It’s not often that a conservative Republican backs the dramatic expansion of a federal regulatory agency. And in his remarks during Tuesday’s oversight hearing of the Federal Trade Commission, Sen. Jerry Moran seemed aware that he was breaching party orthodoxy.
“I’ve never met an agency, or a department or a commission, that didn’t believe they needed more resources,” Moran said. “I hear it on an ongoing basis. But I think this is different.”
Moran, who chairs the Senate's Commerce Consumer Protection, Product Safety, Insurance, and Data Security Subcommittee, had assembled the five FTC commissioners to hear their recommendations for a burgeoning bill to create a national standard on data privacy. And as FTC Chairman Joseph Simons pushed for greater funding, the ability to levy civil fines against corporate actors found to violate consumers’ privacy, and the authority to make additional rules on data protection, the senator found himself “sympathetic” to the pitch.
“They need additional authorities, in my view, to accomplish greater levels of privacy and data security in this country,” Moran told reporters after the hearing, noting the rapid rise of Big Tech and the resultant explosion in privacy scandals and breaches. “That, I would suggest, would require additional financial resources.”
Democratic Sen. Richard Blumenthal nodded alongside Moran as he spoke. The two lawmakers are working on legislation that would likely place the FTC as the linchpin in a new data-privacy framework, significantly beefing up the agency in the process. They say Sen. Roger Wicker, who is all but certain to be the next chairman of the Commerce Committee, is working on the same bill.
The rapid push for privacy legislation on Capitol Hill comes as the tech industry seeks to preempt an aggressive law out of California before it takes effect in 2020. And Blumenthal said he’s been “impressed” by the rapid convergence of the two parties on the centrality of the FTC to any privacy effort. “We’ve made a lot of progress, and it’s truly bipartisan—not only between Chairman Moran and myself, but also others on our committee,” said Blumenthal.
But not everyone is convinced that an empowered FTC is the key to protecting data privacy. On the same day as the hearing, a group of 15 technology and consumer groups sent a letter to the commission lamenting its “failure to act promptly on timely and important privacy-related complaints.” The letter also criticized the FTC’s recent comments on federal legislation, which they said focused too strongly on economic harms and “ignore[d] the fundamental right to privacy that should be the proper starting point for analysis.”
Their complaints reveal an increasing worry about the broader culture of the FTC on data privacy. And it’s not just coming from outside groups—Megan Gray, a longtime FTC staff attorney who left the commission earlier this year, said the agency doesn’t have the right mind-set to take on the most powerful tech companies on the planet
“The FTC culture is not well-suited for the FTC to act as a de facto [data-protection authority],” Gray told National Journal. “The FTC is extremely risk-averse; it does not go out on a limb, particularly on politically fraught issues or entities. That is true in all areas, not just privacy and security.”
While lawmakers say they want to give the FTC the ability to write the rules of the road on data privacy, Gray believes passing the buck to the commission would result in only minor and inadequate tweaks. Because Congress has lashed out at the FTC in the past for overzealous enforcement, Gray said, “the FTC has learned that the middle path is usually safest for its budget.
“I think that the congressional members should know, given how hard it is for them to pass even a bland general privacy law, that it’s unreasonable to think that the FTC is going to find it any easier,” she said.
At least one FTC commissioner appears to agree. Noah Joshua Phillips, a Republican, warned lawmakers during his testimony on Tuesday that the commission was not the place to hash out complicated rules balancing consumer privacy with the desire to promote greater innovation in the tech industry.
“Given the important value judgments that must be made, Congress is the place to make them,” Phillips said. “Broad delegations to an expert agency are a poor substitute for the lawmaking process that our founders created.”
When asked about the FTC’s historic aversion to risk, and the possibility that it may not effectively use its rule-making authority should Congress choose to grant it, Moran was nonplussed.
“The FTC has heard from many members of this committee today about the importance of utilizing their powers,” Moran said.
The FTC is operating with an entirely new set of commissioners compared to last year, and Moran said he’s confident that “we have five new commissioners who can demonstrate their ability to do their jobs well.”
Blumenthal—who has repeatedly criticized the FTC’s approach to its ongoing investigation into Facebook’s privacy scandals and data privacy more generally—was less circumspect.
“One of the recurring themes, at least from me and others here, is the importance of using the power, using it vigorously and aggressively,” he told reporters. “If they have the authority to make rules, they ought to use it. If they fail to use it, they ought to be sued.”
For his part, Simons believes the concerns over the FTC’s future ability to tackle data privacy—even with additional resources and authorities—is largely unwarranted. If a data-privacy bill is passed next Congress, he aims to prove the naysayers wrong.
“One thing I hope to do, Senator, is I hope to turn your opinion around in terms of the performance of the FTC,” the chairman told Blumenthal on Tuesday. “That is one of my main goals, with respect to you and others in the Congress.”