FTC mulling rules to control data collection by tech firms
WASHINGTON — Whether it’s the fitness tracker on your wrist, the “smart” home appliances in your house or the latest kids’ fad going viral in online videos, they all produce a trove of personal data for big tech companies.
How that data is being used and protected has led to growing public concern and officials’ outrage. Federal regulators are looking at drafting rules to crack down on what they call harmful commercial surveillance and lax data security.
The Federal Trade Commission announced the initiative last week, seeking public comment on the effects of companies’ data collection and the potential benefit of new rules to protect consumers’ privacy.
The FTC defines commercial surveillance as “the business of collecting, analyzing and profiting from information about people.”
In Congress, bipartisan condemnation of the data power of Meta — the parent of Facebook and Instagram — Google and other tech giants that have earned riches by aggregating consumer information used by online advertisers, has brought national data privacy legislation to its closest point ever to passage.
Around the country, parents’ concern has deepened over the impact of social media on children. Frances Haugen, a former Facebook data scientist, stunned Congress and the public last fall when she exposed internal company research showing apparent serious harm to some teens from Instagram.
Those revelations were followed by senators grilling executives from YouTube, TikTok and Snapchat about what they’re doing to ensure young users’ safety in the wake of suicides and other harms to teens attributed by their parents to their usage of the platforms.
The Democratic members of the FTC said it’s imperative for Congress to pass a new law, but that the agency was taking action in the meantime by issuing the notice of proposed rules.
“Mass surveillance has heightened the risks and stakes of data breaches, deception, manipulation and other abuses,” the FTC said.
Agency officials noted that the FTC has brought hundreds of enforcement actions against companies over the last two decades for violations of privacy and data security. They included cases involving the sharing of health-related data with third parties, the collection and sharing of sensitive TV viewing data for targeted advertising, and failure to put in adequate security measures to protect sensitive data such as Social Security numbers.
However, the officials said, the FTC’s ability to deter illegal conduct is limited because it generally lacks authority to seek financial penalties for initial violations of law.
“Firms now collect personal data on individuals at a massive scale and in a stunning array of contexts,” FTC Chair Lina Khan said in an online news conference. “Our goal today is to begin building a robust public record to inform whether the FTC should issue rules to address commercial surveillance and data security practices, and what those rules should potentially look like.”
Topics could include how companies use algorithms and automated systems to analyze information collected, and the potential effects of data practices.
Khan, an outspoken critic of Big Tech as a law professor, was appointed by President Joe Biden last year to head the FTC.
The rulemaking proposal was adopted in a 3-2 vote by the five FTC commissioners. Khan and the other two Democrats voted to issue it, while the two Republicans opposed it.