On August 22, 2022, the Federal Trade Commission (“FTC”) published an advance notice of proposed rulemaking (“ANPR”) that requests “public comment on the prevalence of commercial surveillance and data security practices that harm consumers. Specifically, the Commission invites comment on whether it should implement new trade regulation rules or other regulatory alternatives concerning the ways in which companies collect, aggregate, protect, use, analyze, and retain consumer data, as well as transfer, share, sell, or otherwise monetize that data in ways that are unfair or deceptive.” The ANPR contains 95 questions for consideration and comment.
FTC Chair Lina M. Khan said of the ANPR, “[t]he growing digitization of our economy—coupled with business models that can incentivize endless hoovering up of sensitive user data and a vast expansion of how this data is used—means that potentially unlawful practices may be prevalent. Our goal today is to begin building a robust public record to inform whether the FTC should issue rules to address commercial surveillance and data security practices and what those rules should potentially look like.”
The FTC held a virtual public forum on September 8, 2022 that included both panel discussions and an opportunity for the public to provide comments. Comments on the proposed rulemaking are due on or before October 21, 2022. Comments may be submitted online or by paper by following the instructions listed in the Federal Register notice.
Also of note is that the new privacy rulemaking utilizes a procedure historically less utilized by the FTC. The ANPR was issued under Section 18 of the Federal Trade Commission Act, a process often referred to as “Magnusson-Moss” rulemaking. The Magnusson-Moss process allows the agency to issue rules even where not specifically enumerated under a statute. This process typically requires a considerably longer rulemaking process, often several years. In July of 2021, the FTC, by a 3-2 vote of the Commission, approved changes to the Magnusson-Moss process designed to “streamline” rulemaking. In 2022, the FTC has initiated several consumer protection rulemakings utilizing the new procedure.
Jim Shreve is the chair of Thompson Coburn's Cybersecurity group and has advised clients on cybersecurity and privacy issues for over 20 years. Luke Sosnicki is a Los Angeles partner in Thompson Coburn’s Business Litigation group who has written and spoken extensively about data privacy litigation and regulatory risks. Libby Casale and Christopher Collum are associates in Thompson Coburn’s Business Litigation group.