What do you think major tech companies and websites should be doing with your personal data? It’s the question at the heart of growing concerns over data collection and privacy, especially by companies seeking to make a profit from the collection and sale of that data.
Now, the Federal Trade Commission (FTC) is considering new federal rules on what it calls “harmful commercial surveillance and lax data security” by some of the biggest names in American (and global) business. They are accepting public comment on the potential harms stemming from the collection and sale of personal data, and insight into whether new rules are necessary to protect consumers.
“Firms now collect personal data on individuals at a massive scale and in a stunning array of contexts,” said FTC Chair Lina M. Khan in a statement with the announcement. “The growing digitization of our economy—coupled with business models that can incentivize endless hoovering up of sensitive user data and a vast expansion of how this data is used—means that potentially unlawful practices may be prevalent.”
Among the FTC’s concerns about the current state of commercial data collection is the fact that the markets in which that data is sold are often opaque, leaving customers with little to no understanding of who might be buying the data they turn over. The organization also has concerns about how unavoidable much data sharing has become, as companies use personal information, cookies, and other internet activity to further personalize advertisements and online experiences.
Some states, including Connecticut, have taken it upon themselves to introduce new regulations regarding the collection and sale of private data. Connecticut’s recent data privacy legislation was aimed at providing better transparency and control to consumers, allowing them to better understand how their data is being collected and used, and to opt-out of the sale of that data if they so choose. The law will not take effect until July of 2023.
There are, however, some concerns over these laws. During the debate over Connecticut’s bill, a few local lawmakers pointed out that it doesn’t take any steps to protect personal data from being used by the government. Meanwhile, the Digital Advertising Alliance, argued that piecemeal local legislation only added to the confusion, instead supporting federal legislation that would create one set of rules across the country.
Meanwhile, at the FTC, two of the five commissioners voted against the action to consider new rules. Both cited concerns that action by the FTC could derail efforts in Congress to pass similar legislation.
“National consumer privacy laws pose consequential questions, which is why I have said, repeatedly, that Congress—not the Federal Trade Commission —is where national privacy law should be enacted,” said Commissioner Noah Joshua Phillips in his dissenting opinion. “I am heartened to see Congress considering just such a law today, and hope this Commission process does nothing to upset that consideration.”
The public will be able to submit comment through the FTC’s website for 60 days following the public notice on August 11th. Those wishing to voice their opinions verbally will have a chance during a virtual public forum on September 8th.