Consumer Technology Association Responds to FTC Rulemaking on Privacy

The Federal Trade Commission (FTC) recently embarked on a potential rulemaking on privacy that could have significant implications for the U.S. marketplace. While a well-structured national approach to privacy is needed for the U.S., our industry has serious concerns about the FTC’s authority. The FTC should not overlook the role of private sector standards, industry initiatives, and tailored approaches to protecting privacy.

The sweeping FTC advanced notice of proposed rulemaking (ANPRM) poses 95 questions, with the stated goal of helping the agency begin to “consider the potential need for rules and requirements regarding commercial surveillance and lax data security practices.” It is no secret that privacy is a hot-button issue, but the agency seems to have hit a nerve with interested stakeholders as the ANPRM generated over 11,000 comment submissions (including CTA). As the FTC evaluates this robust response to their proposal, we urge them to keep consumers front of mind and refrain from promulgating rules that would stifle innovation and inhibit U.S. competitiveness.

While industry recognizes that consumer data protection is important, a one-size-fits-all FTC rule for privacy is not the answer. CTA supports a federal privacy standard to ensure consistency and clarity for consumers and innovators when it comes to consumers’ personal information. The FTC’s authority under the Section 18 FTC Act is not designed to support one-size-fits-all rules, and the power to enact a federal privacy rule rests in Congress. In 2022, the House and Senate made progress in developing bipartisan federal privacy legislation, and we look forward to seeing this effort continue again in the 118th Congress. If the FTC insists on proceeding with the privacy rulemaking, any rule must be industry-specific, risk-based, and include safe harbors and opportunities to cure to encourage industry compliance and minimize consumer harm.

CTA members prioritize sound privacy and data security practices because it is good business – not because of a government mandate. The technology industry recognizes that trust in the integrity of data collection, sharing and processing is vital to the modern economy and consumers can choose products and services based on how companies handle privacy. According to CTA research on U.S. consumer attitudes and behaviors on data privacy, when engaging with consumers, companies and service providers should: (1) provide data transparency; (2) ensure that consumers know how to protect themselves; and (3) focus on data security. CTA is also a leader on industry best practices and standards on privacy and data security, as evidenced by the publication of Guiding Principles for the Privacy of Personal Health Data and the ANSI/CTA Standard Guidelines for Developing Trustworthy Artificial Intelligence Systems.

Innovative consumer products and services provide important benefits that may be stifled by burdensome regulations. Improving healthcare outcomes, increasing consumer convenience and choice, enhancing media and entertainment experiences, and increasing accessibility are just a few of the beneficial technologies powered by responsible data collection and use. Nowhere is technology innovation more obvious than at CES®. At CES 2023 in early January, we will see over 2,500 exhibitors from start-ups to large global brands, and many of their products and services depend on or generate data. Broad privacy and data security rules could increase compliance costs and hurt smaller businesses’ ability to compete and innovate. Regulatory certainty enables companies to flourish and provide exciting products and services for consumers, but that could quickly disappear if the FTC continues on its current path.