On June 27, 2019 the Federal Trade Commission (FTC) hosted its fourth annual privacy conference PrivacyCon. Tasked with protecting consumers against privacy and security violations, at PrivacyCon the FTC brings together privacy stakeholders to discuss privacy issues that businesses encounter when providing innovative technologies to customers.
PrivacyCon and FTC Privacy Enforcement
According to former FTC Chairwoman Edith Ramirez, the FTC seeks to increase its engagement with the technology community in order to more effectively encourage innovation that is protective of consumer privacy and security. While reiterating the agency’s goal is to stay up-to-date with emerging technologies, current Chairman Joseph Simons in this year’s opening remarks, shared the following three ways PrivacyCon benefits the agency:
- helps to identify potential areas for enforcement,
- fashions remedies in the agency’s orders, and
- highlights areas in which the FTC can provide business and consumer education.
For businesses, PrivacyCon provides insight into the directions that the FTC may be considering in addressing its current privacy and security priorities of vigorous enforcement, improving business accountability and promoting deterrence.
PrivacyCon 2019 FTC Online Privacy Issues
This year, the FTC requested research on privacy and security issues in emerging technologies and sought to understand the greatest threats to consumer privacy today. The FTC also sought research on the economic impact of privacy and security issues on the market, as well as ways to incentivize manufacturers and developers to implement privacy and security in their products and practices. In response, the PrivacyCon featured almost thirty speakers in four sessions divided into four key privacy and security areas:
- Privacy Policies, Disclosures, and Permissions,
- Vulnerabilities, Leaks, and Breach Notifications,
- Consumer Preferences, Expectations, and Behaviors, and
- Tracking and Online Advertising.
The first two sessions noted above stood out as having immediate consequences for businesses. Presenters in the area of privacy policies, disclosures and permissions touched on the privacy principle of “notice and choice” and its provision.
Notably, remarks suggested that readability and ambiguity in privacy policies continue to frustrate researchers and users. Therefore, companies may need to review whether their privacy policies are adequate to obtain user consent and inform them of company data practices. On a parallel path, speakers represented the expectation that the FTC will continue to pursue the creation of policies that are easier for consumers to read and comprehend.
The Vulnerabilities, Leaks, and Breach Notifications session reported that businesses may not be aware that their mobile applications are leaking customer data and current permissions may be insufficient to notify users of data and security practices. Another topic was the potential incorporation of artificial intelligence in risk assessments in order to help businesses identify and remedy high risk vulnerabilities. This step is a potentially cost-friendly aid to companies in mitigating data security risks.
PrivacyCon 2019 Key Takeaways
The FTC is a strong advocate for business self-regulation on privacy and security issues that arise when implementing emerging technologies. However, the agency will not hesitate to exercise its enforcement powers when improper data practices put consumers at risk. Businesses should look to resources provided by the FTC to help guide alignment with their privacy policies and practices – a great starting point is the FTC website, at www.ftc.gov/tips-advice/business-center/privacy-and-security. Generally, businesses can seek to mitigate security risks by using proactive steps to identify and remedy vulnerabilities, while looking for up-to-date ways to effectively communicate data practices with customers. Working with legal counsel to help formulate a legally-defensible position will be important in developing these steps and practices.
Have questions? Our team at Octillo is uniquely positioned to advise on emerging privacy laws at both the state and national level. Contact us today for a consultation.
*Attorney advertising. Prior results to not guarantee a similar outcome.