PrivacySecurity

Federal Trade Commission Commercial Surveillance and Data Security Proposed Rulemaking

Michael KimJoseph Emerson
November 14, 2022
5 min read

Commercial surveillance is the practice of collecting and analyzing information about people for profit. Over the past months, the U.S. Federal Trade Commission (FTC) has increased its focus on companies’ harmful commercial surveillance programs and on inadequate data security of personal information practices. Companies have been able to operate these programs with limited repercussions. Primary activities of companies that fall under the commercial surveillance category include collecting, analyzing, and monetizing vast amounts of consumer information. The FTC is concerned with obscure and excessive data collected, which could then be analyzed using algorithms and automated systems to create profiles, influence consumers, and predict their desires and behaviors. Additionally, companies often monetized this by using the collected and analyzed data for providing services/products, selling data to third parties for targeted ads, or using the data to target consumers with dangerous or harmful content.

In a recent interview at the IAPP Privacy. Security. Risk. Conference, U.S. Federal Trade Commissioner Rebecca Kelly Slaughter was asked: What do you think is the harm that the FTC should be focused on in terms of protecting consumers? Slaughter responded: “The thing I think I’m most worried about is the way in which data (our data) is turned around and used against us. Not just shared in ways we don’t want it to be, but used to, for example, target us with harmful, dangerous, manipulative content. I think that is a real problem about which we should be concerned.”

The FTC Act of 1914 empowers the Commission to prevent unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce. This directive from Congress mandates the FTC to respond to such acts that are deemed unlawful. The FTC wants to better understand commercial surveillance with the potential for rulemaking if necessary to adhere to the Commission’s responsibility in enforcing the prevention of unfair methods of competition and/or unfair or deceptive acts or practices.

The FTC has published an Advance Notice of Proposed Rulemaking (ANPR), which is the first procedural step in determining if new trade regulation rules or other regulatory alternatives are warranted. The ANPR and related public comments will be an open record supporting the outcome.

The new trade regulation rules will clarify what the law prohibits and requires from market participants versus the current state, which requires market participants to read and understand fifteen FTC orders to interpret what the law expects and how to apply it to their business.

Why is this important?

Rules created by the FTC will directly impact consumers, privacy professionals, and client service practitioners. Existing FTC rules guide how we conduct business daily, including how to govern children’s privacy, the creation of the Privacy Act, and Privacy of Consumer Financial Information Act. Concerns expressed by the FTC include:

  • Lax data security – There is concern that many companies do not sufficiently or consistently invest in securing the data they collect against hackers and data thieves.
  • Retaliation – Companies may deny access to consumers who do not wish to have their personal information shared with other parties – or require consumers to pay a premium to keep their personal information private.
  • Inaccuracy – Automated decision-making systems and the algorithms that comprise them are safeguarded by companies, leading to a lack of knowledge regarding how they
  • Dark patterns – By utilizing a dark pattern, a company is attempting to influence or manipulate a consumer into making a decision they might not usually make on their own.
  • Harm to children – With the expansion of technologies that are directed at kids and the growing reliance on digital tools, children and teens face greater risks of immediate and long-term dangers
  • Surveillance creep – Companies often deceive consumers in their privacy policies regarding data collection and the various purposes of that data collection by using the data for other purposes not originally stated in the privacy policy.
  • Bias and discrimination – Several widely-used commercial surveillance practices may result in bias against users based on protected characteristics such as race, gender, age, etc.

Next steps

Provide feedback. Review the topics and questions located on the FTC’s website here and provide the FTC comments in the areas of expertise and knowledge here. While there are 10 topics and almost 100 questions to consider, these are not all-inclusive. For example, there are no specific questions related to the potential harm of collecting user location data; therefore, it is important for the public to review and provide response and comment. The FTC has extended the public comment period to November 21, 2022, as it is important to collect comments from a wide breadth of stakeholders.

For those who would prefer to provide comments via paper, mail those comments to the FTC at:

Federal Trade Commission, Office of the Secretary

600 Pennsylvania Avenue NW, Suite CC-5610 (Annex B)

Washington, DC 20580

Michael Kim

Director
Security and Privacy

View all posts

Joseph Emerson

Director
Security and Privacy

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
18 Apr

Learn more about what GRC Managed Service is and what it can do for SAP S/4HANA and SAP cloud solutions in the latest #SAP Blog post. https://ow.ly/OMaL50RfsHw #ProtivitiTech

Reply on Twitter 1781035159438954997 Retweet on Twitter 1781035159438954997 Like on Twitter 1781035159438954997 Twitter 1781035159438954997
protivititech Protiviti Technology @protivititech ·
17 Apr

Protiviti is a proud sponsor of ServiceNow Knowledge 2024—a three-day conference all about #AI. Stop by our booth (#2503) to visit with our team and learn how the #ServiceNow platform makes business transformation possible. https://ow.ly/qa6p50Rh9wf

Reply on Twitter 1780627914964308382 Retweet on Twitter 1780627914964308382 Like on Twitter 1780627914964308382 Twitter 1780627914964308382
protivititech Protiviti Technology @protivititech ·
16 Apr

What is #DesignThinking? Could it help your organization? Find out how Protiviti uses it to help clients build net new applications and modernize legacy systems. https://ow.ly/fMK550Rfsoi #ProtivitiTech

Reply on Twitter 1780204913663873376 Retweet on Twitter 1780204913663873376 Like on Twitter 1780204913663873376 Twitter 1780204913663873376
protivititech Protiviti Technology @protivititech ·
15 Apr

Join our May 2 webinar designed for privacy and security professionals seeking to navigate the intricate nuances of data governance within the ever-evolving global regulatory landscape. Register today! https://ow.ly/hzrG50R4fTX #ProtivitiTech #DataPrivacy

Reply on Twitter 1779872392535212145 Retweet on Twitter 1779872392535212145 2 Like on Twitter 1779872392535212145 1 Twitter 1779872392535212145
protivititech Protiviti Technology @protivititech ·
12 Apr

The latest Technology Insights Blog post offers insight into the unique risks associated with Large Language Models (LLMs) and how to establish strategies to mitigate them. https://ow.ly/q3w550RfbXm #ProtivitiTech #TechnologyInsights

Reply on Twitter 1778890996282982442 Retweet on Twitter 1778890996282982442 Like on Twitter 1778890996282982442 Twitter 1778890996282982442
Load More