Antitrust and Consumer Protection
Competition: Spring 2016, Vol 25, No. 1
Content
- 2015: a Year of Big Plaintiff Wins In Antitrust and Privacy Cases
- Big Stakes Antitrust Trials: O'Bannonvnational Collegiate Athletic Association
- California Antitrust and Unfair Competition Law Update: Procedural Law
- California Antitrust and Unfair Competition Law Update: Substantive Law
- Chair's Column
- Considerations, Not Limitations: An Argument Against Defining the Anticompetitive Harm Under F. T.C. Vactavis As the "Elimination of the Risk of Potential Competition"
- Editor's Note
- Golden State Institute 25Th Anniversary Retrospective and Prospective Views On California Antitrust and Unfair Competition Law
- Keynote Address: a Conversation With the Honorable Tani Cantil-sakauye, Chief Justice of California
- Managing Antitrust and Complex Business Trials-a View From the Bench
- Masthead
- Royal Printing and the Ftaia
- Settlement Negotiation Tactics, Considerations and Settlement Agreement Provisions In Antitrust and Ucl Cases: a Roundtable
- The Decision of the Supreme People's Court In Qihoo Vtencent and the Rule of Law In China: Seeking Truth From Facts
- The Nexium Trial Pioneers Actavis' Activation: a Roundtable of Nexiums Counsel Reflect On Their Six-week Trial
- The Ucl-now a Money Back Guarantee?
- Ftc Data Security Enforcement: Analyzing the Past, Present, and Future
FTC DATA SECURITY ENFORCEMENT: ANALYZING THE PAST, PRESENT, AND FUTURE
By Crystal N. Skelton1
The "Internet of Things" has recently come to dominate the consumer products market. Businesses are connecting nearly everything to the Internet — from homes and cars to clothing and even yoga mats. The shift from consumers using basic computers to interacting with mobile apps and other connected devices has continued to generate massive amounts of consumer data online. This trend is not expected to end anytime soon.
The U.S. Federal Trade Commission ("FTC") defines the Internet of Things as "the ability of everyday objects to connect to the Internet and to send and receive data," and includes both consumer- and non-consumer-facing devices.2 Some analysts describe it as, the "third wave of the Internet," following the fixed Internet wave of the 1990s and the mobile wave in the 2000s.3 DHL and Cisco report that there are 15 billion connected devices in the world today and predict that there will be 50 billion by 2020.4 By that time, computers (including PCs, tablets, and smartphones) are expected to represent only 17 percent of all Internet connections, while the other 83 percent will result from the Internet of Things, including wearables and smart-home devices.5 Intel’s estimates are even more generous, forecasting that more than 200 billion devices will be connected by 2020.6
The collection of vast amounts of consumer data, however, often may not go hand-in-hand with increased efforts to protect the security of such data online. High profile data breaches and security lapses draw increased scrutiny from consumers, lawmakers, and federal and state regulators. The data security regulatory environment is in constant flux, with regulators and legislators alike proposing varying frameworks to protect personal information online. Nonetheless, there is currently no comprehensive federal privacy or data security law in the United States, as only sector-specific laws are present at the federal level. Simultaneously, forty-seven states and the District of Columbia have separate laws governing data security breach notification, while only a handful of states have implemented data security requirements applicable to any entity collecting information about residents of their state.7 Businesses are thus subject to a patchwork of statutory and regulatory data security-related requirements, which creates a complex environment for entities with a national or regional presence.