Trump Must Fill FTC Commissioner Slots: Public Policy Analysts

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

President Donald Trump should fill the three vacant seats on the Federal Trade Commission so the agency can better fulfill its role as the primary U.S. privacy regulator, public policy analysts tell Bloomberg BNA.

The commission, which has consumer data security and privacy regulatory authority over Alphabet Inc.'s Google and other online and technology companies, can’t make decisions unless its two sitting members, Republican Maureen K. Ohlhausen and Democrat Terrell McSweeny, agree.

At full strength, the FTC has five Senate-confirmed members appointed to seven-year terms, with no more than three members from the same political party. Trump selected Ohlhausen to be the commission’s acting chairman but hasn’t made any nominations to fill the three vacancies.

Trump could immediately nominate three commissioners and a fourth after McSweeny’s term expires in September. In May, Senate Minority Leader Charles E. Schumer (D-N.Y.) recommended Rohit Chopra, a consumer advocate, for the vacant Democratic seat. The White House said it had no comment.

“There is a lot of work at the Commission level and both consumers and businesses will suffer if the body lacks a full complement of leaders,” Chris Jay Hoofnagle, a technology, privacy and law professor at the University of California, Berkeley, told Bloomberg BNA.

In a recent letter to Trump, Cause of Action Institute, a Washington nonprofit organization that advocates for limited government regulation and has been pitted against the FTC in court, urged the president to “move quickly to appoint one or more Commissioners to fill current vacancies.” Ohlhausen can’t take a lighter approach to regulation and enforcement without additional support on the commission, it said.

Nicol Turner-Lee, a fellow at the Brookings Institution’s Center for Technology Innovation, told Bloomberg BNA that Ohlhausen and McSweeny “would benefit from the additional appointments to allow for more robust debate and decision making” on existing and emerging issues. Given technology’s impact on “every aspect of consumers’ lives, we need the FTC equipped with sufficient bandwidth to review and decide upon the critical concerns affecting the marketplace—some of them now known and others still unforeseen,” Turner-Lee said.

Turner-Lee agreed with Cause of Action that Ohlhausen is “the best choice to lead the FTC into its next chapter,” but noted that “it’s difficult for the agency to function with such a small quorum.”The FTC declined a Bloomberg BNA request for comment.

Even with a full complement of commissioners, companies under the FTC’s jurisdiction—from internet giants Amazon.com Inc. and Facebook Inc. to smaller businesses such as now-defunct medical testing laboratory LabMD Inc.—have struggled with what level of data security they must provide to convince the nation’s main data security and privacy enforcement agency that their efforts to protect personal data are reasonable. In the absence of direct data security statutory or regulatory authority, the FTC has relied on the FTC Act’s Section 5, a catch-all prohibition against unfair and deceptive trade practices, to carry out data security compliance actions.

As a Republican, Ohlhausen will be part of the majority of a full FTC, which will set the tone for the commission’s approach to enforcement, including in data security cases. Ohlahusen has previously indicated that the FTC will continue its enforcement activity, but with an increased demand that action be prompted by actual harm to consumers, instead of the current standard of “likely to cause substantial injury.”

‘Chimerical Harm’

Cause of Action Institute’s letter urged Trump to appoint FTC commissioners that share Ohlhausen’s “commitment to advancing economic liberty and believe that responsible businesses should have the freedom to succeed, unfettered by rogue regulators chasing chimerical harms.”

Cause of Action Institute is representing web device maker D-Link Systems Inc. in an FTC lawsuit, arguing that the commission failed to allege that D-Link’s purported data-security practices caused “an actual identifiable data breach,” or “actual harm to any identifiable person” sufficient to support the FTC’s action. The “FTC’s power grab should be rejected,” Cause of Action Institute said in a D-Link case court filing.

The nonprofit previously represented LabMD in a long-running dispute over the FTC’s authority to enforce data security standards. The LabMD dispute is still ongoing in the U.S. Court of Appeals for the Eleventh Circuit.

One of the focal points in the ongoing LabMD case is the level-of-harm question. During recent oral arguments before the appeals court, the FTC said that it is “entitled to proceed in a case-by-case” manner and that companies have “duty to act reasonably under the circumstances.”

Judge Gerald Bard Tjoflat of the Eleventh Circuit responded that such a standard is “as nebulous as you can get.”

To contact the reporter on this story: Jimmy H. Koo in Washington at jkoo@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

For More Information

The Cause of Action Institute letter is available at http://src.bna.com/qM1.

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security