This month, the Government Accountability Office (“GAO”) released a report recommending that Congress consider enacting a federal internet privacy law in the United States.  The 56-page independent report was requested by the House Energy and Commerce Committee, which has scheduled a hearing on data privacy on February 26, during which it plans to discuss the GAO’s findings.  The Senate Commerce Committee is scheduled to hold a similar hearing on February 27th.

According to the GAO, “Congress should consider developing comprehensive legislation on Internet privacy that would enhance consumer protections and provide flexibility to address a rapidly evolving Internet environment.”  The GAO stressed the importance of striking an appropriate balance between the benefits of data collection and addressing consumer concerns.

Specifically, the GAO recommended that the Federal Trade Commission (“FTC”) be responsible for enforcing internet privacy.  Currently, the U.S. lacks an overarching federal privacy law governing the use, collection, and sale of consumer information.  In lieu of a federal privacy law, the FTC has used its authority under Section 5 of the FTC Act to take action against unfair and deceptive practices with respect to privacy.  However, as the report highlights, the FTC’s authority and enforcement abilities have been limited.  The GAO also cited its own reports to support its conclusions about privacy and lack of regulatory oversight in the burgeoning IoT sector, automakers collecting smart car owner data (a summary of this report is available here), lack of oversight over companies that re-sell consumer information, and lack of protection for mobile users against undisclosed data collection practices.

The report also described the benefits of the collection of consumer information on the internet, which include: enabled services (e.g., mapping), low-cost or free services to consumers (e.g., social media), fostered innovation and customization.  At the same time, the GAO report elevated concerns of consumers related to internet privacy, including: data breaches, financial harms, lack of understanding on data practices, and lack of control.  As a result, in developing legislation, the GAO opined, Congress must strike the appropriate balance between these competing tensions, and consider issues such as:

  • the proper agency to oversee internet privacy;
  • what authorities an agency (or agencies) should have to oversee internet policy, including notice-and-comment rulemaking authority and first-time violation civil penalty authority; and
  • the appropriate balance between consumer privacy and the industry’s ability to deliver services and innovate.

The report was released amidst a myriad of federal legislative attention to consumer privacy issues, and numerous proposals for creating a federal U.S. privacy law.  Additional coverage of these proposals can be found here:

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jayne Ponder Jayne Ponder

Jayne Ponder counsels national and multinational companies across industries on data privacy, cybersecurity, and emerging technologies, including Artificial Intelligence and Internet of Things.

In particular, Jayne advises clients on compliance with federal, state, and global privacy frameworks, and counsels clients on navigating the…

Jayne Ponder counsels national and multinational companies across industries on data privacy, cybersecurity, and emerging technologies, including Artificial Intelligence and Internet of Things.

In particular, Jayne advises clients on compliance with federal, state, and global privacy frameworks, and counsels clients on navigating the rapidly evolving legal landscape. Her practice includes partnering with clients on the design of new products and services, drafting and negotiating privacy terms with vendors and third parties, developing privacy notices and consent forms, and helping clients design governance programs for the development and deployment of Artificial Intelligence and Internet of Things technologies.

Jayne routinely represents clients in privacy and consumer protection enforcement actions brought by the Federal Trade Commission and state attorneys general, including related to data privacy and advertising topics. She also helps clients articulate their perspectives through the rulemaking processes led by state regulators and privacy agencies.

As part of her practice, Jayne advises companies on cybersecurity incident preparedness and response, including by drafting, revising, and testing incident response plans, conducting cybersecurity gap assessments, engaging vendors, and analyzing obligations under breach notification laws following an incident.