Can the FTC Promulgate Effective Privacy Rules?

In the absence of federal privacy legislation, the FTC is widely expected to commence a rulemaking to “curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.” This paper addresses some of the reasons why FTC rulemaking is a poor substitute for federal legislation and an inefficient allocation of limited agency resources. While the FTC has considerable power to craft rules banning unfair or deceptive practices, Magnuson-Moss rulemaking is slow and resource-intensive, may not produce enforceable final rules, and does not necessarily preempt inconsistent state law. Plus, the limits of FTC’s unfairness authority do not always square well with privacy. Competition rulemaking, meanwhile, would be a terrible strategic blunder for the FTC and should be avoided. The FTC should instead focus its efforts on the most egregious practices that plainly fit within the statutory rubric of unfairness. 

By Ben Rossen^[1]

I. Introduction

When the Federal Trade Commission (“FTC”) announced in December that it is considering commencing a “commercial surveillance” rulemaking to “curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination,”^[2] privacy advocates appeared to have cause for celebration. Finally, after years of stalled negotiations on comprehensive privacy legislation in Congress, a newly agg