The federal government’s primary consumer protection agency – the Federal Trade Commission – doesn’t think too hard about policing online privacy violations, according to a report by the General Accounting Office. Generally, the FTC can act when a company engages in unfair or deceptive business practices. Figuring out what’s fair and what’s not in cyberspace is a complete puzzle, and impenetrable terms of service and other digital fine print typically give companies a get out of jail free card to companies, the report notes…
The report notes that both California and the European Union have online consumer privacy laws in place, but there’s no federal equivalent in the U.S. It concludes with a recommendation to congress that it “should consider developing comprehensive legislation on Internet privacy”, including identifying which agency is responsible for what and, somehow, balancing “consumers’ need for Internet privacy with industry’s ability to provide services and innovate”.
There’s also an interesting list of FTC privacy enforcement actions at the end of the report. It summarises 101 cases over ten years, between 2008 and 2018. Most ended with no penalties or other meaningful result at all, although a rumored multibillion dollar smack at Facebook would, if true, change that calculus. A few resulted in million dollar-plus penalties but the remainder ended with relative slaps on the wrist. It’s a clear illustration of why the FTC needs better direction and motivation if it’s to be the “nation’s premier consumer protection cop”.