Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

FTC emphasizes need for privacy and data security legislation

Privacy/Cyber Risk & Data Security FTC Federal Legislation FTC Act

Privacy, Cyber Risk & Data Security

On November 13, the FTC submitted comments in response to the Department of Commerce’s National Telecommunications and Information Administration (NTIA) request for input on developing the Administration’s approach to consumer data privacy protections. In its comment letter, the FTC noted that it supported a balanced approach to privacy, weighing the risks of data misuse with the benefits of data to innovation and competition, and reiterated its support for data privacy legislation. Specifically, the FTC renewed its call for Congressional action that clarifies the FTC’s authority and the rules relating to data security and breach notification. According to the FTC, any such legislation should balance “consumers’ legitimate concerns about the protections afforded to the collection, use, and sharing of their data with business’ need for clear rules of the road, consumers’ demand for data-driven products and services, and the importance of flexible frameworks that foster innovation.”

The FTC emphasized it is “uniquely situated” to balance consumers’ interest in privacy, innovation, and competition and argued it should continue to be the primary enforcer of the laws related to “information flows in the marketplace,” whether it’s under the existing or new privacy framework. The FTC noted, however, that the existing framework places a number of limitations on its powers, including (i) its lack of authority over non-profits and common carriers; (ii) its inability to levy civil money penalties; and (iii) its lack of broad rulemaking authority under the APA for consumer protection issues such as privacy and data security.