Privacy & Information Security Law Blog

On February 1, 2013, the Federal Trade Commission announced that Chairman Jon Leibowitz will step down from his role on February 15, 2013. Leibowitz, who has been with the Commission since 2004 and was appointed Chairman in 2009, leaves the agency with a much more aggressive privacy agenda than the one he inherited, having helped to shape “groundbreaking work on consumer protection and competition issues.” During what may be his final press conference as Chairman, Leibowitz announced a new staff report on mobile app privacy disclosures and an enforcement action against the operator of a social networking app stemming from allegedly deceptive information collection practices that violated Section 5 of the FTC Act and the Children’s Online Privacy Protection Act.

U.S. Federal Trade Commission Chairman Jon Leibowitz announced on Monday that David C. Vladeck, director of the FTC's Bureau of Consumer Protection, is leaving the Commission on December 31, 2012 to return to the Georgetown University Law Center.

As reported in BNA’s Privacy Law Watch, EU Member States are working on an overarching privacy framework agreement with the United States. The framework agreement, which may be used as a starting point for future negotiations, aims to reduce the amount of time and resources required to prepare new agreements between the European Union and the United States.

On November 2, 2011, following welcome comments by Federal Institute for Access to Information and Data Protection (“IFAI”) Commissioner Jacqueline Peschard, the 33rd International Conference of Data Protection and Privacy Commissioners opened in Mexico City with an examination of the phenomenon of “Big Data” as a definer of a new economic era. In a wide-ranging presentation, Kenneth Neil Cukier of the Economist drew into clear relief the possibilities and problems associated with combining vast stores of data and powerful analytics. He highlighted the growing ability to correlate seemingly unrelated data sets to predict behavior, reveal trends, enhance product performance and safety and derive meaning. In his remarks Cukier noted that, in an era of Big Data, much of the decision-making about data collection and use goes beyond traditional notions of privacy, touching on ethics and free will. Noting that the printing press led to the development of free speech laws, he left open the question of how Big Data may change the legal landscape.

On November 2-3, 2011, Mexico’s Federal Institute for Access to Information and Data Protection (“IFAI”) will host the 33rd International Conference of Data Protection and Privacy Commissioners in Mexico City. Marty Abrams, President of the Centre for Information Policy Leadership at Hunton & Williams LLP, is the chairman of the Conference’s advisory panel and principal advisor to Conference organizers on program content. Hunton & Williams is a proud sponsor of the event which will feature Hunton representatives as speakers or moderators on multiple panels and plenary sessions, including the following:

On December 2, 2010, discussions about privacy continued at a hearing on “Do Not Track Legislation: Is Now the Right Time?” held by the U.S. House of Representatives Committee on Energy and Commerce, Subcommittee on Commerce, Trade and Consumer Protection.  The hearing focused on a variety of consumer privacy issues, including the implications and challenges of a Do Not Track mechanism, the consumer’s desire for more control over the collection and use of their data and tracking practices, and the need to preserve an advertising supported Internet that promotes economic growth through online business.

David Vladeck, Director of the FTC’s Division of Consumer Protection, this morning previewed the long-awaited FTC report that sums up months of discussion regarding the future of privacy regulation in the United States and examines the viability of a Do Not Track mechanism.  Vladeck indicated at the Consumer Watchdog Policy Conference that the existing privacy framework in the U.S. is not keeping pace with new technologies.  In addition, he stated that the pace of industry self-regulation, while constructive, has been too slow.  According to Vladeck, the report will address several major themes, including the following:

The international group of data protection commissioners today admitted the U.S. Federal Trade Commission into membership.

Meeting at the 32nd International Conference of Data Protection and Privacy Commissioners in Jerusalem, the commissioners determined that the FTC had the requisite authority and independence to qualify for membership.

The decision has been a long time coming.  The U.S. has long sought to be recognized as a member of the data protection group.  Last year, the U.S. application was rejected at the international conference in Madrid.

David Vladeck, Director of the Bureau of Consumer Protection of the Federal Trade Commission, today provided a high-level outline of the Commission’s forthcoming report on the future of privacy.

