How FTC privacy enforcement has evolved with recent cases

The FTC has recently undertaken further reviews of specific security practices past its historical boundaries

The Federal Trade Commission (FTC) has asserted its enforcement authority as “the chief federal agency on privacy policy since the 1970s,” originally, under the Fair Credit Reporting Act and, subsequently, under a variety of federal privacy and security statutes, including the FTC Act (FTCA § 5), the Gramm‑Leach‑Bliley Act (GLBA) and the Children’s Online Privacy Protection Act (COPPA).

Historically, the FTC’s focus has been on the accuracy and completeness of disclosed privacy policies under FTCA § 5, i.e. whether the company making the disclosure is actually compliant with such disclosures. For example, the FTC settled charges with a leading online distribution platform for marketers based on the distributor’s violation of its own published privacy policy by using “history sniffing” technology to “secretly and illegally determine whether millions of consumers had visited any one of more than 54,000 domains.” Similarly, the FTC entered into a consent decree with a mobile social media app developer that exceeded its stated privacy policy by collecting contact information from users’ mobile devices, even when the user had affirmatively declined to give the developer authorization to do so.

Contributing Author

author image

Paige M. Boshell

Paige M. Boshell is a partner with Bradley Arant Boult Cummings LLP in Birmingham, Ala., and is chair of the firm’s Privacy...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.