[Senate Hearing 115-730]
[From the U.S. Government Publishing Office]
S. Hrg. 115-730
OVERSIGHT OF
THE FEDERAL TRADE COMMISSION
=======================================================================
HEARING
before the
SUBCOMMITTEE ON CONSUMER PROTECTION,
PRODUCT SAFETY, INSURANCE,
AND DATA SECURITY
of the
COMMITTEE ON COMMERCE,
SCIENCE, AND TRANSPORTATION
UNITED STATES SENATE
ONE HUNDRED FIFTEENTH CONGRESS
SECOND SESSION
__________
NOVEMBER 27, 2018
__________
Printed for the use of the Committee on Commerce, Science, and
Transportation
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Available online: http://www.govinfo.gov
______
U.S. GOVERNMENT PUBLISHING OFFICE
55-155 PDF WASHINGTON : 2024
SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION
ONE HUNDRED FIFTEENTH CONGRESS
SECOND SESSION
JOHN THUNE, South Dakota, Chairman
ROGER F. WICKER, Mississippi BILL NELSON, Florida, Ranking
ROY BLUNT, Missouri MARIA CANTWELL, Washington
TED CRUZ, Texas AMY KLOBUCHAR, Minnesota
DEB FISCHER, Nebraska RICHARD BLUMENTHAL, Connecticut
JERRY MORAN, Kansas BRIAN SCHATZ, Hawaii
DAN SULLIVAN, Alaska EDWARD MARKEY, Massachusetts
DEAN HELLER, Nevada TOM UDALL, New Mexico
JAMES INHOFE, Oklahoma GARY PETERS, Michigan
MIKE LEE, Utah TAMMY BALDWIN, Wisconsin
RON JOHNSON, Wisconsin TAMMY DUCKWORTH, Illinois
SHELLEY MOORE CAPITO, West Virginia MAGGIE HASSAN, New Hampshire
CORY GARDNER, Colorado CATHERINE CORTEZ MASTO, Nevada
TODD YOUNG, Indiana JON TESTER, Montana
Nick Rossi, Staff Director
Adrian Arnakis, Deputy Staff Director
Jason Van Beek, General Counsel
Kim Lipsky, Democratic Staff Director
Chris Day, Democratic Deputy Staff Director
Renae Black, Senior Counsel
------
SUBCOMMITTEE ON CONSUMER PROTECTION, PRODUCT SAFETY, INSURANCE, AND
DATA SECURITY
JERRY MORAN, Kansas, Chairman RICHARD BLUMENTHAL, Connecticut,
ROY BLUNT, Missouri Ranking
TED CRUZ, Texas AMY KLOBUCHAR, Minnesota
DEB FISCHER, Nebraska EDWARD MARKEY, Massachusetts
DEAN HELLER, Nevada TOM UDALL, New Mexico
JAMES INHOFE, Oklahoma TAMMY DUCKWORTH, Illinois
MIKE LEE, Utah MAGGIE HASSAN, New Hampshire
SHELLEY MOORE CAPITO, West Virginia CATHERINE CORTEZ MASTO, Nevada
TODD YOUNG, Indiana
C O N T E N T S
----------
Page
Hearing held on November 27, 2018................................ 1
Statement of Senator Moran....................................... 1
Statement of Senator Blumenthal.................................. 2
Statement of Senator Nelson...................................... 4
Statement of Senator Klobuchar................................... 29
Statement of Senator Thune....................................... 31
Statement of Senator Markey...................................... 33
Statement of Senator Udall....................................... 35
Statement of Senator Hassan...................................... 38
Statement of Senator Cortez Masto................................ 40
Statement of Senator Capito...................................... 42
Statement of Senator Cruz........................................ 51
Witnesses
Hon. Joseph J. Simons, Chairman, Federal Trade Commission........ 5
Joint prepared statement..................................... 7
Hon. Rohit Chopra, Commissioner, Federal Trade Commission........ 19
Hon. Noah Joshua Phillips, Commissioner, Federal Trade Commission 20
Hon. Rebecca Kelly Slaughter, Commissioner, Federal Trade
Commission..................................................... 22
Hon. Christine S. Wilson, Commissioner, Federal Trade Commission. 23
Appendix
Letter dated November 26, 2018 to Hon. Jerry Moran and Hon.
