To kick off the final day of the National Advertising Division’s (NAD) 2021 virtual conference last week, FTC Commissioner Rebecca Slaughter gave a keynote address laying out her views on consumer privacy and the digital data economy writ large. Specifically, Commissioner Slaughter sought to bust five myths about privacy and data collection, and offered her perspective on where we ought to go in light of renewed congressional and regulatory scrutiny of data collection practices. More generally, Commissioner Slaughter hopes we stop thinking about these issues as “privacy” issues and instead start thinking about them in the context of “data abuses.” Here’s a summary of what the Commissioner had to say.
Myth #1: “Privacy” is the only concern for consumers in digital markets.
This first myth goes to the core of Commissioner Slaughter’s remarks: by thinking about these issues as ones of consumer privacy alone, rather than as data abuses, regulators and legislators may be excluding from their gaze other critical issues that exist in digital markets. Some examples the Commissioner offered include harms to civil rights and equal opportunity, the vast spread of misinformation, and increasing labor exploitation. Commissioner Slaughter acknowledged that although these issues “all stem from the same indiscriminate data collection,” these are broader than simply “privacy” issues and are worth investigating as prohibited unfair practices. Broadly speaking, the Commissioner would prefer to target problematic business practices rather than focus more narrowly on consumer knowledge and consent to companies’ data practices.
Myth #2: We can solve for data abuses by providing consumers with more transparency (notice) and control (choice).
So long as companies put consumers on notice of the companies’ data collection practices and give consumers a choice to opt out, no harm, no foul, right? Not so, said Commissioner Slaughter. To start, consumer “notice” typically comes in the form of click-through agreements that are so long, hardly anyone reads them (let alone understands them). As for consumer “choice,” the Commissioner opined that it is “illusory at best.” This is because consumers are really left with a binary choice of agreeing to terms and accessing the service, on the one hand, or rejecting the terms and being denied access, on the other—there is very seldom a middle ground. In addition, Commissioner Slaughter noted that many websites utilize dark patterns designed to manipulate site visitors into opting in, furthering her argument that choice is illusory. As the Commissioner sees it, putting the burden of data protection on consumers is fundamentally unfair when it is the companies—not the consumers—that have the overwhelming majority of control over the data they collect. This imbalance of control would not be so bad, Commissioner Slaughter posited, if the data collection practices many companies currently employ were not so broad relative to the services being provided. This segues directly into the next myth Commissioner Slaughter sought to bust.
Myth #3: Policy options are limited to opt-in or opt-out regimes.
Pushing back against the unfair, overbroad data collection practices companies currently utilize, Commissioner Slaughter opined that the industry would be better served with bright-line purpose and use restrictions that minimize what data can be collected and how companies can use it. In other words, instead of accepting the current framework of notice and consent with opt-in and opt-out choices, Commissioner Slaughter believes data minimization is the better policy framework going forward. This is because, in her view, purpose and use limitations provide better industry oversight and minimize abuse. Specifically, by linking data collection, retention and sharing to a particular purpose, the Commissioner believes companies will have far less ability to exacerbate economic inequality or marginalize workers. In addition, setting bright-line rules around what types of data can be collected and how companies can use it would provide consumers with more meaningful notice and ability to consent.
Myth #4: Surveillance advertising is necessary to support free services.
Commissioner Slaughter distinguished between traditional ad-supported models, such as television and radio, and “the current surveillance model,” as such: “[T]he new model trades consumer data for a service, not just their attention. And those data are, in turn, used to fuel broader surveillance systems.” So, what’s the solution? The Commissioner would prefer the model shift from behavioral microtargeting to contextual targeting, whether through general categories or specific content. For example, an advertiser selling pots and pans could target websites that fall under a general “food” category or could specifically target websites that provide recipes. This approach comes with another perk, in the Commissioner’s opinion—by removing behavioral microtargeting from the picture, all advertising is put on a level contextual playing field, thereby improving competition.
Myth #5: The FTC is toothless absent new federal legislation.
Commissioner Slaughter concluded her remarks by reminding attendees that even in the absence of federal data privacy legislation, the FTC has tools to address data abuses. The tool most likely to affect business practices, in the Commissioner’s opinion, would be the FTC’s rulemaking authority under Section 18 of the FTC Act, which allows the FTC to address prevalent unfair or deceptive conduct. Rulemaking in this area can serve several purposes. First, it would allow the FTC to build an evidentiary record comprising input from consumers and businesses alike. This record would help guide the FTC in writing the rules of the road with respect to corporate data collection practices. Second, when a rule is implemented, the FTC can then enforce rule violations with civil penalties. Another tool at the FTC’s disposal is to tailor remedies in consent orders that get to the root causes of data abuse, such as by pursuing data minimization terms that limit data collection and have certain deletion requirements.
The day before Commissioner Slaughter’s remarks, her colleague Commissioner Rohit Chopra was confirmed by the Senate to lead the CFPB. The president has already indicated he intends to nominate privacy advocate Alvaro Bedoya to fill Commissioner Chopra’s seat. The addition of Bedoya to the FTC will likely only add more momentum to the changes advocated by Commissioner Slaughter.