Once upon a time, not so very long ago, cookies were a tasty treat, tracking was something hunters did in the woods, browsing meant taking a stroll through the mall, the preferred family mobile device was the station wagon, and the only threat from a cloud was a thunderstorm.
In that pre-digital age, Congress wrote most of America’s federal privacy laws. Their authors could not envision technology that would allow both commercial interests and law enforcement authorities to pinpoint a person’s location with geo-tracking and profile his lifestyle, financial status and health by tracking his online activities. Nor did they imagine the threat sophisticated hackers could pose to personal financial and medical information as well as corporate intellectual property and trade secrets, whether stored on a laptop, mobile device, corporate server or in the cloud.
Many Washington observers doubt there will be any substantive action from the current Congress on consumer privacy.
“I’m pessimistic,” says William Baker, of counsel at Wiley Rein. “Congress has been facing these issues for more than a decade, and the issues simply get more complicated when you start introducing subjects that were not even being discussed five years ago, such as mobile applications, location tracking, Big Data and cloud computing.”
In the meantime, the FTC is using its power to regulate deceptive and unfair trade practices to go after companies it believes are unduly infringing on consumer privacy rights. The agency is also finding new ways to apply old laws to current practices.
“In the past two to three years, the FTC has been completely re-energized—it is as if they put in new batteries,” says Michelle Cohen, a member at Ifrah Law. “In the absence of federal legislation, they have taken the lead on ensuring there is some privacy regulation, using their existing authority under Section 5 [of the FTC Act]. In some cases, they have reached back to 1970s laws such as the Fair Credit Reporting Act (FCRA) and the Fair Debt Collection Practices Act and applied them to situations where people used data in ways they deemed inappropriate. These somewhat sleepy statutes are being used in creative ways.”
Data Broker Inquiry
In another hot privacy arena, the FTC announced in December 2012 an inquiry into the practices of nine data brokers—companies that collect and resell consumer data—and issued administrative subpoenas seeking information on how the companies collect, store, analyze and share data.
“There is concern among members of Congress and the FTC about data brokers because major portions of their business are not regulated under current law,” Baker says. “They have been around a long time, but now we have computers with more capacity, more sophisticated data analytics and more data. It’s the sheer mass of data that is pressing the issue now.”