The Federal Trade Commission and Privacy: Defining Enforcement and Encouraging the Adoption of Best Practices - Version 2.0

Abstract

This article is Version 2.0 of this working paper and it examines the history of privacy enforcement by the Federal Trade Commission, including the FTC’s jurisdiction under Section 5, and its privacy enforcement matters, as well as the FTC's recently issued report, "Protecting Consumer Privacy in an Era of Rapid Change: A proposed Framework for Businesses and Policymakers", in which the FTC examines past enforcement models, noting their failings. In light of the FTC’s examination of past enforcement models, this article then analyzes these models, including the accountability-centric model that has previously been utilized in the United States, as well as the FTC’s proposed solution to the privacy problems of the Web 2.0 World--the adoption of best practices, including a "privacy by design" framework. The article then argues that the method to achieve the FTC’s goal of voluntary adoption of best practices is to focus on proportional protection for data based upon the sensitivity of the data in question, and to create a "safe harbor" from enforcement for businesses that choose to adopt the framework. This proposed framework could be linked in a meaningful way to existing EU processes, such as Binding Corporate Rules or the existing EU Safe Harbor program. By combining these elements, the FTC can achieve meaningful and focused self-regulation and provide appropriate protection to consumers, while giving business an incentive to adopt best-practices, and also increase the level of international cooperation regarding privacy.