Free State Foundation President Randolph May, Senior Fellow Seth Cooper, and
Research Fellow Michael Horney submitted
comments
to the National Telecommunications and Information Administration (NTIA) in response to its proposed approach to advance consumer privacy while protecting prosperity and innovation.
FSF's comments focus on how consumers' privacy is best protected by
case-by-case enforcement by the Federal Trade Commission.
The complete set of Free State Foundation comments, with footnotes, is
here
.
Immediately below is the "
Introduction and Summary
" to the comments, without the footnotes.
Introduction and Summary
These comments are submitted to NTIA regarding its proposed approach to advance consumer privacy while protecting prosperity and innovation. NTIA's principle-based approach sets out desired privacy protection outcomes for consumers as well as
high-level goals for federal action to protect privacy. In these comments, we focus on how case-by-case enforcement by the Federal Trade Commission (FTC) offers the best means for achieving federal goals for a harmonized system of clear legal rules that facilitate flexibility in privacy protection approaches for consumers. Our comments identify steps for bolstering the FTC's jurisdiction over consumer privacy and for establishing the agency as the common enforcer of privacy protections across all online service platforms. At the same time, the comments emphasize that overly restrictive privacy policies, such as ubiquitous mandatory opt-in, that are inconsistent with consumers' preferences will reduce the amount of information available to satisfy consumer demands.
We commend NTIA for pursuing consumer privacy protections by "[r]efocus[ing] on the outcomes of organizational practices, rather than on dictating what those practices should be."
In other words, NTIA rightly seeks to cultivate "
a set of inputs for building better privacy protections into products and services."
The stunning variety of existing and emerging digital services and applications involving significantly different uses of various types of consumer information makes detailed government-prescribed codes unrealistic, unworkable, and likely detrimental to innovation, investment, and consumer welfare. Instead, NTIA's Notice rightly calls for an approach to protecting consumer privacy by "managing risk and minimizing harm to consumers from collection, storage, use, and sharing of their info." This approach is suited to today's dynamic digital services ecosystem, and ultimately necessary for "balancing flexibility with the need for legal clarity and strong consumer protections."
Online consumers expect consistent rules to protect their privacy throughout the United States. Therefore, privacy regulation in the U.S. should reflect those expectations, whether consumers are doing business with an Internet service provider (ISP) or an edge provider like Google or Facebook. Case-by-case enforcement by the FTC offers the best means for a harmonized system of clear legal rules that enables flexibility and that is conducive to desired privacy protection outcomes.
The FTC's capabilities, expertise, and analytical approach toward consumer privacy make it the preferred agency to serve as a common enforcer of privacy protections. Unlike a proscriptive approach relying on
ex ante
rules, a case-by-case approach allows for individualized examination of the type and use of consumer data involved as well as the underlying digital content, service, or application. Agency enforcement precedents provide a prophylactic function and guidance regarding what privacy practices are permitted or not. And by avoiding rigid categorical restrictions, a case-by-case approach is hospitable to experimentation and innovation in new digital services and privacy protection measures.
The FTC's present approach to collection of consumer information generally comports with consumers' online expectations.
With regard to personally identifiable sensitive consumer information, like financial and health records, the FTC requires an affirmative "opt-in" choice for the collection and use of such data. And with regard to non-sensitive consumer information, like general web browsing or application usage, the FTC's policy is to allow opt-out as the default choice for the collection and use of such data.
Many online service providers allow consumers to access online services and content without the payment of fees. There is considerable evidence that Internet consumers value "free" content and services, even if it means they must share personal information. Thus, consumers "pay" for accessing online content by exchanging their personal non-sensitive information. By collecting consumer information and making that data available to advertisers, online providers are then able to deliver prospective consumers targeted ads they value.
Further, the FTC's approach requires that online service providers make the relevant privacy disclosures about information collection and use "clearly and prominently, immediately prior to the initial collection of or transmission of information, and on a separate screen from any final 'end user license agreement,' 'privacy policy,' 'terms of use' page, or similar document."
When consumers are presented the relevant information regarding their privacy protection choices, they are able to make informed decisions that reflect their preferences.
There are some important steps that Congress should take to bolster the FTC's jurisdiction over consumer privacy and to establish the agency as the common enforcer of privacy protections across all online service platforms. Transferring the FCC's privacy jurisdiction over traditional telephone, cable, and direct broadcast satellite (DBS) services to the FTC is one step. Due to technological convergence, continued enforcement of legacy FCC privacy regulations is increasingly arbitrary and likely to result in one set of providers being unfairly disadvantaged by being subject to overly-restrictive and unevenly applied rules that do not match current market realities. Consumers and online service providers alike would benefit from a simpler, more consistent set of privacy expectations.
Internet communications do not stop at state borders and neither should privacy laws. To the extent that any state laws and regulations impose more stringent requirements on service providers than those set at the federal level, then those state laws and regulations that conflict with federal policy should be preempted.
A PDF of the complete FSF comments, with footnotes, is
here.
* * *
Randolph J. Ma
y, President of the Free State Foundation, is a former FCC Associate General Counsel and a former Chairman of the American Bar Association's Section of Administrative Law and Regulatory Practice. Mr. May is a past Public Member and a current Senior Fellow of the Administrative Conference of the United States, and a Fellow at the National Academy of Public Administration.
Seth L. Cooper
is a Senior Fellow at The Free State Foundation. He previously served as the Telecommunications and Information Technology Task Force Director at the American Legislative Exchange Council (ALEC), as a Washington State Supreme Court judicial clerk and as a state senate caucus staff counsel. He is an attorney, and he graduated from Seattle University School of Law with honors. Mr. Cooper's work has appeared in such publications as
CommLaw Conspectus
, the
Gonzaga Law Review
, the
San Jose Mercury News
,
Forbes.com
, the
Des Moines Register
, the
Baltimore Sun
, the
Washington Examiner
, the
Washington Times
, and
The Hill
.
Michael J. Horney
is a Research Fellow at The Free State Foundation. He is a graduate of George Mason University, where he received a Master of Arts in Economics and was awarded a Mercatus MA Fellowship. He earned his Bachelor of Science with an Economics major and Political Science minor at Towson University. Mr. Horney was an MA Fellow and Research Assistant on policy research at the Mercatus Center at George Mason University, focusing on regulations, technology policy, and education policy, and he served as a Graduate Intern for the Committee on Ways and Means' Subcommittee on Social Security.