Can the FTC Handle Facebook’s Digital-Privacy Challenge?

Doubts are growing about the Federal Trade Commission’s ability to hold tech platforms accountable for privacy violations.

AP Photo/Richard Drew
March 29, 2018, 8 p.m.

The Federal Trade Commission’s new probe into Facebook’s data-privacy practices cratered the company’s stock price and caused observers to wonder whether the social-media monopolist can survive regulatory scrutiny.

But William Kovacic, a former Republican FTC chairman who served on the commission from 2006 to 2011, says Facebook’s reputation isn’t the only one on the line.

“I think the credibility of the entire FTC [privacy] regime, especially as it’s been built up in this decade, is at stake here,” Kovacic said.

Recent revelations concerning the unauthorized transfer of data from up to 50 million Facebook users to Cambridge Analytica—a British political consultancy working for the Trump campaign—have upended the American debate on digital privacy. Experts say that Facebook’s behavior is strikingly similar to the data practices of most other tech platforms, raising the prospect that more companies may soon be sucked into the vortex of controversy.

But as the firestorm intensifies, doubts are growing about the FTC’s ability to police the privacy practices of large tech platforms. To Kovacic, the fact that Facebook seems to have ignored a 2012 FTC order to tighten its privacy standards suggests the commission has been ineffective so far.

“This settlement was intended to be a template for establishing broader policy standards across the industry,” said Kovacic, who left the commission less than two months before Facebook and the FTC reached a preliminary settlement in 2011 on charges that the company deceived its users over its data-privacy policies. “And you have to look back and ask, ‘Did it work? What went wrong?’”

The worries don’t just stem from ongoing leadership vacancies, which have plagued the commission for over a year. Experts say the FTC simply doesn’t have the money or personnel required to take on Silicon Valley’s giants, particularly as consumers hand over more and more of their data to corporations.

Couple that with major gaps in the FTC’s jurisdiction, and it’s not clear that the commission is up to its job as America’s chief digital-privacy enforcer.

“The FTC doesn’t have enough power to do what it needs to do, what needs to be done,” said Bob Gellman, a D.C.-based data-privacy consultant who spent 17 years as a privacy staffer in the House of Representatives.

That skepticism is driven in part by the FTC’s apparent failure to keep tabs on Facebook’s privacy standards following its first run-in with the social-media behemoth.

The consent decree approved by the commission in August 2012 required Facebook to submit to regular “privacy audits” to ensure it was complying with the FTC’s new guidelines. But news of the latest probe came only after a cascade of reports focused on Cambridge Analytica’s malfeasance, and it’s not clear whether the FTC was already tracking potential Facebook privacy violations before the press got involved.

“What kind of oversight did they exercise?” Kovacic asked. “You have to look at that because that was a big part of your compliance mechanism. If that failed, then you have to rethink what you’re doing.”

FTC spokesman Peter Kaplan said he could not comment specifically on the Facebook issue, but he said the commission believes the privacy audits that undergird FTC consent decrees work.

Kovacic also pointed to the 2012 dissent of J. Thomas Rosch, one of five FTC commissioners at the time of the settlement. Rosch worried the consent decree would not cover improper activity conducted through third-party “apps” running on Facebook’s platform. Kovacic believes that concern may have been vindicated, since a third-party research app was the precise vector through which Cambridge Analytica received Facebook’s user data.

“They’ve got to find out what went wrong,” Kovacic said.

Chris Hoofnagle, an FTC researcher at UC Berkeley’s School of Information, believes the FTC’s weakness on digital privacy stems largely from a lack of resources.

The commission’s budget is small when compared to agencies tasked with policing privacy in other industry areas, including the Consumer Financial Protection Bureau and the Health and Human Services Department. And it’s minuscule when compared to those in most European countries, many of which are in the process of creating dedicated agencies specifically tasked with regulating digital privacy.

“The FTC’s privacy activities are a small part of a small budget,” Hoofnagle said, noting that the commission has fewer than 60 employees devoted to privacy full-time. “Even with a full commission and staff, if Facebook fights this case, the FTC will have to drop other investigations in order to keep up.”

