Background[edit | edit source]
President Woodrow Wilson signed the original FTC Act into law on September 26, 1914. When the Federal Trade Commission was created, its purpose was to prevent unfair methods of competition in commerce as part of the battle to "bust the trusts." Over the years, Congress passed additional laws giving the agency greater authority to police anticompetitive practices.
In 1938, Congress passed the Wheeler-Lea Amendment, which amended the FTC Act "to prohibit 'unfair or deceptive acts or practices' in addition to 'unfair methods of competition' — thereby charging the FTC with protecting consumers directly, as well as through its antitrust efforts." Since then, the Commission also has been directed to administer a wide variety of consumer protection laws, including the:
- CAN-SPAM Act
- Fair and Accurate Credit Transactions Act
- Children’s Online Privacy Protection Act
- Gramm-Leach-Bliley Act, and the
- U.S. SAFE WEB Act.
In 1975, Congress gave the FTC the authority to adopt industry-wide trade regulation rules.
While the Commission does not have criminal law enforcement authority, it is a law enforcement agency with authority to, among other things, address consumer concerns about Internet privacy, both for Internet service providers and content providers. Under the FTC Act, certain entities, such as banks, savings and loan associations, and common carriers, as well as the business of insurance, are wholly or partially exempt from Commission jurisdiction.
FTC investigations are nonpublic until the Commission takes a public action such as issuing a complaint or announcing a settlement.
FTC's mission[edit | edit source]
The FTC's mission is to promote the efficient functioning of the marketplace by protecting consumers from unfair or deceptive acts or practices and to increase consumer choice by promoting vigorous competition. The Commission's primary legislative mandate is to enforce Section 5 of the FTC Act, which prohibits unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce. With the exception of certain industries and activities, the FTC Act provides the Commission with broad investigative and law enforcement authority over entities engaged in or whose business affects commerce. The FTC is the only federal agency with both consumer protection and competition jurisdiction in broad sectors of the economy. The agency enforces laws that prohibit business practices that are harmful to consumers because they are anticompetitive, deceptive, or unfair, and promotes informed consumer choice and understanding of the competitive process.
The Commission also has responsibility under 45 additional statutes governing specific industries and practices, including the Truth in Lending Act of 1968, the CAN-SPAM Act, the Children's Online Privacy Protection Act of 1998, the Equal Credit Opportunity Act, the Fair Credit Reporting Act of 1970, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act of 1984.
The Commission also enforces over 30 rules governing specific industries and practices, e.g., the Used Car Rule, which requires used car dealers to disclose warranty terms via a window sticker; the Franchise Rule, which requires the provision of information to prospective franchisees; the Telemarketing Sales Rule, which defines and prohibits deceptive telemarketing practices and other abusive telemarketing practices; and the Children’s Online Privacy Protection Act and regulations.
In addition, on May 12, 2000, the Commission issued a final rule implementing the privacy provisions of the Gramm-Leach-Bliley Act. The rule requires a wide range of financial institutions to provide notice to their customers about their privacy policies and practices.
Online privacy[edit | edit source]
The online collection and use of consumers’ information, including the tracking of individual browsing habits, has raised significant concerns for many consumers. These concerns are not new; surveys have consistently demonstrated consumer unease with data collection practices in the online marketplace.
With certain exceptions, the FTC generally cannot directly impose civil monetary penalties for Internet privacy cases. Instead, the FTC typically addresses Internet privacy cases by entering into settlement agreements requiring companies to take actions such as implementing reasonable privacy and security programs. If a company then violates its settlement agreement with the FTC, the agency can request civil monetary penalties in court for the violations. In addition, the FTC can seek to impose civil monetary penalties directly for violations of certain statutes and their implementing regulations, such as the statute pertaining to the Internet privacy of children (COPPA) and its corresponding regulations.
1998 Report[edit | edit source]
In its 1998 report, Privacy Online: A Report to Congress, based upon its examination of the information practices of over 1400 commercial sites on the World Wide Web, and its assessment of private industry’s efforts to implement self-regulatory programs to protect consumers’ online privacy, the Commission summarized widely-accepted principles regarding the collection, use, and dissemination of personal information.
These Fair Information Practice Principles, which predate the Internet, had been recognized and developed by government agencies in the United States, Canada, and Europe since 1973, when the United States Department of Health, Education, and Welfare released its seminal report on privacy protections in the age of data collection, Records, Computers, and the Rights of Citizens.
The Report assessed the information practices of commercial websites and the existing self-regulatory efforts in light of these fair information practice principles and concluded that an effective self-regulatory system had not yet taken hold. The Commission deferred judgment on the need for legislation to protect the online privacy of consumers generally, and instead urged industry to focus on the development of broad-based and effective self-regulatory programs.
