The Federal Trade Commission’s (FTC) policy and enforcement priorities have a significant impact on the digital economy – and the development of cutting-edge software tools, such as artificial intelligence. The agency has a long track record of evaluating its policy and enforcement approaches, including its 1995 hearings on competition and consumer protection; its pre-centennial global workshops to ascertain how to remain effective in its second century; and its Privacy Roundtables, launched almost ten years ago, that examined how best to protect privacy in an evolving marketplace. The FTC now embarks on a similar journey as it prepares for its wide-ranging hearings aimed at examining the impact of changes in business models, technology, and the global landscape.
BSA members are leaders in software-enabled innovation that is fueling US and global economic growth, making businesses more agile, and providing significant benefits to consumers. They have a unique and valuable perspective on how the FTC should approach its policy and enforcement work in this rapidly evolving technological landscape.
The FTC has recognized that a critical part of ensuring data-driven innovation continues to thrive is protecting the privacy and security of consumers’ personal information. BSA agrees, and we highlighted in our comments on the upcoming hearings that the FTC should continue its record of promoting the flexible, technology-neutral, risk-based privacy and security frameworks that are best suited to protect consumer data in a global, dynamic marketplace.
An important part of the shifts in the marketplace is the growth of advanced techniques enabling data analysis and use, such as AI and cloud computing. The increased use of data has provided immense economic and societal benefits across a wide swath of industries that benefit consumers.
The cloud not only enables these AI tools, but it also provides small and medium-sized enterprises access to flexible, scalable computing resources. The reduced cost to small businesses of accessing the same infrastructure in use by large enterprises, along with the enhanced capability to use advanced techniques to develop innovative products and services, contributes significantly to more robust competition in the marketplace. These innovations have occurred under flexible policy frameworks that spur data-driven innovation.
Yet, as software-enabled technologies become increasingly integrated into business operations and consumers’ daily lives, the need to protect the privacy and security of personal information is even more critical, particularly as threats become more sophisticated and pernicious. Industry must continue to increase the transparency of data collection and use; provide consumers with appropriate control over their personal information; enable and respect informed choices; provide reasonable security measures that appropriately address relevant risks; and promote responsible use of consumer data. BSA members are committed to improving privacy and security through their own practices as well as industry-driven software development and management best practices.
The FTC’s role remains critical, including its careful examination of marketplace changes, robust public engagement, promotion of industry-driven privacy and data security best practices, and enforcement that addresses significant consumer harm while, at the same time, facilitates data-enabled innovation.
We must also remember that Internet-enabled communications and commerce are borderless, which means that policies aimed at protecting consumers in a connected, data-driven economy should be crafted with a global lens. The Commission’s engagement on international consumer protection issues and long-standing leadership in the global arena are important to promoting cross-border data transfers. Privacy-preserving mechanisms that facilitate data flows are vital to the continued growth of the global economy.
The EU-US Privacy Shield Framework is one such important tool that facilitates transatlantic trade and protects individual privacy. The FTC’s enforcement role is an integral part of the framework, as is its ongoing engagement with EU data protection authorities.
Other important mechanisms for ensuring seamless data transfers in a global economy include standard contractual clauses for transfers from the EU, and the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules (APEC CBPR) system. Expansion of the APEC CBPR system is essential, as are efforts to promote interoperability between the APEC CBPR system and data protection regimes of various regions, such as the EU. There, too, the FTC plays a key role, particularly in providing a robust enforcement mechanism.
Finally, the FTC’s bilateral engagement on privacy and security issues is increasingly valuable as countries consider developing and adopting new privacy laws and regulations. For example, a legislative proposal currently under consideration in India would implement data localization requirements, restrict cross-border data transfers, and otherwise potentially limit the use of data that could be leveraged to provide economic and societal benefits around the world. The FTC’s engagement in India is critical. As countries develop new privacy laws, it is important to avoid fragmented approaches that create conflicting legal obligations, impose significant compliance burdens, or restrict the use and international transfer of data.
As Chairman Simons recognized in his remarks announcing the upcoming hearings, “The FTC has long been an agency committed to self-examination and critical thinking.” Indeed, the Commission’s long tradition of evaluating its policy and enforcement approaches is laudable. As the Commission conducts its current inquiry, it should consider the benefits to consumers, businesses, and governments of software-enabled, data-driven innovation and maintain flexible policy frameworks that protect consumers from harmful privacy violations, promote adoption of appropriate security measures, and enable cross-border data flows. In so doing, the Commission will continue to fulfill its mission to protect consumers while also spurring innovation in the global Internet ecosystem.
