Federal Trade Commission

Background
President Woodrow Wilson signed the original FTC Act into law on September 26, 1914. When the Federal Trade Commission was created, its purpose was to prevent unfair methods of competition in commerce as part of the battle to “bust the trusts.” Over the years, Congress passed additional laws giving the agency greater authority to police anticompetitive practices.

In 1938, Congress passed the Wheeler-Lea Amendment, which amended the FTC Act “to prohibit ‘unfair or deceptive acts or practices’ in addition to ‘unfair methods of competition’ &mdash; thereby charging the FTC with protecting consumers directly, as well as through its antitrust efforts.” Since then, the Commission also has been directed to administer a wide variety of consumer protection laws, including the:


 * CAN-SPAM Act
 * Fair and Accurate Credit Transactions Act
 * Children’s Online Privacy Protection Act
 * Gramm-Leach-Bliley Act, and the
 * U.S. SAFE WEB Act.

In 1975, Congress gave the FTC the authority to adopt industry-wide trade regulation rules.

The Commission does not have criminal law enforcement authority. Further, under the FTC Act, certain entities, such as banks, savings and loan associations, and common carriers, as well as the business of insurance, are wholly or partially exempt from Commission jurisdiction.

FTC's Mission
The FTC’s mission is to promote the efficient functioning of the marketplace by protecting consumers from unfair or deceptive acts or practices and to increase consumer choice by promoting vigorous competition. The Commission’s primary legislative mandate is to enforce Section 5 of the FTC Act, which prohibits unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce. With the exception of certain industries and activities, the FTC Act provides the Commission with broad investigative and law enforcement authority over entities engaged in or whose business affects commerce. The FTC is the only federal agency with both consumer protection and competition jurisdiction in broad sectors of the economy. The agency enforces laws that prohibit business practices that are harmful to consumers because they are anticompetitive, deceptive, or unfair, and promotes informed consumer choice and understanding of the competitive process.

The Commission also has responsibility under 45 additional statutes governing specific industries and practices. These include, for example, the Truth in Lending Act, which mandates disclosures of credit terms, and the Fair Credit Billing Act, which provides for the correction of billing errors on credit accounts.

The Commission also enforces over 30 rules governing specific industries and practices, e.g., the Used Car Rule, which requires used car dealers to disclose warranty terms via a window sticker; the Franchise Rule, which requires the provision of information to prospective franchisees; the Telemarketing Sales Rule, which defines and prohibits deceptive telemarketing practices and other abusive telemarketing practices; and the Children’s Online Privacy Protection Act and regulations.

In addition, on May 12, 2000, the Commission issued a final rule implementing the privacy provisions of the Gramm-Leach-Bliley Act. The rule requires a wide range of financial institutions to provide notice to their customers about their privacy policies and practices.

E-commerce on the Internet falls within the scope of this statutory mandate.

Online Privacy
The online collection and use of consumers’ information, including the tracking of individual browsing habits, has raised significant concerns for many consumers. These concerns are not new; surveys have consistently demonstrated consumer unease with data collection practices in the online marketplace.

Beginning in 1995, the Federal Trade Commission held a series of public workshops on the issues of privacy and the Internet. In part based upon these workshops, the FTC issued several reports to Congress focusing on a variety of privacy issues, including the collection of personal information from children, self-regulatory efforts and technological developments to enhance consumer privacy, consumer and business education efforts, and the role of government in protecting online privacy. The Commission has sought to understand the online marketplace and its information practices and to assess its cost and beneficial effects. It has also used its law enforcement authority to challenge websites with deceptive privacy policy statements.

1998 Report
In its 1998 report, Privacy Online: A Report to Congress, based upon its examination of the information practices of over 1400 commercial sites on the World Wide Web, and its assessment of private industry’s efforts to implement self-regulatory programs to protect consumers’ online privacy, the Commission summarized widely-accepted principles regarding the collection, use, and dissemination of personal information.

