Abstract

http://ssrn.com/abstract=2461096
 


 



The Scope and Potential of FTC Data Protection


Woodrow Hartzog


Samford University - Cumberland School of Law; Stanford Law School Center for Internet and Society

Daniel J. Solove


George Washington University Law School

July 1, 2014

83 George Washington Law Review, 2015, Forthcoming
GWU Law School Public Law Research Paper No. 2014-40
GWU Legal Studies Research Paper No. 2014-40

Abstract:     
For more than fifteen years, the Federal Trade Commission (FTC) has regulated privacy and data security through its authority to police deceptive and unfair trade practices as well as through powers conferred by specific statutes and international agreements. Recently, the FTC’s powers for data protection have been challenged by Wyndham Worldwide Corporation and LabMD. These recent cases raise a fundamental issue, and one that has surprisingly not been well explored: How broad are the FTC’s privacy and data security regulatory powers? How broad should they be?

In this article, we address the issue of the scope of FTC authority over privacy and data security, which together we will refer to as "data protection" We argue that the FTC not only has the authority to regulate data protection to the extent it has been doing, but it also has the authority to expand its reach much more. Normatively, we argue that the FTC’s current scope of data protection authority is essential to the United States data protection regime and should be fully embraced to respond to the privacy harms unaddressed by existing torts, contracts, and statutes. For example, the FTC can regulate with a much different and more flexible understanding of harm that one focused on monetary or physical injury.

Thus far, the FTC has been quite modest in its enforcement, focusing on the most egregious offenders and enforcing the most widespread industry norms. The FTC should push the development of the norms a little more (though not in an extreme or aggressive way). We also discuss steps the FTC should take to change the way it exercises its power, such as greater transparency and more nuanced sanctioning and auditing.

Number of Pages in PDF File: 48

Keywords: FTC, Federal Trade Commission, privacy, data security, Wyndham, LabMD, FTCA, Section 5, deception, unfairness

Accepted Paper Series


Download This Paper

Date posted: July 1, 2014 ; Last revised: August 30, 2014

Suggested Citation

Hartzog, Woodrow and Solove, Daniel J., The Scope and Potential of FTC Data Protection (July 1, 2014). 83 George Washington Law Review, 2015, Forthcoming; GWU Law School Public Law Research Paper No. 2014-40; GWU Legal Studies Research Paper No. 2014-40. Available at SSRN: http://ssrn.com/abstract=2461096

Contact Information

Woodrow Hartzog
Samford University - Cumberland School of Law ( email )
800 Lakeshore Dr.
Birmingham, AL 35229
United States
HOME PAGE: http://cumberland.samford.edu/faculty/woodrow-n-hartzog
Stanford Law School Center for Internet and Society ( email )
Palo Alto, CA
United States
HOME PAGE: http://cyberlaw.stanford.edu/profile/woodrow-hartzog
Daniel J. Solove (Contact Author)
George Washington University Law School ( email )
2000 H Street, N.W.
Washington, DC 20052
United States
202-994-9514 (Phone)
HOME PAGE: http://www.law.gwu.edu/facweb/dsolove/
Feedback to SSRN


Paper statistics
Abstract Views: 1,598
Downloads: 300
Download Rank: 57,465

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo5 in 0.250 seconds