Richard Blumenthal from Electronic Privacy Information Center:
Marc Rotenberg, EPIC President; Caitriona Fitzgerald, EPIC
Policy Director; Christine Bannan, EPIC Consumer Privacy
Counsel; Enid Zhou, EPIC Open Government Counsel; Lorraine
Kisselburgh, EPIC Scholar in Residence; an Jeff Gary, EPIC
Legislative Fellow............................................. 55
Letter dated November 26, 2018 to Joseph J. Simons, Chairman,
Federal Trade Commission from the following consumer, privacy,
and civil organizations: Campaign for a Commercial Free
Chilhood, Center for Digital Democracy, Consumer Action,
Consumer Federation of America, Consumer Watchdog, Customer
Commons, Electronic Frontier Foundation, Electronic Privacy
Information Center, Media Alliance, National Hispanic Media
Coalition, Privacy Rights Clearinghouse, Public Citizen, Public
Knowledge, Stop Online Violence Against Women and US PIRG...... 61
Response to written questions submitted to Hon. Joseph J. Simons
by:
Hon. John Thune.............................................. 63
Hon. Roy Blunt............................................... 66
Hon. Jerry Moran............................................. 66
Hon. Richard Blumenthal...................................... 71
Hon. Maggie Hassan........................................... 78
Hon. Tom Udall............................................... 80
Hon. Catherine Cortez Masto.................................. 81
Response to written questions submitted to Hon. Rohit Chopra by:
Hon. John Thune.............................................. 86
Hon. Jerry Moran............................................. 87
Hon. Richard Blumenthal...................................... 90
Hon. Catherine Cortez Masto.................................. 92
Hon. Maggie Hassan........................................... 95
Hon. Amy Klobuchar........................................... 95
Hon. Tom Udall............................................... 95
Response to written questions submitted to Hon. Noah Joshua
Phillips by:
Hon. John Thune.............................................. 96
Hon. Jerry Moran............................................. 101
Hon. Richard Blumenthal...................................... 106
Hon. Catherine Cortez Masto.................................. 112
Hon. Amy Klobuchar........................................... 115
Hon. Tom Udall............................................... 116
Response to written questions submitted to Hon. Rebecca Kelly
Slaughter by:
Hon. John Thune.............................................. 117
Hon. Jerry Moran............................................. 119
Hon. Richard Blumenthal...................................... 122
Hon. Catherine Cortez Masto.................................. 125
Hon. Amy Klobuchar........................................... 128
Hon. Tom Udall............................................... 128
Response to written questions submitted to Hon. Christine S.
Wilson by:
Hon. John Thune.............................................. 129
Hon. Jerry Moran............................................. 134
Hon. Amy Klobuchar........................................... 138
Hon. Tom Udall............................................... 140
Hon. Richard Blumenthal...................................... 141
Hon. Catherine Cortez Masto.................................. 145
OVERSIGHT OF
THE FEDERAL TRADE COMMISSION
----------
TUESDAY, NOVEMBER 27, 2018
U.S. Senate,
Subcommittee on Consumer Protection, Product Safety, Insurance, and
Data Security,
Committee on Commerce, Science, and Transportation,
Washington, DC.
The Subcommittee met, pursuant to notice, at 2:38 p.m., in
room SR-253, Russell Senate Office Building, Hon. Jerry Moran,
Chairman of the Subcommittee, presiding.
Present: Senators Thune, Moran [presiding], Nelson, Cruz,
Capito, Blumenthal, Klobuchar, Markey, Udall, Hassan, and
Cortez Masto.
OPENING STATEMENT OF HON. JERRY MORAN,
U.S. SENATOR FROM KANSAS
Senator Moran. The hearing will come to order.
Thank you, all of the commissioners, for being with us here
today as the Subcommittee conducts on oversight of the Federal
Trade Commission.
The Commission has a broad mandate to protect consumers
from unfair and deceptive trade practices. Its consumer
protection mission includes protecting consumers from
everything from robocalls, ticket bots, and data breaches, and
enforcing laws such as the Consumer Review Fairness Act, the
Fair Credit Reporting Act, and the Children's Online Privacy
Protection Act.
This is the first opportunity for this subcommittee to hear
from all five new commissioners since their confirmation this
past spring and learn about their enforcement priorities.
This spring the Commission announced it would hold a series
of hearings titled Competition and Consumer Protection in the
21st Century with the goal of exploring whether evolving
businesses practices and emerging technologies might
necessitate changes to the FTC enforcement policy and
priorities. So far, the Commission has held seven hearings on
topics which included big data and artificial intelligence,
with data security and privacy hearings to be held in the next
few months.
I would like to hear from the commissioners about the
response they have gotten to the hearings, what they have
learned so far, and what, if any, policy or enforcement
guidance might result.
I am also interested in what the Commission can share on
its investigation into Equifax and Facebook. In September 2017
the FTC announced that it had opened an investigation into
Equifax's massive data breach that affected the personal
information of at least 148 million Americans. The breach
apparently went unnoticed by Equifax for more than 70 days, and
once the company finally realized that a breach had occurred,
the company waited six weeks to report it. The breach put
consumers at high risk of identity theft.
Last March following the Cambridge Analytical scandal, the
FTC also confirmed that it was investigating whether Facebook's
privacy practices violated the Commission's 2012 consent
decree.
This Subcommittee held a hearing on June 19, focused on how
the use of the app by about 300,000 Facebook users ultimately
resulted in the personal information of nearly 87 million
Facebook users being transferred to Cambridge Analytica. It
would be useful to know if the Commission has an anticipated
timeline for when the results of that investigation will be
announced and what penalties the company might face if the
Commission determines if practices did violate the consent
decree.
Privacy has emerged as an area of major concern for
consumers. In the past month alone, Facebook and Google
revealed the exposure of personal information of up to 30
million and 500,000 users respectively, and these are just the
latest in a long series of incidents that have raised serious
concerns about privacy practices of large tech companies and
the adequacy of their responses.
In the wake of these incidents, the implementation of the
General Data Protection Regulation, GDPR, in Europe and the
recent passage of the California Consumer Privacy Act, it has
become clear that the U.S. needs a Federal consumer data
privacy law. My colleagues on the committee and I are pursuing
a bipartisan privacy legislative proposal.
