This month, the Government Accountability Office (“GAO”) released a report recommending that Congress consider enacting a federal internet privacy law in the United States.  The 56-page independent report was requested by the House Energy and Commerce Committee, which has scheduled a hearing on data privacy on February 26, during which it plans to discuss the GAO’s findings.  The Senate Commerce Committee is scheduled to hold a similar hearing on February 27th.

According to the GAO, “Congress should consider developing comprehensive legislation on Internet privacy that would enhance consumer protections and provide flexibility to address a rapidly evolving Internet environment.”  The GAO stressed the importance of striking an appropriate balance between the benefits of data collection and addressing consumer concerns.

Specifically, the GAO recommended that the Federal Trade Commission (“FTC”) be responsible for enforcing internet privacy.  Currently, the U.S. lacks an overarching federal privacy law governing the use, collection, and sale of consumer information.  In lieu of a federal privacy law, the FTC has used its authority under Section 5 of the FTC Act to take action against unfair and deceptive practices with respect to privacy.  However, as the report highlights, the FTC’s authority and enforcement abilities have been limited.  The GAO also cited its own reports to support its conclusions about privacy and lack of regulatory oversight in the burgeoning IoT sector, automakers collecting smart car owner data (a summary of this report is available here), lack of oversight over companies that re-sell consumer information, and lack of protection for mobile users against undisclosed data collection practices.

The report also described the benefits of the collection of consumer information on the internet, which include: enabled services (e.g., mapping), low-cost or free services to consumers (e.g., social media), fostered innovation and customization.  At the same time, the GAO report elevated concerns of consumers related to internet privacy, including: data breaches, financial harms, lack of understanding on data practices, and lack of control.  As a result, in developing legislation, the GAO opined, Congress must strike the appropriate balance between these competing tensions, and consider issues such as:

  • the proper agency to oversee internet privacy;
  • what authorities an agency (or agencies) should have to oversee internet policy, including notice-and-comment rulemaking authority and first-time violation civil penalty authority; and
  • the appropriate balance between consumer privacy and the industry’s ability to deliver services and innovate.

The report was released amidst a myriad of federal legislative attention to consumer privacy issues, and numerous proposals for creating a federal U.S. privacy law.  Additional coverage of these proposals can be found here:

Tags: Congress, Federal Trade Commission, Legislation
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jayne Ponder Jayne Ponder

Jayne Ponder provides strategic advice to national and multinational companies across industries on existing and emerging data privacy, cybersecurity, and artificial intelligence laws and regulations.

Jayne’s practice focuses on helping clients launch and improve products and services that involve laws governing data privacy…

Jayne Ponder provides strategic advice to national and multinational companies across industries on existing and emerging data privacy, cybersecurity, and artificial intelligence laws and regulations.

Jayne’s practice focuses on helping clients launch and improve products and services that involve laws governing data privacy, artificial intelligence, sensitive data and biometrics, marketing and online advertising, connected devices, and social media. For example, Jayne regularly advises clients on the California Consumer Privacy Act, Colorado AI Act, and the developing patchwork of U.S. state data privacy and artificial intelligence laws. She advises clients on drafting consumer notices, designing consent flows and consumer choices, drafting and negotiating commercial terms, building consumer rights processes, and undertaking data protection impact assessments. In addition, she routinely partners with clients on the development of risk-based privacy and artificial intelligence governance programs that reflect the dynamic regulatory environment and incorporate practical mitigation measures.

Jayne routinely represents clients in enforcement actions brought by the Federal Trade Commission and state attorneys general, particularly in areas related to data privacy, artificial intelligence, advertising, and cybersecurity. Additionally, she helps clients to advance advocacy in rulemaking processes led by federal and state regulators on data privacy, cybersecurity, and artificial intelligence topics.

As part of her practice, Jayne also advises companies on cybersecurity incident preparedness and response, including by drafting, revising, and testing incident response plans, conducting cybersecurity gap assessments, engaging vendors, and analyzing obligations under breach notification laws following an incident.

Jayne maintains an active pro bono practice, including assisting small and nonprofit entities with data privacy topics and elder estate planning.

Read more about Jayne PonderEmail
Show more Show less