COPPA[edit | edit source]
In response to the concerns over the privacy of children’s online personal information, and with the encouragement of the FTC, the 105th Congress passed the Children's Online Privacy Protection Act to prohibit unfair and deceptive acts and practices in connection with the collection and use of personally identifiable information from and about children on the Internet.
1999 Report[edit | edit source]
In 1999, the Commission issued a second report to Congress — Self-Regulation and Online Privacy: A Report to Congress. — that assessed the progress made since its 1998 report, and set an agenda for Commission actions to encourage implementation of online privacy protections. In that Report, a majority of the Commission found notable progress in self-regulatory initiatives, and that online businesses were providing significantly more notice of their information practices. However, it also found that the vast majority of the sites surveyed collected personal information from consumers online, and that the implementation of fair information practices was not widespread. It argued that the growth of the Internet in general, and electronic commerce in particular, mandated against sweeping regulations that might inhibit the growth of both. The Commission also outlined plans for future Commission actions to encourage greater implementation of online privacy protections, including the public workshop on online profiling. One of the main elements of industry self-regulation was FTC enforcement of the privacy policies that companies collecting personal information posted on their websites.
2000 Report[edit | edit source]
In its 2000 report — Privacy Online: Fair Information Practices in the Electronic Marketplace: A Report to Congress — a majority of the Commission concluded that, despite its significant work in developing self-regulatory initiatives, industry efforts alone have been insufficient. Thus, the majority recommended that Congress enact legislation to ensure consumer privacy online.
Clinton Administration developments[edit | edit source]
During this period, the Commission also used its Section 5 authority to bring actions against companies that engaged in unfair or deceptive information practices. Most of these early cases involved deceptive statements in companies’ privacy notices about their collection and use of consumers’ data. The legal theories in these early enforcement actions highlighted, in particular, the fair information practice principles of notice and choice (the "notice-and-choice approach"). Collectively, the Commission's policy and enforcement efforts underscored its emphasis on the concepts of transparency and accountability for information practices.
Bush Administration developments[edit | edit source]
However, the agency changed its position after the election of President George W. Bush and a change in leadership at the Commission. The new FTC Chairman, Timothy Muris, announced that the agency would expand enforcement of existing laws rather than pursuing new legislation. Muris indicated that the Commission was "primarily a law enforcement agency" which "best carries out its consumer protection mission" through "aggressive enforcement of the basic laws of consumer protection." He further indicated that in his opinion, "the particular issue of broad based, Internet only legislation is still premature at this moment."
In the early 2000s, prompted by concern over offline data privacy threats and the increasing convergence of online and offline data systems, the Commission’s privacy approach evolved to include a focus on specific consumer harms as the primary means of addressing consumer privacy issues. Rather than emphasizing potentially costly notice-and-choice requirements for all uses of information, the harm-based model targeted practices that caused or were likely to cause physical or economic harm, or "unwarranted intrusions in [consumers'] daily lives."
Obama Administration developments[edit | edit source]
In recent years, the FTC has sought to protect consumers' personal information and ensure that consumers have the confidence to take advantage of the many benefits of the ever-changing marketplace by using two primary models:
- the "notice-and-choice model," which encourages companies to develop privacy notices describing their information collection and use practices to consumers, so that consumers can make informed choices, and
- the "harm-based model," which focuses on protecting consumers from specific harms — physical security, economic injury, and unwanted intrusions into their daily lives.
Each model advances the goal of protecting consumer privacy; at the same time, each has been subject to criticism.
Specifically, the notice-and-choice model, as implemented, has led to long, incomprehensible privacy policies that consumers typically do not read, let alone understand. Likewise, the harm-based model has been criticized for failing to recognize a wider range of privacy-related concerns, including reputational harm or the fear of being monitored. In addition, both models have struggled to keep pace with the rapid growth of technologies and business models that enable companies to collect and use consumers’ information in ways that often are invisible to consumers. Meanwhile, industry efforts to address privacy through self-regulation have been too slow, and have failed to provide adequate and meaningful protection.
Enforcement actions[edit | edit source]
The following FTC enforcement actions are discussed in this wiki:
- FTC v. 1268957 Ontario
- FTC v. Accusearch
- FTC v. AdultFriendFinder
- FTC v. Atkinson
- FTC v. Audiotex Connection
- FTC v. Cantkier
- FTC v. Carlos Pereira
- FTC v. Corzine
- FTC v. Crescent Publishing
- FTC v. Cyberspace.com
- FTC v. Dugger
- FTC v. Enternet Media
- FTC v. ERG Ventures
- FTC v. Frostwire LLC
- FTC v. Hill
- FTC v. Odysseus Marketing
- FTC v. Optin Global, Inc.