As the primary Federal privacy regulator that has brought
over 100 data security and privacy cases over the last 20 years
and issued privacy guidance, the FTC has unique experience and
expertise to call on when we work to develop that privacy
legislation.
I look forward to hearing from the commissioners about what
they think should be included in any Federal privacy
legislation and what additional tools the FTC might need in
order to effectively protect consumer privacy while still
encouraging and enhancing innovation.
With that, I turn to the Ranking Member so that he can make
his opening statement.
STATEMENT OF HON. RICHARD BLUMENTHAL,
U.S. SENATOR FROM CONNECTICUT
Senator Blumenthal. Thanks, Senator Moran. Thank you to you
and Chairman Thune for your leadership.
And I have been working with Senator Moran on a bipartisan
privacy bill that I hope will make very good progress very
soon.
Congress has long empowered and directed the Federal Trade
Commission to enforce the tools it has now, not to mention new
ones that we may give it in such a privacy law. And looking
back, this year really exemplifies the urgent need for the FTC
to be more vigorous and vigilant in its enforcement; to stand
up for consumers, promote competitive markets, and combat
fraud.
And I will be very blunt. First, thank you all for your
service, but thank you for recognizing, as I hope you will,
that all too often the FTC has fallen short of that empower/
enforcement trust. It is falling short on confronting pressing
challenges. Sometimes it's because the Commission lacks the
needed tools, but too regularly the problem appears to be lack
of will. And I say that with great respect based not only on my
8 years as a United States Senator but 20 years as a law
enforcer at the state level, attorney general of Connecticut.
This hearing is about finding out whether the FTC is ready
and willing to take on hard problems and whether the FTC will
robustly protect privacy using the authorities and resources
that you have now and that we will hopefully provide.
We've seen the consequences of lack of enforcement with
Facebook. After over a year of foot dragging on Russian
interference earlier this year, we learned a political firm had
secretly amassed Facebook data on tens of millions of people to
manipulate our election.
Cambridge Analytica should never have happened. It would
never have happened if the consent order reached by the FTC
with Facebook had been vigorously and adequately enforced. When
Mark Zuckerberg came before the Senate, I showed him the terms
of service of Cambridge Analytica's app. He acknowledged that
Facebook was not paying attention and promised change. In fact,
he said he hadn't seen them before.
Instead, we have learned that while Mr. Zuckerberg embarked
on this apology tour, surrogates of Facebook were maligning
critics and Members of Congress. That issue is only one of
many, and it won't be the last, I'm afraid. My colleagues and I
have raised countless more concerns about Facebook's privacy
and security practices.
I have been frustrated that there has been no cost to
Facebook for catastrophic failure to protect consumers, and I
will be asking, like Senator Moran, where the investigation
stands and when we will see results.
Facebook has captured the headlines but it's hardly alone.
In July, the Wall Street Journal disclosed that Google had
potentially exposed the private data of hundreds of thousands
of Google's users. Google's instinct was concealment. A memo
from Google policy staff quoted by the Journal warned
disclosure would likely result in, ``us coming into the
spotlight alongside or even instead of Facebook despite having
stayed under the radar throughout the Cambridge Analytical
scandal.'' I, along with Senators Markey and Udall wrote the
FTC about this incident and I hope for a response today.
This issue is about big tech, and Congress is fed up. It's
about big tech no longer being entitled to say to America,
Trust us. Big tech is no longer entitled to that trust if it
ever was. And big tech maybe is no longer entitled to be as big
as it is. Misuse of bigness can be in violation of antitrust
laws. There may be nothing that prohibits the amassment of
market power, but misuse of that power can violate antitrust
laws. And so it's not only privacy, consumer protection, but
also antitrust that has to be assessed.
You all know, America is well aware that we all carry with
us the most sophisticated tracking devices ever invented. Our
phones monitor our movements on a minute-by-minute basis. They
are privy to the most intimate conversations. We use them as
credit cards and to monitor our health. They may know us better
than we know ourselves, and the ones collecting the data
yielded by those phones know us the best of all. That is also
big tech. And worse, there is little that any individual can do
about it.
That's not the basis of innovation. It's an invitation to
disaster. We have seen this year that the misuse and abuse of
our data represents a threat to consumer safety but also
national security, the defense of our nation, and the health of
our democracy. We need changes.
I look forward to collaborating with my colleagues on this
Committee to pass bipartisan legislation that sets clear rules
of the road on consumer privacy and other issues essential to
our national security. And we need to do it not only because
Europe has done it, not only because California has done it,
but these rules are long overdue. We can't simply endorse the
status quo.
And these real changes must include, at a minimum, rules
passed by Congress that will provide all Americans with the
same or better rights and redress than California and Europe,
move us beyond the failed notice and choice regime; and set
requirements for transparency, access and control; end the
secret harvesting and sale of personal data through requiring
reasonable data minimization; provide the FTC with the
resources, and expertise, and structure to enforce the rules;
establish meaningful penalties on first offenses to pose a
credible deterrent, and recognize the importance of state
attorneys general to ensure that violations are investigated
and punished.
