Author

Amanda Anderson

4A's VP, Government Relations

Topic

  • Government Relations
  • Privacy Law

As was expected, the Federal Trade Commission (FTC) published an advance notice of proposed rulemaking (ANPRM) on “Commercial Surveillance and Data Security” on August 22, 2022. The FTC first indicated in December 2021 that it intended to initiate this rulemaking to “curb[] lax security practices, limit[] intrusive surveillance, and ensur[e] that algorithmic decision-making does not result in unlawful discrimination”, after a formal request for rulemaking petition was filed by thinktank Accountable Tech.

To initiate its ANPRM, the FTC cited its rulemaking authority under Section 18 of the FTC Act, 15 U.S.C. § 57a, AKA Magnuson-Moss. Magnuson-Moss rulemaking procedures require the FTC to take several steps before promulgating new rules, including issuing reports and recommendations for public comment, holding informal hearings, and providing interested parties with limited rights of cross-examination of witnesses at those hearings.

The ANPRM, which the FTC approved on a 3-2 party-line vote, is the initial step in a process that could result in the adoption of  the first major federal regulation addressing privacy, data security, and algorithmic discrimination across broad sectors of the U.S. economy. 

The ANPRM includes a list of 95 questions (some with subparts) on topics including:

  • Privacy protections for children and teens.
    • Protections for children under 13 that go beyond COPPA’s scope and whether COPPA’s mechanisms are adequate.
    • How services that are not directed to children or teens should address child and teen privacy, including what protections they should be required to provide for these groups, and whether they should be required to take steps to determine the age of their users
    • Potential limits on the use of targeted advertising to teens and children
  • Restrictions on targeted behavioral advertising.
    • Whether opt-outs from personalized advertising should be available to all consumers
    • Determining whether companies in certain sectors such as finance, healthcare, search, or social media should be limited from owning or operating a business that engages in targeted advertising.
    • Assessing whether contextual advertising is as effective as personalized advertising and should be used in its place
  • Significant restrictions on data processing.
    • Evaluating the notice and choice paradigm and whether certain types of data collection and processing should be disallowed
    • Assessing the efficacy of consent-based data processing and asking about blanket restrictions to certain practices, irrespective of consumer consent
    • Determining what should be included in required privacy disclosures, and what standards for consumer comprehension should apply
  • Data Security
    • Understanding the implications of mandating specific measures such as encryption, breach notification, data minimization, and retention
    • Codifying a prohibition on deceptive statements about security so that penalties can be obtained for first-time violations
    • Applying the data security requirements of COPPA and/or the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule to much wider sectors of industry
    • Requiring certification by businesses that their practices meet certain standards.
  • Biometric Information.
    • A question that hints the agency is considering developing a rule that imposes substantive limits on the use of facial recognition, fingerprinting, and other biometric technologies.
  • Algorithms and algorithmic discrimination.
    • Determining whether regulations should focus on harms to protected classes or consider harms to other underserved groups (e.g., unhoused people or rural communities) or should analyze proxies for protected classes
    • Pondering whether it should consider rules regarding algorithmic discrimination only in established areas like housing, employment, and consumer finance or go beyond them. 
    • Discerning the prevalence of algorithmic discrimination and how the agency should evaluate, measure, and regulate such discrimination.
    • Assessing if other federal laws (the First Amendment, Section 230 of the Communications Act, 47 U.S.C. § 230, and other civil rights laws) should affect the scope of any FTC rule in these areas.

For more information about the ANPRM, please read this fact sheet released by the FTC. 

Written comments must be submitted on or before Friday, October 21, 2022 via regulations.gov. Citing the expected economy-wide impact of this rule, the FTC extended the rulemaking comment period to November 21, 2022. The FTC will accepted comments on the ANPRM during a public forum scheduled for September 8, 2022.

Related Posts

View All Posts
A bald man in a gray blazer writes notes during a conference. He is surrounded by people seated at tables. The atmosphere is focused and professional.

03/05/2025

White House Seeks Public Comment on U.S. AI Strategy

Learn More
A woman in a blue sweater speaks into a microphone during a meeting or conference. She is seated at a table with a cup of coffee and a smartphone in front of her. Other attendees are seated nearby, listening attentively.

03/05/2025

Oklahoma Bill Introduced to Broadly Ban DTC Pharmaceutical Advertising

Learn More

02/03/2025

U.S. Copyright Office Publishes Part 2 of AI Report, Offering Clarity on Copyright for Generative AI Outputs

Learn More
View All Posts