTR Staff Editor; Georgetown Law, J.D. expected 2022; Princeton University, B.A. 2013 © 2021, Amy Olivero