Kaplan told National Journal that the FTC has brought fewer than 20 data-privacy or data-security cases over the past two years. Gellman contrasts that number with the hundreds of data-privacy cases HHS brings against health care institutions each year. “The odds of being investigated for your privacy activities by the FTC are approximately the odds of being hit by a meteorite, unless your story hits the front page of the newspaper,” he said.

Gellman believes the commission simply lacks the “guts” to aggressively pursue the questionable privacy practices of digital platforms. “The agency is scared to death of the Congress, and has been for decades,” he said, adding that the 1975 Magnuson-Moss Act—which stripped the FTC of much of its rulemaking authority—was seen as a backlash to an overly aggressive commission. “Ever since then, the agency has one eye firmly fixed on Congress,” he said.

Major gaps in the FTC’s regulatory authorities also work to hinder effective privacy enforcement. “The FTC has huge holes in its jurisdiction,” Kovacic said. “It can’t touch not-for-profits, so if universities just shovel information out the door, the FTC has no role. Charities, no role. Insurance, no role. … You can’t be an effective national privacy regulator if those are carved out.”

To tackle the burgeoning problem of digital privacy, Congress could provide the FTC with new authorities and greater resources. But unless public pressure grows, experts are skeptical that lawmakers will risk targeting Silicon Valley’s business model so directly.

“There is absolutely no hope that this Congress is going to give the FTC more authority,” Gellman said. “The business community will be totally opposed, and the Republicans in Congress will be for the most part opposed.”

Without statutory changes, it’s hard to see how the FTC gets its hands around Facebook and other digital platforms playing fast and loose with consumer data.

“If you want the FTC to function as a truly effective national data-protection authority, you cannot do it with the existing configuration,” Kovacic said. “The platform itself is not up to the job. And you either have to fix the weaknesses, or you have to think about a new framework.”

What We're Following See More »
Trump Signs Border Deal
1 weeks ago

"President Trump signed a sweeping spending bill Friday afternoon, averting another partial government shutdown. The action came after Trump had declared a national emergency in a move designed to circumvent Congress and build additional barriers at the southern border, where he said the United States faces 'an invasion of our country.'"

Trump Declares National Emergency
1 weeks ago

"President Donald Trump on Friday declared a state of emergency on the southern border and immediately direct $8 billion to construct or repair as many as 234 miles of a border barrier. The move — which is sure to invite vigorous legal challenges from activists and government officials — comes after Trump failed to get the $5.7 billion he was seeking from lawmakers. Instead, Trump agreed to sign a deal that included just $1.375 for border security."

House Will Condemn Emergency Declaration
1 weeks ago

"House Democrats are gearing up to pass a joint resolution disapproving of President Trump’s emergency declaration to build his U.S.-Mexico border wall, a move that will force Senate Republicans to vote on a contentious issue that divides their party. House Judiciary Committee Chairman Jerrold Nadler (D-N.Y.) said Thursday evening in an interview with The Washington Post that the House would take up the resolution in the coming days or weeks. The measure is expected to easily clear the Democratic-led House, and because it would be privileged, Senate Majority Leader Mitch McConnell (R-Ky.) would be forced to put the resolution to a vote that he could lose."

Where Will the Emergency Money Come From?
1 weeks ago

"ABC News has learned the president plans to announce on Friday his intention to spend about $8 billion on the border wall with a mix of spending from Congressional appropriations approved Thursday night, executive action and an emergency declaration. A senior White House official familiar with the plan told ABC News that $1.375 billion would come from the spending bill Congress passed Thursday; $600 million would come from the Treasury Department's drug forfeiture fund; $2.5 billion would come from the Pentagon's drug interdiction program; and through an emergency declaration: $3.5 billion from the Pentagon's military construction budget."

House Passes Funding Deal
1 weeks ago

"The House passed a massive border and budget bill that would avert a shutdown and keep the government funded through the end of September. The Senate passed the measure earlier Thursday. The bill provides $1.375 billion for fences, far short of the $5.7 billion President Trump had demanded to fund steel walls. But the president says he will sign the legislation, and instead seek to fund his border wall by declaring a national emergency."


Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.