- FTC Commissioner Rebecca Slaughter called for greater rule-making and civil penalty authority for the Federal Trade Commission, speaking on a panel at The Atlantic Festival in Washington Tuesday. The FTC acting after the fact to investigate breaches and data privacy incidents isn't serving as a strong enough deterrent, and the commission needs to get out of after-the-fact reaction and more out front, Slaughter said.
- Speaking at the same panel, former commissioner and chairman Maureen Ohlhausen said the FTC was created to be broad and general, affording it flexibility in handling cases. The commission doesn't have fining authority until clear lines are drawn regarding what a violation is; when these lines are in place, the authority to redress makes sense.
- The dual focus on competition and consumer protection poises the commission well to handle privacy standards, Slaughter said. But clearer direction needs to be given to companies on the use of consumer data. As of yet, it is too soon to say if GDPR is successful, Ohlhausen said; the unintended consequences have yet to emerge.
When there is a data breach, the @FTC examines what led to it, and if there were irresponsible business practices involved. But hacks keep happening, which is why many want us to have more power to make rules and implement civil penalties, says @RKSlaughterFTC #TheAtlanticFest— The Atlantic Festival (@TheAtlanticFest) October 2, 2018
Asked if a tech juggernaut such as Facebook or Twitter could be formed in Europe in the GDPR era — or if the data privacy regulation would deter such innovation — Slaughter noted that California is already one of the most tightly regulated states in the U.S. yet has served as the breeding ground for so many technology giants.
Be cautious of presuming that such regulation will definitely push or stifle innovation, she said.
The FTC has acted as the technology and cybersecurity watchdog of the government for the last several years. The growing power of the technology industry and the impacts of massive data breaches are pushing the commission to reevaluate its regulation of the industry and the use of personal data.
With such a broad mandate to fill, the FTC is stretched thin with its current budget and staff, Slaughter said. Punching above its weight, the commission is making large returns on investment of taxpayer dollars, but it needs more resources.
The commission's technology staff is limited; it does have the position of chief technologist, but Neil Chilson, the most recent head, left in April and there is not yet a replacement. But for the most part the commission relies on experts brought in, Ohlhausen said.
The Office of Technology Research and Investigation, nestled in the Bureau of Consumer Protection, offers advice and evaluation on technology's impact to consumers. But the office is a small group and needs more resources, according to Bilal Sayyed, director of the Office of Policy Planning at the FTC, speaking at the first FTC hearing on competition and consumer protection in the 21st century at Georgetown University Law Center in Washington last month.
The hearing kicked off a series examining the need for reform in competition and consumer protection standards based off shifts in the economy — many of which are precipitated by the technology industry.
David Vladek, professor of law at Georgetown Law, said it might be time to consider a bureau of technology to beef up the commission's expertise in technologies, including AI, and forensic capabilities for breach investigations. Slaughter also said that technology could benefit from a similar model as competition and consumer protection, each of which has its own bureau in the commission.
Bureaus are not autonomous but rather complimentary too the FTC, said Timothy Muris, senior counsel at Sidley Austin LLP, speaking at the hearing.