In an unprecedented transition, the FTC just got a full slate of 5 new commissioners, three Republicans and two Democrats:
Joe Simons (Chairman) – R
Noah Phillips – R
Christine Wilson – R
Rohit Chopra – D
Rebecca Slaughter – D
It is difficult to predict how the FTC will approach privacy. The new commissioners will be inheriting some high-profile investigations (Equifax and Facebook), and they will also be inheriting the legacy of the FTC as serving as the leading privacy regulator in the United States. There are some, such as Berin Szóka, who argue that the FTC’s power needs to be reigned in. In contrast, I posit that just the opposite is in order: the FTC must pursue a bold enforcement agenda.
The reason is that we don’t live in an isolated world. The European Union (EU) has seized the scepter of leading regulator of multinational companies. Nearly every chief privacy officer at a large multinational company tells me that their focus is 90% or more on the General Data Protection Regulation (GDPR) — the massive and rigorous privacy regulation in the EU that will start being enforced on May 25 of this year. Effectively, for many companies, the regulators they are paying attention to are across the pond.
The US shouldn’t let itself fade into irrelevance. For years, the FTC has been working to convince the EU that there really is meaningful privacy regulation in the US — and I believe that this effort made a difference. Perhaps it didn’t convince all EU policymakers, but it definitely had an effect on some policymakers. This was how the US was able to establish the Privacy Shield Framework, built in the smoldering ashes of the Safe Harbor Arrangement that the European Court of Justice demolished in one swift stroke.