The Federal Trade Commission (FTC) is addressing concerns around data privacy in the US. The government agency recently announced that it had created an Advanced Notice of Proposed Rulemaking (ANPRM), in which they are seeking comments from the general public on adding rules to crackdown on surveillance and security of consumer personal information within the United States. Given that the United States Congress is currently working on comprehensive federal legislation for data privacy; are these competing or complementary privacy agendas? What does the FTC’s latest move mean to individuals in the United States?
Let’s start with a few refreshers on what the Federal Trade Commission does and how they use the Advanced Notice of Proposed Rulemaking. From the FTC’s website, “Our mission is protecting consumers and competition by preventing anticompetitive, deceptive, and unfair business practices through law enforcement, advocacy, and education without unduly burdening legitimate business activity.”
So how does the privacy topic fit into the FTC’s mission statement? Their goals of protecting both consumers and competition are now focused on “harmful commercial surveillance and lax data security” which puts consumers’ privacy at risk, as well as giving organizations who unfairly collect or utilize customer data at an advantage over organizations who behave in a more ethical manner. Most would argue that abuse of personal information would fall into the “unfair business practices” area of the mission. As companies attempt to more effectively market their products and services to consumers, vast swathes of personal information are being gathered and stored. Sometimes that information is misused and that is what the FTC is focusing in on.
Misuse of personal information can come in many forms, including not protecting it and/or allowing it to be stolen by bad actors and then used against the consumer. The FTC, due to much consumer outcry, is focusing on new regulations that would allow the agency to take action against corporations that misuse personal information.
However, the use of personal information is a double edged sword for consumers. On the one hand, consumers like the benefit of personalized customer experience; only presenting ads and content that are relevant for the consumer. On the other hand, having that personal information misused or abused presents a clear and present danger to the consumer, especially if bad actors come into possession.
Given that the US congress is working on national privacy legislation, how does the FTC announcement affect the American Data Privacy and Protection Act? What does it mean to corporations? What does it mean to consumers? At the very least it is further demonstration that US consumers’ concerns are being heard and finally acted upon. For businesses that abuse information, the FTC’s announcement puts them on notice that change is coming, both from the FTC and from congress.
There are specific steps that must be followed when establishing these protective guidelines, and ANPRM is the first of many steps, required by law, for the FTC to establish new regulations (rules). It is generally accepted that the rulemaking process can take anywhere from five to seven5 to 7 years but the rule is put into force. The proposal moving through congress could be in place much more quickly, before year’s end theoretically.
In both cases, the ADPPA and the FTC rulemaking, legitimate businesses will need to adopt new policies and procedures on the use of personal information. A key aspect to policy adherence will be data governance. Every corporation that collects personal information will need to fully understand what information is collected, is that information proportionate to the purpose for which it was collected, how is that information maintained and secured, and provide the US consumers with the ability to know what information is collected, for what purpose and the rights to correct, restrict and delete the information that the corporation has collected.
Tealium’s Customer Data Platform helps organizations around the world in all industries on establishing data governance practices that help achieve global privacy requirements, including these impending updates to US policy and regulation.
If you’d like to learn more about how Tealium can support your data privacy and governance initiatives, click here to schedule a demo.