And finally, to end where I began, any rules that we pass
need to be enforced. That FTC consent decree already on the
books should have prevented Cambridge Analytica. The FTC simply
can't claim to be surprised here. If we let Facebook and Google
police themselves, set their own goal posts, make their own
rules, they will always come up short. And so I look forward to
hearing whether the FTC is up to this task, and we need a
commitment from you to end the cycle of impunity.
Thank you, Mr. Chairman.
Senator Moran. Thank you, Senator Blumenthal.
Senator Nelson, would you care to make an opening
statement?
STATEMENT OF HON. BILL NELSON,
U.S. SENATOR FROM FLORIDA
Senator Nelson. Thank you, Mr. Chairman.
The FTC, the consumer--premier consumer protection agency
set up in 1914, it's the bedrock of American consumer
protection. The agency is tasked with policing and promoting
competitive markets and with protecting consumers from unfair
or deceptive acts or practices.
And despite the important mission, an enormous mandate, the
FTC remains a relatively small agency. For years, I have
consistently advocated that the FTC be provided with more
resources so that you can effectively do your job, particularly
during an age where the American economy is becoming
increasingly complex and digitized. And with a little over a
thousand full-time employees, the FTC can only do so much in a
19-trillion-dollar economy.
It's my hope that Congress will finally do the right thing
by providing the FTC with the increased funding and personnel
to police the marketplace and to protect American consumers
from a myriad of scams, frauds, corporate practices that fleece
them from their hard-earned money.
It is my hope that the FTC continues to operate in a
bipartisan and a consensus manner. It is all too common today,
not only from this institution but from the administrative
agencies, that we are beginning to see creep into the agencies
the same thing that is happening in the body politic: the
tribalism that has now entered and dominating our political
milieu.
The Commission has a long, proud history of bipartisanship.
It's a tradition from which other independent agencies should
draw. Too often agencies like the FCC or the CPSC, Consumer
Product Safety Commission, they get mired in competing
individual ideological agendas. And we speak in this Committee
from a position of knowing because we have the oversight of
both the FCC and the CPSC. And by and large, the FTC has
avoided this kind of dysfunction, and it's served the American
consumer well. Congress obviously can learn from your example
of bipartisan deliberation and cooperation.
And to the FTC commissioners before us in the Committee
today, thank you for your public service. It has been a
privilege and an honor to have worked closely with you during
the tenure in my capacity as Ranking Member on this Committee.
Thank you again, Mr. Chairman.
Senator Moran. Thank you, Senator Nelson.
We are now ready for that testimony. We have before us
today Trade Commission Chairman Joseph Simons, Commissioner
Rohit Chopra, Commissioner Noah Phillips, Commissioner Rebecca
Kelly Slaughter, and Commissioner Christine Wilson.
It is my understanding that your testimony is going to be a
joint testimony and will be delivered by the Chairman.
Mr. Chairman, you are recognized.
STATEMENT OF HON. JOSEPH J. SIMONS, CHAIRMAN, FEDERAL TRADE
COMMISSION
Mr. Simons. Chairman Moran, Ranking Member Blumenthal, and
members of the Subcommittee, it is an honor to appear before
you today, especially alongside my esteemed colleagues.
As Senator Nelson said, the FTC is a highly productive and
efficient, independent agency with a broad dual mission: to
protect consumers and to maintain competition. The FTC has a
long history of bipartisanship and we work hard to maintain it
and we will continue to work hard to maintain it.
I'm going to focus my oral remarks today on data security
and privacy. Year after year, these issues top the list of the
FTC's consumer protection priorities. The Commission has
challenged numerous privacy and data security practices under
Section 5 of the FTC Act. Our program in these areas, which
includes enforcement as well as consumer and business
education, has been highly successful within the limits of our
authority. But as mentioned, Section 5 is an imperfect tool.
In my view, we need more authority. I support data security
legislation that would give us three things: one, the ability
to seek civil penalties to effectively deter unlawful conduct;
two, jurisdiction over nonprofits and common carriers; and
three, the authority to issue implementing rules under the
Administrative Procedure Act.
The Commission also urges the Congress to consider enacting
privacy legislation that would be enforced by the FTC. While we
remain committed to vigorously enforcing existing privacy-
related statutes, we are hopeful that Congress can craft
legislation that would more seamlessly balance consumers'
legitimate concerns regarding collection, use, and sharing of
their data while providing the flexibility to foster
competition and innovation to the benefit of consumers. This
process understandably will involve difficult value judgments
and tradeoffs that are appropriately left to the Congress. No
matter the specific privacy or data-security laws that Congress
enacts, the Commission commits to using its extensive
experience and expertise to enforce them vigorously and
enthusiastically.
Irrespective of any new legislation, privacy and data
security will continue to be a top enforcement priority for us,
and we will use every tool in our existing arsenal to redress
consumer harm to the extent we can under existing authority.
To date, the Commission has brought more than 60 cases
alleging that companies failed to reasonably protect their
consumer data as well as more than 60 general privacy cases.
Since I became Chairman, we have announced eight new
enforcement actions, seven policy initiatives, and a Notice of
Proposed Rulemaking to give active military consumers free
credit monitoring. And we have launched our small business
cyber education campaign. We have no intention of slowing down.
