FTC takes on privacy and civil rights violations

The Federal Trade Commission may soon initiate a rulemaking that would allow the agency to take punitive action against tech companies for abuses of customers’ privacy and civil rights. The FTC made the announcement in a regulatory filing as part of its statement of regulatory priorities, The tweak would be meant to “curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination,” the agency said. This kind of rulemaking could allow the FTC to punish companies on their first offense, something the agency currently can’t do. “Once the rule is in place, a company is essentially on notice of its obligations and what rights it has to respect on the part of consumers and what it has to do to protect the security of data and ensure that its data practices are not discriminatory,” said John Davisson, a senior counsel with the digital privacy rights group Electronic Privacy Information Center. “If it then violates those restrictions, it can be fined per violation by the FTC, without having to go through the consent order process.” That could mean up to $43,000 fines per violation. Davisson called the development “very significant” but cautioned that results might be a long way off. If the FTC does decide to move forward with the rulemaking, the agency will have to first go through several rounds of public deliberations, will need to invite comment from the public and circulate several drafts. All that could take a year or more.