Whether it's the fitness tracker on your wrist, the “smart” home appliances in your house or the latest kids’ fad going viral in online videos, they all produce a trove of personal data for big tech companies.
How that data is being used and protected has led to growing public concern and officials’ outrage. And now federal regulators are looking at drafting rules to crack down on what they call harmful commercial surveillance and lax data security.
The Federal Trade Commission announced the initiative Thursday, seeking public comment on the effects of companies’ data collection and the potential benefit of new rules to protect consumers’ privacy.
The FTC defines commercial surveillance as “the business of collecting, analyzing and profiting from information about people.”
In Congress, bipartisan condemnation of the data power of Meta — the parent of Facebook and Instagram — Google and other tech giants that have earned riches by aggregating consumer information used by online advertisers, has brought national data privacy legislation to its closest point ever to passage.
Around the country, parents’ concern has deepened over the impact of social media on children. Frances Haugen, a former Facebook data scientist, stunned Congress and the public last fall when she exposed internal company research showing apparent serious harm to some teens from Instagram. Those revelations were followed by senators grilling executives from YouTube, TikTok and Snapchat about what they’re doing to ensure young users’ safety in the wake of suicides and other harms to teens attributed by their parents to their usage of the platforms.
The Democratic members of the FTC said Thursday it’s imperative for Congress to pass a new law, but that the agency was taking action in the meantime by issuing the notice of proposed rules.
“Mass surveillance has heightened the risks and stakes of data breaches, deception, manipulation and other abuses,” the FTC said..
Agency officials noted that the FTC has brought hundreds of enforcement actions against companies over the last two decades for violations of privacy and data security. They included cases involving the sharing of health-related data with third parties, the collection and sharing of sensitive TV viewing data for targeted advertising, and failure to put in adequate security measures to protect sensitive data such as Social Security numbers.
However, the officials said, the FTC’s ability to deter illegal conduct is limited because it generally lacks authority to seek financial penalties for initial violations of law. That could change if the comprehensive privacy legislation were to clear Congress.
“Firms now collect personal data on individuals at a massive scale and in a stunning array of contexts,” FTC Chair Lina Khan said in an online news conference. “Our goal today is to begin building a robust public record to inform whether the FTC should issue rules to address commercial surveillance and data security practices, and what those rules should potentially look like.”
“We are very, very eager to hear from the public,” Khan said.
Topics of interest could include how companies use algorithms and automated systems to analyze the information they collect, and the potential effects of various data practices.
Khan, who was an outspoken critic of Big Tech as a law professor, was appointed by President Joe Biden last year to head the FTC — an independent agency that polices competition and consumer protection as well as digital privacy.
The rulemaking proposal was adopted in a 3-2 vote by the five FTC commissioners. Khan and the other two Democrats voted to issue it, while the two Republicans opposed it.