These Fair Information Practice Principles, which predate the Internet, had been recognized and developed by government agencies in the United States, Canada, and Europe since 1973, when the United States Department of Health, Education, and Welfare released its seminal report on privacy protections in the age of data collection, Records, Computers, and the Rights of Citizens.

The Report assessed the information practices of commercial websites and the existing self-regulatory efforts in light of these fair information practice principles and concluded that an effective self-regulatory system had not yet taken hold. The Commission deferred judgment on the need for legislation to protect the online privacy of consumers generally, and instead urged industry to focus on the development of broad-based and effective self-regulatory programs.

COPPA
In response to the concerns over the privacy of children’s online personal information, and with the encouragement of the FTC, the 105th Congress passed the Children's Online Privacy Protection Act to prohibit unfair and deceptive acts and practices in connection with the collection and use of personally identifiable information from and about children on the Internet.

1999 Report
In 1999, the Commission issued a second report to Congress &mdash; Self-Regulation and Online Privacy: A Report to Congress. &mdash; that assessed the progress made since its 1998 report, and set an agenda for Commission actions to encourage implementation of online privacy protections. In that Report, a majority of the Commission found notable progress in self-regulatory initiatives, and that online businesses were providing significantly more notice of their information practices. However, it also found that the vast majority of the sites surveyed collected personal information from consumers online, and that the implementation of fair information practices was not widespread. It argued that the growth of the Internet in general, and electronic commerce in particular, mandated against sweeping regulations that might inhibit the growth of both. The Commission also outlined plans for future Commission actions to encourage greater implementation of online privacy protections, including the public workshop on online profiling. One of the main elements of industry self-regulation was FTC enforcement of the privacy policies that companies collecting personal information posted on their websites.

2000 Report
In its 2000 Report, a majority of the Commission concluded that, despite its significant work in developing self-regulatory initiatives, industry efforts alone have been insufficient. Thus, the majority recommended that Congress enact legislation to ensure consumer privacy online.

Bush Administration Developments
However, the agency changed its position after the election of President George W. Bush and a change in leadership at the Commission. The new FTC Chairman, Timothy Muris, announced that the agency would expand enforcement of existing laws rather than pursuing new legislation. Muris indicated that the Commission was “primarily a law enforcement agency” which “best carries out its consumer protection mission” through “aggressive enforcement of the basic laws of consumer protection.” He further indicated that in his opinion, “the particular issue of broad based, Internet only legislation is still premature at this moment.”

During this period, the Commission also used its Section 5 authority to bring actions against companies that engaged in unfair or deceptive information practices. Most of these early cases involved deceptive statements in companies’ privacy notices about their collection and use of consumers’ data. The legal theories in these early enforcement actions highlighted, in particular, the fair information practice principles of notice and choice (the “notice-and-choice approach”). Collectively, the Commission’s policy and enforcement efforts underscored its emphasis on the concepts of transparency and accountability for information practices.

Obama Administration Developments
In recent years, the FTC has sought to protect consumers’ personal information and ensure that consumers have the confidence to take advantage of the many benefits of the ever-changing marketplace by using two primary models:


 * the "notice-and-choice model," which encourages companies to develop privacy notices describing their information collection and use practices to consumers, so that consumers can make informed choices, and
 * the "harm-based model," which focuses on protecting consumers from specific harms &mdash; physical security, economic injury, and unwanted intrusions into their daily lives.

Each model advances the goal of protecting consumer privacy; at the same time, each has been subject to criticism.

Specifically, the notice-and-choice model, as implemented, has led to long, incomprehensible privacy policies that consumers typically do not read, let alone understand. Likewise, the harm-based model has been criticized for failing to recognize a wider range of privacy-related concerns, including reputational harm or the fear of being monitored. In addition, both models have struggled to keep pace with the rapid growth of technologies and business models that enable companies to collect and use consumers’ information in ways that often are invisible to consumers. Meanwhile, industry efforts to address privacy through self-regulation have been too slow, and have failed to provide adequate and meaningful protection.