FTC Moves to Create Rules to Stop Data Surveillance, Lax Cybersecurity

pcmag.com:

The Federal Trade Commission (FTC) is taking the first step in developing new federal privacy laws to protect users from invasive data-collection practices. 

The agency today announced(Opens in a new window) it’s started a rule-making process geared toward cracking down “on harmful commercial surveillance and lax data security” occurring among companies. 

The FTC is specifically asking(Opens in a new window) if it’s time to implement new rules about how companies “collect, aggregate, protect, use, analyze, and retain consumer data.” The other focus concerns when the data is transferred, shared, sold, or monetized in ways that “are unfair or deceptive.”

FTC Chair Lina Khan says that “potentially unlawful practices may be prevalent” across the tech industry, given that all kinds of companies are frequently collecting data about consumers in various ways, often without their knowledge. 

The problem is that the US lacks a federal data privacy law. This has forced the FTC to crack down on offenders on a slower, case-by-case basis, using existing regulations, FTC Commissioner Rebecca Kelly Slaughter said during a press conference. 

“The FTC’s ability to deter unlawful conduct is limited because the agency generally lacks authority to seek financial penalties for initial violations of the FTC Act,” the commission said in a statement. “By contrast, rules that establish clear privacy and data security requirements across the board and provide the Commission the authority to seek financial penalties for first-time violations could incentivize all companies to invest more consistently in compliant practices.”

The goal is to go after the “systemic” causes behind the data surveillance and lax cybersecurity practices by creating