The FTC also enforces the Privacy Shield Framework, a
mechanism that enables data to be legally transferred from
Europe to the United States. Our commitment to support the
Privacy Shield Framework is unwavering, and we will continue to
enforce and uphold it.
Let me mention one additional item. The FTC has a tradition
of self-critical examination, and our public hearings on
Competition and Consumer Protection in the 21st Century are
exploring whether we need to adjust our enforcement efforts,
our priorities, and our policies in light of changes in the
marketplace and new thinking.
Issues we are discussing include whether we need to change
the governing standard for antitrust enforcement, whether
merger enforcement has been too lax; our remedial authority,
whether it's sufficient with respect to privacy and data
security; and many other critical issues. The comments and
discussions on these issues will inform the FTC's enforcement
and policy priorities.
We are committed to maximizing our resources to enhance our
effectiveness in protecting consumers and promoting
competition, to anticipate and to respond to changes in the
marketplace, and to meet current and future challenges.
We look forward to working with the Subcommittee and the
Congress, and I would be happy to answer your questions. Thank
you.
[The prepared statement of the Federal Trade Commission
follows:]
Prepared Statement of the Federal Trade Commission
I. Introduction
Chairman Moran, Ranking Member Blumenthal, and members of the
Subcommittee, the Federal Trade Commission (``FTC'' or ``Commission'')
is pleased to appear before you today to discuss the FTC's work to
protect consumers and promote competition.\1\
---------------------------------------------------------------------------
\1\ This written statement presents the views of the Federal Trade
Commission. The oral statements and responses to questions reflect the
views of individual Commissioners, and do not necessarily reflect the
views of the Commission or any other Commissioner.
---------------------------------------------------------------------------
The FTC is an independent agency with three main bureaus: the
Bureau of Consumer Protection (``BCP''); the Bureau of Competition
(``BC''); and the Bureau of Economics (``BE''), which supports both BCP
and BC. The FTC is the only Federal agency with a broad mission to both
protect consumers and maintain competition in most sectors of the
economy. Its jurisdiction ranges from privacy and data security, to
mergers and acquisitions, to anticompetitive tactics by pharmaceutical
and other companies. We enforce the law across a range of sectors,
including high technology and emerging industries. The FTC has a long
history of bipartisanship and cooperation, and we work hard to maintain
it.
The FTC has broad law enforcement responsibilities under the
Federal Trade Commission Act,\2\ and enforces a wide variety of other
laws, ranging from the Clayton Act to the Fair Credit Reporting Act. In
total, the Commission has enforcement or administrative
responsibilities under more than 70 laws.\3\ The Commission pursues a
vigorous and effective law enforcement program, and the impact of its
work is significant. In addition to its consumer protection work, its
competition enforcement program is critically important to maintaining
competitive markets across the country; vigorous competition results in
lower prices, higher quality goods and services, and innovative and
beneficial new products and services.
---------------------------------------------------------------------------
\2\ 15 U.S.C. Sec. 41 et seq.
\3\ See https://www.ftc.gov/enforcement/statutes.
---------------------------------------------------------------------------
The FTC investigates and prosecutes those engaging in unfair or
deceptive acts or practices or unfair methods of competition, and seeks
to do so without impeding lawful business activity. The agency has a
varied toolkit to advance its mission. For example, the Commission
collects consumer complaints from the public and maintains one of the
most extensive consumer protection complaint databases, Consumer
Sentinel. The FTC and other federal, state, and local law enforcement
agencies use these complaints in their law enforcement and policy
efforts. The FTC also has rulemaking authority. In addition to the
FTC's Magnuson-Moss rulemaking authority, Congress has given the agency
discrete rulemaking authority under the Administrative Procedure Act
(``APA'') over specific topics. The agency regularly analyzes its
rules, including seeking public feedback, to ensure their continued
efficacy. The FTC also educates consumers and businesses to encourage
informed consumer choices, compliance with the law, and public
understanding of the competitive process. Through its research,
advocacy, education, and policy work, the FTC seeks to promote an
honest and competitive marketplace and works with foreign counterparts
to harmonize competition and consumer protection laws across the globe.
To complement its enforcement efforts, the FTC pursues a consumer
protection and competition policy and research agenda to improve agency
decision-making, and engages in advocacy and education initiatives.
This past September, the Commission began holding its Hearings on
Competition and Consumer Protection in the 21st Century.\4\ These
multi-day, multi-part public hearings are exploring whether broad-based
changes in the economy, evolving business practices, new technologies,
or international developments might require adjustments to competition
and consumer protection law, enforcement priorities, and policy. To
date, we have heard from more than 200 panelists and received more than
700 public comments. This project is ongoing, and the FTC will continue
to hold public hearings through early 2019.
---------------------------------------------------------------------------
\4\ FTC, Hearings on Competition and Consumer Protection in the
21st Century, https://www.ftc.gov/policy/hearings-competition-consumer-
protection; see also FTC Press Release, FTC Announces Hearings On
Competition and Consumer Protection in the 21st Century (June 20,
2018), https://www.ftc.gov/news-events/press-releases/2018/06/ftc-
announces-hearings-competi
tion-consumer-protection-21st.
---------------------------------------------------------------------------
This testimony provides a short overview of the FTC's work to
protect U.S. consumers and competition, including highlights of some of
the agency's major recent activities and initiatives. It also discusses
the Commission's international efforts to protect consumers and promote
competition.
