Cross-Sector FTC Privacy Protection Flashcards
What is the Federal Trade Commission Act/Why does it matter?
The Federal Trade Commission Act of 1914 (FTC Act) established the FTC to enforce antitrust laws.
Section 5 has been consistently applied to privacy and information security: “Unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful.”
Section 6 provides the FTC with the authority to conduct investigations and to require businesses to submit investigatory reports under oath.
What are the FTC’s enforcement powers?
- Preventing unfair methods of competition and unfair or deceptive acts, or practices in or affecting commerce
- Seeking monetary redress and other relief for conduct injurious to consumers
- Prescribing trade regulation rules, defining with specificity acts or practices that are unfair or deceptive
- And establishing requirements designed to prevent such acts or practices
Name three privacy laws the FTC is responsible for?
COPPA, CAN-SPAM, HITECH (with HHS)
FTC Privacy Enforcement Actions
Facebook (2019) - $5B for deceptive practices/violation of consent decree because they didn’t tell users about third party access to data
Snapchat (2014) - consent decree/20 year ban because unsecure find friends feature and many ways to save pics/chats indefinitely
LabMD (2013-2018) - FTC lost this, claimed LabMD engaged in unfair trade practices by failing to secure data on its network
Wyndham (2012)- FTC won in court, W hotels had failed to protect user data
What are unfair practices in relation to privacy?
Unfair practices may include failure to implement adequate protection measures for sensitive personal information or providing inadequate disclosures to consumers
What are deceptive practices?
Deceptive practices may include false promises, misrepresentations and failures to comply with representations made to consumers.
COPPA
Children’s Online Privacy Protection Act. Enforced by FTC, sets requirements for 13 years and younger users
Name five topics that represent the Future of Federal Enforcement of privacy rights:
Data Brokers
Big Data
Artificial Intelligence
Biometrics
Internet of Things (IoT)
What are data brokers, and what are the privacy concerns?
Data brokers are entities that collect, aggregate and sell individuals’ personal data, derivatives and inferences from disparate public or private sources.
* Data is often gathered without the data subject’s knowledge or consent
* Data can be combined to reveal personal information not available from a single source
* The FTC encourages data minimization practices and calls for federal legislation
* Vermont, California and Virginia have data broker laws
What is big data, and what are the privacy concerns?
Big data is a term used to describe the large data sets that organizations have been able to collect due to the exponential growth in the amount and availability of data.
Concerns about big data often revolve around a lack of clear notice to data subjects about how their data will be used, as well as how advanced analytics can be used to repurpose data in ways the data subject did not agree to when the data was collected
What is Artificial Intelligence, and what are the privacy concerns?
Artificial intelligence is a broad term used to describe a process where machines learn from experience, adjusting to new inputs and potentially performing tasks previously done by humans.
* Often used for automated decision-making
* The FTC states that “AI tools should be transparent, explainable, fair and empirically sound, while fostering accountability
What are biometrics, and what are the privacy concerns?
Biometrics are physical or behavioral characteristics that can be used to digitally identify individuals. They include fingerprints, facial patterns, voice patterns and retinal images.
* Privacy concerns: Biometrics are inherently identifying, cannot be changed if compromised, can be collected without the individual’s knowledge or consent and can be used to track locations and activities
* Several states have laws or statutes governing the use of biometrics, including Illinois, Texas, Washington, California, New York and Arkansas
What is the Internet of Things, and what are the privacy concerns?
Internet of Things (IoT) is a term used to describe the many devices that are connected to the internet. Any device that is built with a network interface can be assigned an IP address to allow for automation and remote access.
* Includes “smart” devices (such as phones, TVs, homes), connected cars, wearable technology, biometric scanners, tracking devices
* Potential for data to be collected and shared without the data subject’s knowledge or consent
* Collected data can be used in targeted advertising
* May allow for cross-device tracking of individuals
* Concerns include effects on data security, data minimization, notice and choice