Brill's Departure Won't Undercut FTC Privacy Stance

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Donald Aplin

March 30 — Commissioner Julie Brill's imminent departure from the Federal Trade Commission isn't the sign of the privacy apocalypse that some would have us believe.

Analysts agree that Brill has been a strong consumer privacy champion and international advocate on behalf of U.S. privacy during her six years on the commission but they also agree that the FTC is unlikely to make any radical changes in privacy and data security enforcement and that others will likely quickly take up the role of chief privacy educator and advocate.

As of April 1, Brill will be joining Hogan Lovells LLP as a partner and co-leader of the firm's privacy and cybersecurity practice in Washington .

“Commissioners take a particular interest that becomes their pet project. Not everybody can be the privacy leader” like Brill was at the FTC, Phyllis H. Marcus, who left the FTC in October 2015 to become of counsel for the global competition group at Hunton & Williams LLP in Washington , told Bloomberg BNA.

(Click image to enlarge.)

Julie Brill

Brill's legacy is having been the one who assumed the mantle as privacy leader during her time on the commission, said Marcus, who formerly served in the FTC's Division of Advertising Practices, was in charge of the children's online privacy program and helped revamp the Children's Online Privacy Protection Act Rule.

Chris Jay Hoofnagle a technology, privacy and law professor of the University of California, Berkeley, said that “Commissioner Terrell McSweeney is signaling an interest in privacy, and I think she will emerge as the next privacy commissioner.”

Carla A.R. Hine, antitrust partner at McDermott Will & Emery, in Washington, told Bloomberg BNA that she “would not expect the current enforcement priorities or dynamic to change as a result of Brill’s departure.” The commission will function despite being at less than full strength—as it has in the past when it operated with less than its full five members—and it retains its chairwoman and professional staff, she noted.

“Commissioners take a particular interest that becomes their pet project. Not everybody can be the privacy leader” like Julie Brill was at the FTC.

Phyllis H. Marcus, Counsel,Hunton & Williams LLP, Washington
Less Than Full Strength Commission

Brill, a Democrat, was appointed by President Barack Obama in 2009 and took office in 2010. After her departure, the FTC will have three commissioners: FTC Chairman Edith Ramirez and McSweeny, both Democrats, and Maureen Ohlhausen, a Republican. One Republican seat has been vacant since August 2015, when Joshua Wright stepped down .

The less than full strength commission will be able to function just fine, Hine said. “Despite the fact there are two vacancies at present, I would not expect replacements to be named any time soon—and likely not before President Obama leaves office,” she said.

“The Chairwoman maintains the majority, and a quorum can still be achieved under the FTC’s rules to keep matters moving along,” Hine said.

Marcus agreed that there is no rush to fill the empty slots as “the FTC can function with less than full compliment of commissioners.”

Hoofnagle, author of Federal Trade Commission Privacy Law and Policy, noted that the commission is now made up exclusively of lawyers and that privacy isn't the only thing to look for in new commissioners to replace Brill and Wright.

“We need to have someone with serious business experience, but who also recognizes the role of the FTC as legitimate. We also need a Commissioner who will look closely at the FTC’s Bureau of Economics and bring it into the information age,” Hoofnagle told Bloomberg BNA.

Brill's Long History of Privacy Advocacy

During her time at the commission, Brill was particularly active on consumer privacy issues, including:

  • leading the charge on prioritizing enforcement of data security standards for firms that handle consumer credit information ;
  • championing privacy by design ;
  • investigating mobile applications privacy
  • reining in data brokers ; and
  • cautioning about privacy dangers in the uncontrolled use of big data analytics .
  •  

    Brill was “instrumental in the FTC's involvement” for big data and data broker issues, “but now won't be there to see through the initiatives to fruition,” Marcus noted. Yet the path has been set on those issues and it is unlikely that the focus on them as important issues will change, she said.

    Hoofnagle noted that part of what made Brill effective and respected was her role as a law enforcement official.

    Prior to joining the FTC, Brill was the senior deputy attorney general and chief of consumer protection and antitrust for the North Carolina Department of Justice. Before that, she served as an assistant attorney general for consumer protection and antitrust for the state of Vermont for over 20 years where she focused, among other things, on credit reporting and financial privacy issues and state data breach notice, Social Security number protection .

    Leading Role in EU Relations

    Brill has played a central role for the FTC on the international stage, in particular with Europe.

    Brill worked hard to assure countries that the U.S. has good privacy grounding, Marcus said. “Commissioner Brill was very present” at international conferences and meetings with her European Union counterparts, she said.

    Brill spoke often of the privacy common ground between the U.S. and EU .

    She attested to the viability of the U.S.-EU Safe Harbor data transfer program and the FTC's role as a compliance overseer and enforcer of the program's privacy principles .

    When the Safe Harbor was called into question after the Edward Snowden revelations, Brill participated in the effort to seek ways to reform and strengthen the Safe Harbor to satisfy EU concerns that data transferred to the U.S. might be more susceptible to U.S. government surveillance .

    After the Safe Harbor was invalidated by the European Court of Justice in 2015 , Brill was actively involved in the talks that led to the replacement data transfer pact, the EU-U.S. Privacy Shield .

    She, however, didn't hesitate to point out that there remains continuing uncertainty about the Privacy Shield .

    Marcus said the implementation of the Privacy Shield—which still awaits final approval in the EU—as a big continuing issue for the commission.

    ‘Key Role' in Data Security Enforcement

    Brill also played a “key role” in the FTC's continuing data security enforcement efforts, Marcus said.

    But Brill often pointed out that the FTC isn't seeking data security perfection from companies .

    In the significant LabMD data security enforcement case—which presents important questions about the FTC's authority to set data security standards and the alleged lack of clarity on what those standards are—Brill recused herself from the administrative proceedings .

    Marcus noted that Brill's recusal from the LabMD case means that her departure from the commission won't affect that deliberation.

    The bottom line for the FTC is that Brill will be a hard, but not impossible, act to follow, the analysts agreed.

    To contact the reporter on this story: Donald G. Aplin in Washington at daplin@bna.com

    To contact the editor responsible for this story: Jimmy H. Koo at jkoo@bna.com