II. Consumer Protection Mission
As the Nation's primary consumer protection agency, the FTC has a
broad mandate to protect consumers from unfair, deceptive, or
fraudulent practices in the marketplace. It does this by, among other
things, pursuing law enforcement actions to stop unlawful practices,
and educating consumers and businesses about their rights and
responsibilities. The FTC's enforcement and education efforts include
working closely with federal, state, international, and private sector
partners on joint initiatives. The Commission's structure, research
capacity, and committed staff enable it to pursue its mandate of
protecting consumers and competition in an ever-changing marketplace.
Among other issues, the FTC works to protect privacy and data security,
helps ensure that advertising claims to consumers are truthful and not
misleading, addresses fraud across most sectors of the economy, and
combats illegal robocalls.
The FTC's law enforcement orders prohibit defendants from engaging
in further illegal activity, impose data security and other compliance
obligations, and in some cases, ban defendants from engaging in certain
conduct altogether. When possible, the FTC collects money to return to
harmed consumers. During FY 2018, Commission actions resulted in over
$1.6 billion being returned to consumers. Specifically, the Commission
returned more than $83.3 million in redress to consumers, and FTC
orders--including in the Volkswagen,\5\ Amazon,\6\ and NetSpend\7\
matters--required defendants to self-administer consumer refund
programs worth more than $1.6 billion. The FTC also collected civil
penalties worth more than $2.4 million pursuant to these orders in FY
2018. In addition, the Commission deposited an additional $8.5 million
into the U.S. Treasury.
---------------------------------------------------------------------------
\5\ FTC v. Volkswagen Group of America, Inc., No. 3:15-md-02672-CRB
(N.D. Cal. May 17, 2017), https://www.ftc.gov/enforcement/cases-
proceedings/162-3006/volkswagen-group-america
-inc.
\6\ FTC v. Amazon.com, Inc., No. 2:14-cv-01038 (W.D. Wash. Apr. 4,
2017), https://www.ftc.gov/enforcement/cases-proceedings/122-3238/
amazoncom-inc.
\7\ FTC v. NetSpend Corp., No. 1:16-cv-04203-AT (N.D. Ga. Apr. 10,
2017), https://www.ftc
.gov/enforcement/cases-proceedings/netspend-corporation.
---------------------------------------------------------------------------
A. Protecting Consumer Privacy and Data Security
The FTC has served as the primary Federal agency charged with
protecting consumer privacy, dating back to the 1970 enactment of the
Fair Credit Reporting Act (``FCRA'').\8\ The FTC has played a key role
enforcing this law, which protects sensitive data used for credit,
employment, insurance, and other decisions from disclosure to
unauthorized persons.
---------------------------------------------------------------------------
\8\ 15 U.S.C. Sec. 1681.
---------------------------------------------------------------------------
Beginning in the mid-1990s, with the development of the Internet as
a commercial medium, the FTC expanded its focus on privacy to reflect
the growing collection, use, and sharing of consumer data in the
commercial marketplace. At that time, the FTC began concentrating on
children's privacy, and in 1998, Congress enacted the Children's Online
Privacy Protection Act to address the unique privacy and safety risks
created when young children--those under 13 years of age--access the
Internet.\9\ Since then, the Commission also has used Section 5 of the
FTC Act,\10\ which empowers the Commission to take action against
deceptive or unfair commercial practices,\11\ as its primary source of
legal authority in the privacy and data security arena.
---------------------------------------------------------------------------
\9\ Children's Online Privacy Protection Act of 1998, 15 U.S.C.
Sec. Sec. 6501-6506.
\10\ 15 U.S.C. Sec. 45.
\11\ The Commission also enforces sector-specific statutes
containing privacy and data security provisions, such as the Gramm-
Leach-Bliley Act (``GLB Act''), Pub. L. No. 106-102, 113 Stat. 1338
(1999) (codified as amended in scattered sections of 12 and 15 U.S.C.),
and the Children's Online Privacy Protection Act (``COPPA''), 15 U.S.C.
Sec. Sec. 6501-6506.
---------------------------------------------------------------------------
Year after year, privacy and data security top the list of consumer
protection priorities at the Federal Trade Commission. These issues are
critical to consumers and businesses alike. Press reports about privacy
practices and data breaches are increasingly common--such as the
reports about Facebook and Equifax, just to name two companies, both of
which the FTC is currently investigating.\12\ Some consumers are
concerned when their data are used in ways they do not expect or
understand. Hackers and others seek to exploit vulnerabilities, obtain
unauthorized access to consumers' sensitive information, and
potentially misuse it in ways that can cause serious harms to consumers
as well as businesses.
---------------------------------------------------------------------------
\12\ See, e.g., Statement by the Acting Director of FTC's Bureau of
Consumer Protection Regarding Reported Concerns about Facebook Privacy
Practices (Mar. 26, 2018), https://www.ftc.gov/news-events/press-
releases/2018/03/statement-acting-director-ftcs-bureau-consumer-
protection.
