Across the country, several states, namely California, Colorado, Connecticut, Utah, and Virginia, have enacted extensive data privacy laws restricting the ways in which companies may collect, use and share consumer personal information without legal repercussions. In the digital marketing space, companies are required to operate their businesses within the confines of applicable state data privacy laws. This state-wide trend appears to have influenced the recent effort by the Federal Trade Commission ("FTC") to seek public comment on, among other things, "commercial surveillance" and "lax data security," with the goal of protecting consumers on a federal level. For purposes of clarity, the FTC defines "commercial surveillance" as the "business of collecting, analyzing and profiting from information about people."
Why is the FTC Pursuing New Data Privacy Laws?
According to FTC Chair Lina M. Khan, "[f]irms now collect personal data on individuals at a massive scale and in a stunning array of contexts." In an effort to address this concern, on August 11, 2022, the FTC issued an Advance Notice of Proposed Rulemaking ("ANPR"), offering the public 60 days to submit comments on the "prevalence of commercial surveillance and data security practices that harm consumers." Put another way, the FTC is looking for feedback on whether there is a need to address and create new data privacy laws, and if so, what they should look like. The ANPR sets forth the following points to consider: "the ways companies (1) collect, aggregate, protect, use, analyze, and retain consumer data, as well as (2) transfer, share, sell, or otherwise monetize that data in ways that are unfair or deceptive."
The FTC's press release includes various issues of alleged concern (among others): (1) the extent to which some surveillance-based services may be addictive to children; (2) the notion that some companies require consumers to sign up for surveillance as a condition for service; and, (3) in some instances, once a consumer signs up for a particular service, the company may change its privacy terms to expand surveillance going forward. The public comment period ends on October 10, 2022.
What About the Proposed Federal Data Privacy Law?
As readers of this blog know, Congress is in the process of working on a Federal Data Privacy Law, known as the American Data Privacy and Protection Act ("ADPPA"). Please note that the ADDPA is not an official bill yet, just a discussion draft as of today. The U.S. House Energy and Commerce Committee recently held a hearing on the proposed law, and members (on both sides of the aisle) voiced support for the ADDPA and the need for national data privacy standards. The following essential points were raised at the hearing:
- The need for privacy policies and notices to be written in plain English and in easily understandable language;
- How expansive ADDPA's preemption provisions should be; and
- The scope of the private right of action.
The three Democratic FTC Commissioners have explained that they hoped this recent FTC effort to seek comment on the need for national data privacy laws would galvanize the federal-level legislative initiative.
Why You Need Experienced Attorneys to Help Navigate Data Privacy Laws
If and until federal regulations are enacted to address consumer data privacy, ensuring compliance with the myriad state laws is a gigantic task. Businesses must now navigate the complexities and subtle differences between each law to stay compliant. Hiring experienced data privacy law attorneys can help make the regulatory compliance journey easier. The attorneys at Klein Moynihan Turco have experience in all things privacy and have been helping businesses stay ahead of the privacy curve for years.
Related Blog Posts:
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.