The Federal Trade Commission this week issued its annual report on privacy and data security actions over the past year. How well the FTC enforces privacy and security will take on even greater import after the FCC's new net neutrality rules go into effect since they return ISP privacy and security issues to the FTC's purview.
The report seemed geared to assuaging fears bout how much muscle the FTC has in the online space, outlining the FTC's "broad" authority over privacy issues: "The FTC’s primary legal authority comes from Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive practices in the marketplace. The FTC also has authority to enforce a variety of sector specific laws, including the Truth in Lending Act, the CAN-SPAM Act, the Children’s Online Privacy Protection Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act."
The FTC said that authority allows it to get at a "wide array" of practices, including those "that emerge with the development of new technologies and business models."
The FCC's network neutrality regulation rollback will allow for those new tech business models, like paid prioritization, under the presumably watchful eye of the FTC.
The report cites 130 spam and spyware cases and 50 general privacy lawsuits in 2017--the FTC's enforcement authority is via filing suits and securing settlements.
Among the cases it cited were one against Lenovo for selling laptops with security vulnerabilities, and against Uber for failing to secure info in the cloud. It also pointed to new guidance on how the Children's Online Privacy Protection Act applied to voice recordings.
It also points out, in regard to the FCC's rollback of the net neutrality regs, that the FTC "has expertise in the antitrust and consumer protection issues raised by net neutrality concerns."