Cyberlaw Predictions: Crucial Time at the Federal Trade Commission

This post is the fourth in a series of predictions from legal and business experts about the directions cyberlaw policy might take in 2013, solicited by editors of BNA's Electronic Commerce & Law Report during the closing weeks of 2012. We asked that the remarks be brief -- something along the lines of a Twitter "tweet" or an elevator pitch. Over 100 attorneys, law professors, online business executives, policy advocates and other cyberlaw experts responded, producing 307 separate assessments, predictions, or just plain complaints regarding any of the many legal subject areas that affect online businesses.

Within the online advertising community, all eyes are on the Federal Trade Commission. Gridlock in Congress on privacy policy, a big case in Arizona testing the agency's authority to create de facto national data security standards via Section 5 enforcement actions, and changes in key FTC leadership positions all suggest a busy 2013 for privacy at the agency. The agency is also investigating Google on a number of competition issues relating to its search business, a process that Bloomberg News is reporting could be winding up today..

ftc seal

The experts' views:

The "changing of the guard" at the FTC, with at least one new commissioner and a likely new chair, as well as a new director of consumer protection, necessarily will mean a different approach to enforcement of Section 5 in the area of privacy and data security. Given the slow pace of the multistakeholder process and that broad privacy legislation is unlikely, the FTC's enforcement agenda will remain an important component of the country's privacy framework. Christopher Wolf, Partner, Hogan Lovells, Washington, D.C.

New FTC leadership will take over in 2013 (Chairman and Director of Bureau of Consumer Protection). The trend will likely be to even greater enforcement in the privacy and data security areas and more policy papers issued by the Commission establishing "best practices" for companies, including big data, comprehensive data collection, and disclosures on mobile devices. D. Reed Freeman Jr., Partner, Morrison & Foerster LLP, Washington, D.C.

FTC's recent actions against window marketers for making "up to" savings claims not supported by savings experienced by a majority of users portends a dramatic change in making such claims. The actions have the potential of eliminating the well-established standard that a marketer should substantiate a savings claim by having at 10% of the consuming population experience the "up to" result. Will the decisions be limited to big ticket items or do they signal future restrictions on "up to" claims? Andrew Lustigman, @advlaw, Partner, Olshan Frome Wolosky LLP, New York, N.Y.

New FTC COPPA Rule will almost certainly expand the Rule's coverage. Watch for vigorous FTC enforcement and potential challenges if the Rule exceeds the statute's grant of authority to the FTC. D. Reed Freeman Jr., Partner, Morrison & Foerster LLP, Washington, D.C. [Note: Subsequent to this submission, the FTC released its new COPPA rules, including provisions that one dissenting commissioner argued are in excess of the FTC's grant of authority from Congress.]

With the FTC in transition and a gridlocked Congress, look for California to re-emerge as the principal driver of privacy and data security regulation in the United States. Stephen P. Satterfield, Associate, Covington & Burling LLP, Washington, D.C.

A very notable development in 2012 was the increase in enforcement in consumer privacy and healthcare privacy, especially by the FTC and HHS. This will push privacy up the priority list at many organizations. Daniel J. Solove, @DanielSolove, John Marshall Harlan Research Professor of Law, George Washington University Law School, Washington, D.C., and Founder, Teach Privacy consulting and training firm.

The FTC's unfairness authority will face a crucial test in the FTC's data security case against Wyndham. Watch for any curtailment of authority, which the FTC will appeal, or the FTC's more aggressive use of unfairness if the court upholds the Commission's use of it in this case. D. Reed Freeman Jr., Partner, Morrison & Foerster LLP, Washington, D.C.

FTC antitrust activity on the high-tech front will continue to expand and start attracting a great deal more congressional scrutiny. Adam Thierer, @adamthierer, Senior Research Fellow, Mercatus Center at George Mason University, Fairfax, Va.

Increased challenges to authority and boundaries of FTC authority to create privacy regulatory regime under Section 5 of FTC Act. Holly K. Towle, Partner, K&L Gates LLP, Seattle.

The 2008 "red flags rule," directed at identity theft prevention, was revised in November 2012. In February 2013, the FTC is scheduled to finally begin enforcing the rule, as revised. Businesses that take the red flags rule to heart, whether or not they're covered entities, may realize a decrease in liabilities for data breaches and identity theft (and find it far less expensive than responding to an FTC inquiry). Alan S. Wernick, Founder & Director, ITIP Institute, Chicago.


Follow @tjotoole on Twitter Follow me on Twitter at @tjotoole.