The views expressed by contributors are their own and not the view of The Hill

FTC should focus on actual, not speculative, consumer harm

by Ken Wasch, opinion contributor - 02/26/18 11:00 AM ET

Since bringing its first online privacy case in 1998, the Federal Trade Commission (FTC) has brought more than 500 privacy and security-related enforcement actions and conducted more than 20 workshops and events on privacy and data security topics.

The FTC has become the de facto privacy and security regulator for companies not covered under specific privacy statutes. It should carry out this responsibility by continuing to focus on the prevention of actual harm to consumers.

{mosads}The FTC has an increasingly difficult job to protect consumers in an age of rapid technological evolution, where consumer expectations are evolving along with the technologies they use.

Although the internet of things is still in its very early stages, consumers and businesses increasingly recognize that the opportunities for data-driven innovation have moved from the devices in the palms of their hands to devices all around us that are connected to the internet.

Information flows, including the transmission of consumer information, are critical to cutting edge products and services and new business models that drive the digital economy. Privacy risks abound, but so do transformative economic and societal benefits from data-driven innovation.

The FTC’s task requires a practical approach to regulation and enforcement that protects consumers while remaining mindful of opportunities.

In 2017, the FTC, under the direction of acting Chairman Maureen Ohlhausen embarked on a timely assessment of “informational injury” to determine which types of harm should be the object of the FTC’s enforcement efforts.

In addition to traditional financial harms, the commission focused on protecting consumers against other harms such as stalking, discrimination and doxing, the recent practice of intentionally publishing private or identifying information about a particular individual on the internet, particularly with malicious intent.

The key thrust of the recent FTC assessment was to prioritize action to address real consumer harm, while being mindful not to stifle innovation and economic benefits by casting an overly-broad net based on potential harms that may never occur.

Such an economic approach to privacy regulation is guided by the tradeoff between the consumer benefits of these new and enhanced products and services against the potential harm to consumers, both of which arise from the same free flow and exchange of data.

Assessing benefits and costs may be difficult in particular situations, but nothing can replace careful case-by-case evaluation of how consumers are likely to gain or lose by the collection and use of personal information. Rather than focus on speculative harms, the FTC should thoroughly evaluate all the effects of information use, including the likely benefits to consumers.

The necessary cost-benefit balance is therefore not just about weighing risks against economic benefits. Rather, it’s critical to measure the risks of harm against broader consumer and societal benefits from new innovative uses of data.

The commission must recognize these opportunities and place a greater emphasis on enforcement actions only in cases where there is actual, concrete harm.

Bringing enforcement actions where the consumer harm is merely speculative or presumed or without a full assessment of the benefits provided by the use of data risks crippling data-driven innovation and its transformative economic and societal benefits throughout the United States.

By adopting a case-by-case, tailored approach to regulation and enforcement, the commission can avoid adopting an overly broad definition of informational injuries that threatens the data-driven innovation that powers the 21st-century economy.

FTC chairman nominee Joseph Simons and nominees Chopra, Phillips and Wilson are well-suited to retain the focus on economic analysis and stopping substantial consumer injury, rather than consuming finite resources to prevent hypothetical injuries should be emphasized.

Ken Wasch is the president and CEO of the Software & Information Industry Association (SIIA), a trade association for the software and digital content industry. Wasch’s involvement in SIIA is based on both personal and professional interests.