FTC Commissioner Says There are Benefits to a Federal Privacy Law
WASHINGTON — As a number of states move towards enacting their own data privacy laws, the U.S. Congress should come up with its own comprehensive privacy statute enforced by the Federal Trade Commission, said FTC Commissioner Noah Phillips Monday.
Having one federal privacy law governing data privacy as well as data security would benefit consumer understanding and competition for smaller companies like startups, he added at a one-on-one virtual conversation with Hudson Institute Center for the Economics of the Internet director, Harold Furchtgott-Roth.
The more laws that these startups need to contend with to meet compliance, Phillips explained, the less they will be able to spend on being competitive forces in their respective markets.
“Imposing too many different regulatory regimes will mean that smaller firms, in particular, will be spending a lot more money on lawyers and too little on engineers,” he charged, and the cost of navigating through this sea of state laws could be too much for smaller companies to take on.
Pointing to fostering competition in the ever-growing digital markets, Phillips cautioned that having less money to invest in engineers would in turn hinder the overall product innovation and market competition that consumers benefit from.
But with each passing year, the commissioner said “state after state after state” adopts their own privacy laws, with as many similarities as there are significant differences among them. As of now, California is the only state with an effective privacy law.
According to the International Association of Privacy Professional’s Westin Research Center, Colorado and Virginia have both passed state legislation this year, but they are not yet effective.
The states of Massachusetts, New York, North Carolina, Ohio and Pennsylvania have active privacy bills under review. Showing interest in enacting privacy laws, the same July 28 report listed the following states as having failed bills: Alabama, Alaska, Arizona, Connecticut, Florida, Illinois, Kentucky, Maryland, Minnesota, North Dakota, Oklahoma, Texas, Utah, Washington and West Virginia.
“My view is that this is kind of core interstate commerce and that both consumers and businesses would be better off if we had one rule,” the Republican commissioner said.
And why should the FTC be the agency to enforce a comprehensive, federal privacy law?
Under the U.S. Fair Credit Reporting Act and the Children’s Online Privacy Protection Act, the FTC has already been granted authority that it uses “on a fairly frequent basis,” the commissioner said. Additionally, under the FTC Act of 1914, the commission has developed a privacy enforcement program under its broad “unfair or deceptive acts or practices” statutes arming the agency with the consumer protection authority to enforce data privacy and security.
On the consumer understanding side, he said, the lack of having a comprehensive privacy law leaves consumers feeling unnerved about how their privacy is being protected. This is why there needs to be a comprehensive rule of what, when and how their data will be used that is consistent across the nation regardless of what state they’re in, he said, versus having an array of state laws “[working] in the opposite direction” of consistency.
But this all comes down to Congress, not the FTC.
“If you’re talking about broad privacy reform, how we’re going to govern consumer data in America, it’s very clear to me that Congress is the place where those decisions need to be made,” Phillips said.
“Not by a vote of three or four or even five people,” he added, referring to the FTC leadership.