By: Tim Sparapani
It’s late in the college basketball season and just as the best teams have to improve their defense in order to win a championship, it may be time for our privacy regulators to try increasing their defensive intensity in order to deter and prevent additional consumer privacy violations. Just like in basketball, sometimes it takes switching up your tactics and your defense to take your team’s game up to a new level.
The challenges for policing misuse of consumers’ data are getting harder, not easier for regulators on the privacy beat. Those regulators – chiefly the Federal Trade Commission and the state Attorneys General – have performed admirably during an age when accidental or clumsy data breaches are now daily events, and cyber attacks – many successful – are now the norm, not the exception. The FTC like a 7 foot-tall center is well-practiced at swatting away the easy, slam dunk cases where companies deceive consumers about their privacy practices ranging from neglect, to poor cross-company coordination, to outright lies. Yet, as a longtime privacy and consumer advocate I’m eager to see more done. I want to shout “De-Fense!” – or, maybe “Un-Fair-Ness!” and exhort the FTC to do more for consumers and in a new way.
Let’s be honest, however, the FTC has resource constraints; it simply cannot police every violation of consumer trust or misuse of consumers’ data by a corporation. Nor is privacy defense the only role assigned to the FTC. The FTC is statutorily required to enforce dozens of consumer protection statutes, and its work on consumer data privacy, while it has lead to groundbreaking and important results, is limited by a lack of staff and intricacies of sophisticated new scams. The FTC’s data privacy work is also limited by the fast-moving pace of technologies. New systems are brought to the public and then obviated by subsequent iterations often within months, not years.