Speaking at the 32nd International Conference of Data Protection and Privacy Commissioners in Jerusalem, Vladeck said the report reflected two broad conclusions.  First, current privacy law places too much burden on consumers to read and understand privacy notices and make privacy choices.  The second conclusion is that there is a pressing need to reexamine the conception of “harm” in U.S. law to move beyond only economic and physical harms.

On October 19, 2010, Federal Trade Commissioner Julie Brill indicated that the FTC’s forthcoming behavioral advertising report will recommend a self-regulatory framework, as opposed to new legislation, to help protect consumers’ privacy.  Mediapost.com reported that Ms. Brill offered suggestions on improving privacy practices with respect to Internet advertising, such as by providing “consistent and simplified notice about online tracking and ad-serving,” and that such notice should focus more on the unexpected or non-obvious uses of data (such as an e-commerce company’s transfer of consumers’ addresses to shipping companies).

David Vladeck, the head of the Bureau of Consumer Protection at the Federal Trade Commission, shared his vision for consumer privacy protection with an audience at the IAPP’s Privacy Academy on September 30, 2010.  Mr. Vladeck began by reminding the audience that the FTC is aggressively enforcing on privacy and data security matters, having brought 29 cases to date.  Where possible, the FTC joins forces with other federal regulators, such as the Department of Health and Human Services, to seek broad relief that the FTC could not otherwise get on its own.  Mr. Vladeck indicated that the FTC also works closely with the states, citing a recent case in which the FTC filed concurrent settlements with 36 state attorneys general.  Mr. Vladeck stated that the FTC plans to continue to bring cases to ensure that companies “reasonably” safeguard information.

Mr. Vladeck noted three key areas for future enforcement.  The FTC will (1) bring more cases involving “pure” privacy, i.e., cases involving practices that attempt to circumvent consumers’ understanding of a company’s information practices and consumer choices; (2) focus enforcement efforts on new technologies (Mr. Vladeck noted that, to assist staff attorneys in bringing these sorts of cases, the FTC has hired technologists to assist and also have created mobile labs to respond to the proliferation of smart phones and mobile apps); and (3) increase international cooperation on privacy issues (Mr. Vladeck cited the FTC’s recently-announced participation in the Global Privacy Enforcement Network).

David Vladeck, Director of the FTC’s Bureau of Consumer Protection, recently sent a letter to creditors of XY Magazine, warning that the creditors’ acquisition of personal information about the debtor’s subscribers and readers in contravention of the debtor’s privacy promises could violate the Federal Trade Commission Act (“FTC Act”).

On March 17, 2010, the Federal Trade Commission convened the last of its three-part series of roundtable discussions entitled “Exploring Privacy.”  In her opening remarks, outgoing Commissioner Pamela Jones Harbour emphasized the critical importance of privacy to consumers, stating that “consumer privacy cannot be run in beta,” and that companies often inappropriately expose consumer data during new product rollout.  David Vladeck, Director of the FTC’s Bureau of Consumer Protection, then set the stage by invoking the “notice is broken” theme that recurred during the first two roundtables on December 7, 2009, and January 28, 2010, and was echoed by participants in the March 17 event.

The Federal Trade Commission’s second “Exploring Privacy” roundtable concluded Thursday, January 28, 2010.  The roundtable did not provide many firm conclusions, but it did help further refine some hard issues facing privacy protection.

Although Thursday’s hearing was intended to be devoted to technology issues, the role of regulation appeared to dominate the discussions.  “Everyone is dying to talk about regulation,” said Jessica Rich, Deputy Director of the Bureau of Consumer Protection, moderating a panel on Technology and Policy.

In a discussion with The New York Times, Federal Trade Commission (“FTC”) Chairman Jon Leibowitz, and chief of the FTC’s Bureau of Consumer Protection, David Vladeck, indicated that Internet publishers and advertisers can expect the FTC to play a more active role in safeguarding consumer privacy.  Chairman Leibowitz highlighted that, in the past, the FTC’s approach to privacy has focused on consumer notice and consent, and whether consumers were harmed.  From the FTC’s perspective, however, the present model is problematic because companies have failed to provide consumers with meaningful notice that would allow them to make effective choices regarding their privacy.  This “advise-and-consent” model is broken, as it “depended on the fiction that people were meaningfully giving consent.”  In reality, few consumers take the time to inform themselves about the notices and choices outlined in privacy policies.