1) ANPR -- Comment period extended until November 21, 2022. Oct 14 --
https://www.ftc.gov/news-events/news/press-releases/2022/10/ftc-extends-comment-deadline-commercial-surveillance-lax-data-security-practices-initiative Oct 20 --
https://www.federalregister.gov/d/2022-22813
Aug 22 -- The Federal Trade Commission (“FTC”) is publishing this advance notice of proposed rulemaking (“ANPR”) to request public comment on the prevalence of commercial surveillance and data security practices that harm consumers. Specifically, the Commission invites comment on whether it should implement new trade regulation rules or other regulatory alternatives concerning the ways in which companies collect, aggregate, protect, use, analyze, and retain consumer data, as well as transfer, share, sell, or otherwise monetize that data in ways that are unfair or deceptive.
Comments must be received on or before October 21, 2022. The Public Forum will be held virtually on Thursday, September 8, 2022, from 2 p.m. until 7:30 p.m. Members of the public are invited to attend at the website
https://www.ftc.gov/news-events/events/2022/09/commercial-surveillance-data-security-anpr-public-forum. . . .
The Commission is issuing this ANPR pursuant to Section 18 of the Federal Trade Commission Act (“FTC Act”) and the Commission's Rules of Practice because recent Commission actions, news reporting, and public research suggest that harmful commercial surveillance and lax data security practices may be prevalent and increasingly unavoidable. These developments suggest that trade regulation rules reflecting these current realities may be needed to ensure Americans are protected from unfair or deceptive acts or practices. New rules could also foster a greater sense of predictability for companies and consumers and minimize the uncertainty that case-by-case enforcement may engender.
Countries around the world and states across the nation have been alert to these concerns. Many accordingly have enacted laws and regulations that impose restrictions on companies' collection, use, analysis, retention, transfer, sharing, and sale or other monetization of consumer data. In recognition of the complexity and opacity of commercial surveillance practices today, such laws have reduced the emphasis on providing notice and obtaining consent and have instead stressed additional privacy “defaults” as well as increased accountability for businesses and restrictions on certain practices. . . .
Through this ANPR, the Commission is beginning to consider the potential need for rules and requirements regarding commercial surveillance and lax data security practices. . . . Through this ANPR, the Commission aims to generate a public record about prevalent commercial surveillance practices or lax data security practices that are unfair or deceptive, as well as about efficient, effective, and adaptive regulatory responses. These comments will help to sharpen the Commission's enforcement work and may inform reform by Congress or other policymakers, even if the Commission does not ultimately promulgate new trade regulation rules.
The term “data security” in this ANPR refers to breach risk mitigation, data management and retention, data minimization, and breach notification and disclosure practices.
For the purposes of this ANPR, “commercial surveillance” refers to the collection, aggregation, analysis, retention, transfer, or monetization of consumer data and the direct derivatives of that information. These data include both information that consumers actively provide—say, when they affirmatively register for a service or make a purchase—as well as personal identifiers and other information that companies collect, for example, when a consumer casually browses the web or opens an app. This latter category is far broader than the first.
The term “consumer” as used in this ANPR includes businesses and workers, not just individuals who buy or exchange data for retail goods and services. This approach is consistent with the Commission's longstanding practice of bringing enforcement actions against firms that harm companies as well as workers of all kinds. The FTC has frequently used Section 5 of the FTC Act to protect small businesses or individuals in contexts involving their employment or independent contractor status.
FRN:
https://www.federalregister.gov/d/2022-17752
FTC Factsheet on Commercial Surveillance and Data Security:
https://www.ftc.gov/system/files/ftc_gov/pdf/Commercial%20Surveillance%20and%20Data%20Security%20Rulemaking%20Fact%20Sheet_1.pdf
2) Commercial Surveillance and Data Security Public Forum -- Thursday, September 8, 2022 | 2:00PM - 7:30PM
The Commission is hosting a public forum regarding its Advanced Notice of Proposed Rulemaking (ANPR) on commercial surveillance and data security practices that harm consumers and competition. The public forum will include panel discussions and the public is invited to provide remarks. This is a virtual event.
During the last portion of the public forum, members of the public are invited to share feedback on the FTC’s Commercial Surveillance and Data Security Advanced Notice of Proposed Rulemaking. Members of the public must sign up on a first come, first serve basis for an opportunity to speak at the September 8 event, and the total number of speakers will be limited to ensure the event concludes on time.
Each commenter will be given two minutes to share their comments. Speaker registration will be available through Wednesday, August 31, 2022 at 8 pm ET.
This event will be recorded and submitted to the ANPR record. The Commission retains discretion to make public remarks available following the event on ftc.gov.
Forum:
https://www.ftc.gov/news-events/events/2022/09/commercial-surveillance-data-security-anpr-public-forum
News release:
https://www.ftc.gov/news-events/news/press-releases/2022/08/ftc-releases-final-agenda-public-forum-commercial-surveillance-lax-data-security-practices
3) Aug 11 news release
https://www.ftc.gov/news-events/news/press-releases/2022/08/ftc-explores-rules-cracking-down-commercial-surveillance-lax-data-security-practices
4) Media
Protocol:
-- The FTC has kicked off its massive push to regulate the data economy: It's not just about Big Tech: Lina Khan is asking about surveillance and security from ads to health care.
https://www.protocol.com/bulletins/ftc-massive-data-regulation
-- One big reason the FTC wants to do rule-making
https://www.protocol.com/newsletters/policy/ftc-regulations-penalties
WSJ, FTC Launches Effort to Expand Online Privacy Protections: Federal Trade Commission agrees in 3-2 vote to target online surveillance; dissenters say it is a job for Congress instead
https://www.wsj.com/articles/ftc-launches-effort-to-expand-online-privacy-protections-11660232848?st=5fgvejx2rzzj2qg&reflink=desktopwebshare_permalink
AP, FTC looking at rules to corral tech firms’ data collection
https://apnews.com/article/technology-data-privacy-federal-trade-commission-congress-7da655c7793d5fe26493a0fa8f10e297