PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Speaking at the FTC Hearing on Data Security on December 12

12/13/18 Update: Here is the video from the session described below.

On Wednesday, December 12, 2018, I’ll be speaking at the Data Security hearing, part of the FTC Hearings on Competition and Consumer Protection in the 21st Century.  My panel begins at 1:00 PM:

The U.S. Approach to Consumer Data Security

Wednesday, December 12, 2018 from 1:00 PM to 2:30 PM

Participants:

Chris Calabrese
Center for Democracy & Technology

Daniel J. Solove
George Washington University Law School

David Thaw
University of Pittsburgh

Janis Kestenbaum
Perkins Coie LLP

Lisa J. Sotto
Hunton Andrews Kurth LLP

Moderator: James Cooper
Federal Trade Commission, Bureau of Consumer Protection

I previously spoke at an earlier hearing in this series back in September on a panel about consumer privacy protection (video / transcript).  The upcoming hearing focuses on data security.

Continue Reading

Did the LabMD Case Weaken the FTC’s Approach to Data Security?

Federal Trade Commission - Washington, DC

Co-Authored by Prof. Woodrow Hartzog

On Wednesday, the U.S. Court of Appeals for the 11th Circuit issued its long-awaited decision in LabMD’s challenge to an FTC enforcement action: LabMD, Inc. v. Federal Trade Commission (11th Cir. June 6, 2018). While there is some concern that the opinion will undermine the FTC’s power to enforce Section 5 for privacy and security issues, the opinion actually is quite narrow and is far from crippling.

While the LabMD opinion likely does have important implications for how the FTC will go about enforcing reasonable data security requirements, we think the opinion still allows the FTC to continue to build upon a coherent body of privacy and security complaints in an incremental way similar to how the common law develops. See Solove and Hartzog, The FTC and the New Common Law of Privacy, 114 Columbia Law Review 584 (2014).

Continue Reading

The Future of the FTC on Privacy and Security

Future of the FTC

Co-authored by Professor Woodrow Hartzog

The Federal Trade Commission is the most important federal agency regulating privacy and security. Its actions and guidance play a significant role in setting the privacy agenda for the entire country. With the Trump Administration about to take control, and three of the five Commissioner seats open, including the Chairperson, a lot could change at the FTC. But dramatic change is not common at the agency. What will likely happen with the FTC’s privacy and security enforcement over the next four years?

Continue Reading

The 5 Things Every Privacy Lawyer Needs to Know about the FTC: An Interview with Chris Hoofnagle

Privacy and Security Training

The Federal Trade Commission (FTC) has become the leading federal agency to regulate privacy and data security. The scope of its power is vast – it covers the majority of commercial activity – and it has been enforcing these issues for decades. An FTC civil investigative demand (CID) will send shivers down the spine of even the largest of companies, as the FTC requires a 20-year period of assessments to settle the score.Continue Reading

The Scope and Potential of FTC Data Protection

FTC Privacy and Security

I am pleased to announce the publication of my article, The Scope and Potential of FTC Data Protection., 83 George Washington Law Review 2230 (2015).  I wrote the article with Professor Woodrow Hartzog.

FTC StatueThe article addresses  the scope of FTC authority in the areas of privacy and data security (which together we refer to as “data protection”).  We argue that the FTC not only has the authority to regulate data protection to the extent it has been doing, but that its granted jurisdiction can expand its reach much more. Normatively, we argue that the FTC’s current scope of data protection authority is essential to the United States data protection regime and should be fully embraced to respond to the privacy harms unaddressed by existing remedies available in tort or contract, or by various statutes. In contrast to the legal theories underlying these other claims of action, the FTC can regulate with a much different and more flexible understanding of harm than one focused on monetary or physical injury.

We contend that the FTC can and should push the development of norms a little more (though not in an extreme or aggressive way). We discuss why the FTC should act with greater transparency and more nuanced sanctioning and auditing.

The article was part of a great symposium organized by the George Washington University Law Review: The FTC at 100.

GW Law Review FTC Symposium

Here is a table of contents of the issue, along with links to where you can access each essay and article.

Continue Reading