On August 11, 2022, the Federal Trade Commission (FTC) announced proposed rulemaking pertaining to “commercial surveillance and lax data security.” However, the overall focus of the potential rulemaking is consumer privacy and data security. The FTC states in its notice that its “extensive enforcement and policy work over the last couple of decades on consumer data privacy and security have raised important questions about the prevalence of harmful commercial surveillance and lax data security practices” and that this experience has suggested enforcement alone without rulemaking is not sufficient.
The agency defines “commercial surveillance” as the business of collecting, analyzing, and profiting from information about people.”
FTC Chair Lina M. Khan stated in the commission’s press release, “[o]ur goal today is to begin building a robust public record to inform whether the FTC should issue rules to address commercial surveillance and data security practices and what those rules should potentially look like.”
In a fact sheet released in conjunction with the notice of proposed rulemaking, the FTC identified issues in the “commercial surveillance industry” including the collection of consumer information, data security, harm to children, bias and discrimination, and dark patterns. Similar practices and concerns were recently addressed in both technical guidance issued by the Equal Employment Opportunity Commission (EEOC) and Department of Justice (DOJ), as well as pending federal legislation, the American Data Privacy and Protection Act (ADPPA).
During the press conference regarding the proposed rulemaking, the FTC stated support for the pending ADPPA and that it did not intend to overlap with coverage of that legislation should it pass.
The FTC will be hosting a public forum on commercial surveillance and data security virtually on September 8, 2022, from 2 pm until 7:30 p.m. The FTC will also be soliciting comments on the proposed rulemaking, though the link to submit comments is not yet available.