---------------------------------------------------------------------------
These incidents are not a new phenomenon. In fact, we have been
hearing about data breaches for well over a decade. These incidents
fuel the debate about both privacy and data security, and the best ways
to ensure them. The FTC has long used its broad authority under Section
5 of the FTC Act to address consumer harms arising from new
technologies and business practices and consequently has challenged
certain deceptive or unfair privacy and security practices.\13\ The
FTC's privacy and data security program--which includes enforcement as
well as consumer and business education--helps to promote a well-
functioning market.
---------------------------------------------------------------------------
\13\ 15 U.S.C. Sec. 45(a). The FTC also enforces sector-specific
statutes that protect certain health, credit, financial, and children's
information. See 16 C.F.R. Part 318 (Health Breach Notification Rule);
15 U.S.C. Sec. Sec. 1681-1681x (Fair Credit Reporting Act); 16 C.F.R.
Parts 313-314 (Gramm-Leach-Bliley Privacy and Safeguards Rules),
implementing 15 U.S.C. Sec. Sec. 6801-6809; 16 C.F.R. Part 312
(Children's Online Privacy Protection Rule), implementing 15 U.S.C.
Sec. Sec. 6501-6506.
---------------------------------------------------------------------------
Privacy and data security will continue to be an enforcement
priority at the Commission, and the agency will use every tool at its
disposal to address consumer harm. Many of the FTC's investigations and
cases in this arena involve complex facts and technologies and well-
financed defendants, often requiring outside experts, which can be
costly. It is critical that the FTC have sufficient resources to
support its investigative and litigation needs, including expert work,
particularly as demands for enforcement in this area continue to grow.
To date, the Commission has brought more than 60 cases alleging
that companies failed to implement reasonable data security safeguards,
as well as more than 60 general privacy cases.\14\ The FTC has
aggressively pursued privacy and data security cases in myriad areas,
including financial privacy, children's privacy, health privacy, and
the Internet of Things.\15\
---------------------------------------------------------------------------
\14\ See generally FTC, Privacy & Data Security Update: 2017 (Jan.
2018), https://www.ftc.gov/reports/privacy-data-security-update-2017-
overview-commissions-enforcement-policy-initiatives.
\15\ Id.
---------------------------------------------------------------------------
For example, the Commission recently gave final approval to an
expanded settlement with ride-sharing platform company Uber
Technologies related to allegations that the company failed to
reasonably secure sensitive consumer data stored in the cloud.\16\ As a
result, an intruder allegedly accessed personal information about Uber
customers and drivers, including more than 25 million names and e-mail
addresses, 22 million names and mobile phone numbers, and 600,000 names
and driver's license numbers. Under the final settlement, Uber must
notify the FTC about future incidents and meet other order requirements
relating to privacy or data security, with the threat of strong civil
penalties if it fails to comply. And earlier this year, the Commission
approved a settlement with PayPal, Inc. to resolve allegations that its
Venmo peer-to-peer payment service misled consumers about their ability
to control the privacy of their Venmo transactions and the extent to
which their financial accounts were protected by ``bank grade security
systems.'' \17\ Among other order requirements, Venmo must make certain
disclosures to consumers or face the threat of civil penalties for the
failure to do so.
---------------------------------------------------------------------------
\16\ See Press Release, FTC, Federal Trade Commission Gives Final
Approval to Settlement with Uber (Oct. 26, 2018), https://www.ftc.gov/
news-events/press-releases/2018/10/federal-trade-commission-gives-
final-approval-settlement-uber. Uber suffered a second, larger breach
of drivers' and riders' data in October-November 2016, and failed to
disclose that breach to consumers or the FTC for more than a year,
despite being the subject of an ongoing FTC investigation of its data
security practices during that time.
\17\ PayPal, Inc., No. C-4651 (May 24, 2018), https://www.ftc.gov/
enforcement/cases-proceedings/162-3102/paypal-inc-matter.
---------------------------------------------------------------------------
The Commission takes seriously its obligation to protect children's
privacy. In the Commission's first children's privacy case involving
Internet-connected toys, the FTC announced a settlement--including a
$650,000 civil penalty--with electronic toy manufacturer VTech
Electronics for violations of the Children's Online Privacy Protection
Rule.\18\ The FTC alleged that the company collected children's
personal information online without first obtaining parental consent,
and failed to take reasonable steps to secure the data it
collected.\19\
---------------------------------------------------------------------------
\18\ U.S. v. VTech Elec. Ltd. et al., No. 1:18-cv-00114 (N.D. Ill.
Jan. 8, 2018), https://www.ftc
.gov/enforcement/cases-proceedings/162-3032/vtech-electronics-limited.
\19\ In addition to law enforcement, the FTC also undertakes policy
initiatives, such as its workshop co-hosted with the Department of
Education on educational technology and student privacy. See Student
Privacy and Ed Tech (Dec. 1, 2017), https://www.ftc.gov/news-events/
events-calendar/2017/12/student-privacy-ed-tech.
---------------------------------------------------------------------------
Section 5, however, is not without limitations. For example,
Section 5 does not provide for civil penalties, reducing the
Commission's deterrent capability. The Commission also lacks authority
over non-profits and over common carrier activity, even though the acts
or practices of these market participants often have serious
implications for consumer privacy and data security. Finally, the FTC
lacks broad APA rulemaking authority for data security generally.\20\
The Commission continues to reiterate its longstanding bipartisan call
for comprehensive data security legislation.
