Skip to main content
close search
site logo
Dive Brief

FTC requests greater data privacy authority for issuing penalties

Published May 9, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Getty / edited by Industry Dive

Dive Brief:

  • The Federal Trade Commission (FTC) is seeking greater authority for data privacy protections beyond the limitations of Section 5 of the FTC Act, according to the agency's prepared statement before the House Energy and Commerce subcommittee Wednesday.
  • Section 5 grants the agency the ability to "aggressively" pursue privacy and data security cases, but limits the FTC from pursuing civil penalties for a first offense. It also prohibits the FTC from seeking penalties from non-profits and common carriers. 
  • The agency is pursuing "a consumer protection and competition policy and research agenda to improve agency decision-making, and engages in advocacy and education initiatives," according to the statement.

Dive Insight:

The FTC's calls for more authority in data privacy regulation comes as criticism of big tech flourishes.

Since 1970's Fair Credit Reporting Act was passed, the FTC served as the chief federal agency responsible for protecting consumer privacy and then the internet happened. The scope of what was required of the agency grew and covered territory not covered by current regulations. 

The FTC has a number of settlements with tech companies who stepped out of bounds, including PayPal's Venmo for misleading consumers about privacy controls or Uber's failure to protect personal information.

The agency is currently in settlement talks with Facebook after its Cambridge Analytica scandal from last year. It is likely the outcome will set the precedent for future privacy infractions. Facebook expects to lose between $3 billion and $5 billion to FTC fines, the company revealed in its Q1 2019 earnings.

The fine could be record-breaking for the FTC. Google cemented its place as the first "game changing" GDPR fines in January. The agency is working with the European Union to uphold U.S. companies with European presence to the Privacy Shield framework, a "voluntary mechanism" for companies to use to comply with GDPR, according to the statement.

California passed its version of GDPR last year though it was not without the tech industry's opposition. Few states have privacy legislation in the works due to disagreements on language, fines and the scope of their reach. However, it's likely the California law will set the gold standard for other states to model.

Recommended Reading

Filed Under: Security, Corporate

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell