At the International Association of Privacy Professionals Global Privacy Summit earlier this week, FTC Chair Lina Khan rounded out her first year on the job by calling out “overwhelming” consumer privacy policies. While nearly every company online must post a privacy policy, many of these policies are written in dense legal jargon that the average consumer either can’t understand or read all the way through.
Privacy policies are a key piece of the FTC’s authority over privacy issues. Section 5 of the FTC Act enables the Commission to regulate “’unfair or deceptive acts or practices in or affecting commerce,” which the FTC has used to hold companies to the terms of their privacy policies.
However, many privacy policy violations may go unreported by consumers who are unable to understand their terms.
Khan’s admonition follows a trend started by former California Attorney General Kamala Harris, whose office sued Delta Airlines under the California Online Privacy Protection Act for failing to provide a privacy policy on their “Fly Delta” mobile app. Following this suit, the California AG’s office released a practical guidance document recommending “clear, accurate, and conspicuously accessible” privacy policies and “special notices” that give users just-in-time and understandable privacy disclosures.
In the same keynote address, Khan also called on Congress to pass legislation to “help usher in” a new era of federal and industry privacy regulations. Taken together with the FTC’s previous guidance on “dark patterns,” it seems clear that the FTC is positioning itself to begin regulating the form and content of privacy policies in addition to enforcing their terms.
This post was authored by Blair Robinson, legal intern at Robinson+Cole. Blair is not yet admitted to practice law.