Antitrust and Consumer Protection
Competition: 2016, Vol 25, No. 2
Content
- Biometric Privacy Litigation: Is Unique Personally Identifying Information Obtained From a Photograph Biometric Information?
- California Online Privacy Laws: the Battle For Personal Data
- Chair's Column
- "Clear and Conspicuous" Disclosures Between Celebrity Endorsers and Advertisers On Social Media Websites
- Comments On Proposed Update On Intellectual Property Licensing Guidelines
- Dispatches From the West Coast: Federalism, Competition, and Comments On the United States' Proposed Update To the Antitrust Guidelines For Licensing Intellectual Property
- Editor's Column
- Exceptions To the Rule: Considering the Impact of Non-practicing Entities and Cooperative Regulatory Processes In the Update To the Antitrust Guidelines For the Licensing of Intellectual Property
- Home Run or Strikeout? the Unsettled Relationship Between the Sports Broadcasting Act and Cable Programming
- Masthead
- Never Say Never: the Ninth Circuit's Misguided Categorical Approach To Individual Damages Questions When Assessing Rule 23(B)(3) Predominance
- The Rapidly Changing Landscape of Private Global Antitrust Litigation: Increasingly Serious Implications For U.S. Practitioners
- Ftc Privacy and Data Security Enforcement and Guidance Under Section 5
FTC PRIVACY AND DATA SECURITY ENFORCEMENT AND GUIDANCE UNDER SECTION 5
By Alexander E. Reicher and Yan Fang1
I. INTRODUCTION
Section 5 of the FTC Act does not itself mention privacy or data security, yet it is the legal basis for well over a hundred Federal Trade Commission privacy and data security enforcement actions. The Commission has used the broad language of Section 5—which prohibits "unfair or deceptive acts or practices," among other things—to hold individuals and companies accountable for everything from broken privacy and data security promises to "unfair" collection of personal information. To better understand the contours of the FTC’s privacy and data security enforcement under Section 5, this article examines the agency’s litigated cases, public settlements, and guidance materials. This article’s modest purpose is to serve as an introduction to some of those materials. It proceeds in four sections. The balance of Section I provides an overview of FTC privacy and data security enforcement and guidance. Section II addresses FTC privacy enforcement and guidance under Section 5, including the agency’s early privacy actions and those involving social networks, internet tracking, browser toolbars, cookies and behavioral advertising, mobile devices, data brokers, and the misappropriation of consumer data. Section III discusses FTC data security enforcement and guidance under Section 5, including the agency’s recent data security litigation and enforcement actions that help define "reasonable" data security. The article concludes in Section IV.