- FTC v. Pereira
- FTC v. ReverseAuction.com
- FTC v. Seismic Entertainment
- FTC v. Sony BMG
- FTC v. Toysmart.com
- FTC v. Verity International
- FTC v. Zuccarini
- In re AOL and CompuServe
- In re CardSystems Solutions
- In re DirectRevenue
- In re DoubleClick
- In re GeoCities
- In re Liberty Financial
- In re TJX Companies
- In re Zango
- In the Matter of Google Inc.
- U.S. v. Choicepoint
Publications/Websites[edit | edit source]
- Adult Labeling Rule
- Advertising and Marketing on the Internet: Rules of the Road
- Antitrust Enforcement and Intellectual Property Rights: Promoting Innovation and Competition
- Beyond Voice: Mapping the Mobile Marketplace
- Broadband Connectivity Competition Policy
- Consumer Protection in the Global Electronic Marketplace: Looking Ahead
- Data Brokers: A Call for Transparency and Accountability
- Disposing of Your Mobile Device
- Dot Com Disclosures: Information About Online Advertising
- Entering the 21st Century: Competition Policy in the World of B2B Electronic Marketplaces
- Evolution of a Prototype Financial Privacy Notice: A Report on the Form Development Project
- The FTC's First Five Years Protecting Consumers Online
- FTC Offers Tips on Wise Use of Wi-Fi Networks
- Final Report of the FTC Advisory Committee on Online Access and Security
- Improving Consumer Mortgage Disclosures: An Empirical Assessment of Current and Prototype Disclosure Forms
- Internet Auctions: A Guide for Buyers and Sellers
- Marketing Your Mobile App: Get it Right From the Start
- Mobile App Developers: Start with Security
- Mobile Apps for Kids: Current Privacy Disclosures are Disappointing
- Mobile Privacy Disclosures: Building Trust Through Transparency
- Online Profiling: A Report to Congress
- Online Profiling: A Report to Congress, Part 2 Recommendations
- Privacy Online: A Report to Congress
- Privacy Online: Fair Information Practices in the Electronic Marketplace: A Report to Congress
- Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers
- Protecting Personal Information: A Guide for Business
- Public Workshop on Consumer Privacy on the Global Information Infrastructure
- Self-Regulation and Privacy Online: A Report to Congress
- Self-Regulatory Principles for Online Behavioral Advertising
- Telemarketing Sales Rule
- To Promote Innovation: The Proper Balance of Competition and Patent Law and Policy
- Virtual Worlds and Kids: Mapping the Risks
Workshops[edit | edit source]
The following FTC workshops, conferences and meetings are discussed in this Wiki:
- Beyond Voice: Mapping the Mobile Marketplace
- Face Facts: A Forum on Facial Recognition Technology
- FTC Spyware Workshop
- The Mobile Wireless Web, Data Services and Beyond: Emerging Technologies and Consumer Issues
- Paper, Plastic . . . or Mobile? An FTC Workshop on Mobile Payments
- Pay on the Go: Consumers and Contactless Payment
- Protecting Consumers in the Next Tech-ade
- Spam Summit: The Next Generation of Threats and Solutions
- Transatlantic RFID Workshop on Consumer Privacy and Data Security
References[edit | edit source]
- See J. Howard Beales III, Director, Bureau of Consumer Protection, Fed. Trade Comm'n, "The FTC's Use of Unfairness Authority: Its Rise, Fall, and Resurrection" (June 2003) (full-text).
- See Section 5(a)(2) and (6)a of the FTC Act, 15 U.S.C. §§45(a)(2) and 46(a). See also The McCarran-Ferguson Act, 15 U.S.C. §1012(b).
- See 15 U.S.C. §45(a).
- 16 C.F.R. Part 455.
- 16 C.F.R. Part 436.
- 16 C.F.R. Part 310.
- 16 C.F.R. Part 312.
- 15 U.S.C. §§6801 et seq.
- Privacy Online: Fair Information Practices in the Electronic Marketplace: A Report to Congress, at 3.
- See Remarks of FTC Chairman Timothy J. Muris], The Privacy 2001 Conference (Oct. 4, 2001) (full-text).
- See Challenges Facing the Federal Trade Commission, Hearing on H.R. 68 Before the Subcomm. on Commerce, Trade, and Consumer Protection of the H. Comm. on Energy and Commerce, 107th Cong. 12 (2001) (statement of Timothy J. Muris, FTC Chairman) (full-text).
- In announcing the Commission’s expanded privacy agenda, then FTC Chairman Muris noted that "[m]any consumers are troubled by the extent to which their information is collected and used . . . [but that] what probably worries consumers most are the significant consequences that can result when their personal information is misused." See Remarks of FTC Chairman Tim Muris at the Privacy 2001 Conference (Oct. 4, 2001) (full-text). Chairman Muris then identified various harms caused by the misuse of consumer data — for example, risks to physical security from stalking; economic injury resulting from identity theft; and commercial intrusions into daily life by unwanted solicitations.