Privacy Rulemaking at the FTC
- Author(s):
- James C. Cooper
- Posted:
- 7-2022
- Law & Economics #:
- 22-31
- Availability:
- Full text (most recent) on SSRN
ABSTRACT:
The FTC was early to recognize that the ease with which online firms could collect and share consumer information would make privacy a core consumer protection issue. The FTC skillfully has used case-by-case enforcement under its section 5 authority to address privacy concerns for nearly twenty-five years, yet there are some potentially important limitations to this approach, which are likely to dilute the FTC's ability to optimally deter harmful data practices. Recently, the FTC has expressed interest in its organic rulemaking power, dropping serious hints that it is prepared to pursue rules under its dual authorities to prevent "unfair and deceptive acts or practices" (UDAP) and "unfair methods of competition" (UMC). But before the FTC discards its enforcement-based approach to privacy, it is important to consider the opportunity costs. While a rule banning certain conduct provides legal clarity and the ability to pursue monetary remedies, it comes at the cost of flexibility. This chapter explores these trade-offs and the legal boundaries of possible privacy rulemaking paths. If history provides any guide for potentially fertile rulemaking areas, a few candidates emerge, including notice-and-consent requirements for certain types of sensitive surveillance, and requirements about the form of privacy disclosures. Rules that go beyond these areas would have to rely on information collected in the rulemaking process and a more expansive view of the FTC's unfairness authority. Given its shaky legal grounds and the tenuous link between privacy practices and anticompetitive conduct, UMC rulemaking seems a particularly bad path for the FTC to take.