---------------------------------------------------------------------------
\20\ The Commission has been granted APA rulemaking authority for
discrete topics such as children's privacy, financial data security,
and certain provisions of credit reporting.
---------------------------------------------------------------------------
The Commission also must continue to prioritize, examine, and
address privacy and data security with a fresh perspective. Under the
umbrella of the 21st Century Hearings, the Commission recently
announced panels taking place over four days, specifically addressing
consumer privacy and data security.\21\ The Commission's remedial
authority with respect to privacy and data security will be a key topic
in these panels, and the comments and discussions on these issues will
be one source to inform the FTC's enforcement and policy priorities. In
addition, the Commission recently announced its fourth PrivacyCon, an
annual event that reviews evolving privacy and data security
issues.\22\
---------------------------------------------------------------------------
\21\ See Press Release, FTC, FTC Announces Sessions on Consumer
Privacy and Data Security as Part of Its Hearings on Competition and
Consumer Protection in the 21st Century (Oct. 26, 2018), https://
www.ftc.gov/news-events/press-releases/2018/10/ftc-announces-sessions-
consu
mer-privacy-data-security-part-its.
\22\ See Press Release, FTC, FTC Announces PrivacyCon 2019 and
Calls for Presentations (Oct. 24, 2018), https://www.ftc.gov/news-
events/press-releases/2018/10/ftc-announces-privacy
con-2019-calls-presentations.
---------------------------------------------------------------------------
Recently, the European Union put into effect its General Data
Protection Regulation (``GDPR''). GDPR, like the EU's data protection
directive before it, imposes certain restrictions on the ability of
companies to transfer consumer data from the EU to other jurisdictions.
The EU-U.S. Privacy Shield Framework is a voluntary mechanism companies
can use to promise certain protections for data transferred from Europe
to the United States--and the FTC enforces the promises made by Privacy
Shield participants under its jurisdiction.\23\ The Commission is
committed to the success of the EU-U.S. Privacy Shield Framework, a
critical tool for protecting privacy and enabling cross-border data
flows. The FTC has actively enforced Privacy Shield--bringing four
cases in just the last two months--and will continue to do so when
Privacy Shield participants fail to meet their legal obligations.\24\
Chairman Simons recently participated, along with the Secretary of
Commerce, in the second annual review of the functioning of the Privacy
Shield framework with our European government counterparts. The
Commission also will continue to work with the Department of Commerce,
other agencies in the U.S. government, and with its partners in Europe
to ensure businesses and consumers can continue to benefit from Privacy
Shield.
---------------------------------------------------------------------------
\23\ See www.privacyshield.gov and www.ftc.gov/tips-advice/
business-center/privacy-and-security/privacy-shield. Companies can also
join a Swiss-U.S. Privacy Shield for transfers from Switzerland.
\24\ See Press Release, FTC, FTC Reaches Settlements with Four
Companies That Falsely Claimed Participation in the EU-U.S. Privacy
Shield (Sept. 27, 2018), https://www.ftc.gov/news-events/press-
releases/2018/09/ftc-reaches-settlements-four-companies-falsely-
claimed.
---------------------------------------------------------------------------
Finally, the Commission urges Congress to consider enacting privacy
legislation that would be enforced by the FTC. While the agency remains
committed to vigorously enforcing existing privacy-related statutes,
Congress may be able to craft Federal legislation that would more
seamlessly address consumers' legitimate concerns regarding the
collection, use, and sharing of their data and provide greater clarity
to businesses while retaining the flexibility required to foster
competition and innovation. The Commission and its staff are prepared
to share our expertise and assist with formulating appropriate
legislation, as we did with the Children's Online Privacy Protection
Act, CAN-SPAM, and the Gramm-Leach-Bliley Act. This process
understandably will involve difficult value judgments and tradeoffs
that are appropriately left to Congress. No matter the specific laws
Congress enacts in the privacy and/or data security arenas, the
Commission commits to using its extensive expertise and experience to
enforce them vigorously, consistent with its ongoing and bipartisan
emphasis on privacy and data security enforcement.
B. Truthfulness in National Advertising
Ensuring that advertising is truthful and not misleading has always
been one of the FTC's core missions because it allows consumers to make
well-informed decisions about how to best use their resources and
promotes the efficient functioning of market forces by promoting the
dissemination of accurate information. Below are a few recent examples
of the Commission's work in this area.
This past year, the agency has continued to bring cases challenging
false and unsubstantiated health claims, including those targeting
older consumers, consumers affected by the opioid crisis, and consumers
with serious medical conditions. The Commission has brought cases
challenging products that claim to improve memory and ward off
cognitive decline, relieve joint pain and arthritis symptoms, and even
reverse aging.\25\ We have challenged bogus claims that treatments
could cure, treat, or mitigate various serious diseases and ailments,
including those affecting children and older consumers.\26\ The
Commission also has sued companies that claimed, allegedly without
scientific evidence, that using their products could alleviate the
symptoms of opioid withdrawal and increase the likelihood of overcoming
opioid dependency.\27\ Finally, the Commission obtained an order
barring a marketer from making deceptive claims about its products'
ability to mitigate the side effects of cancer treatments.\28\
---------------------------------------------------------------------------
\25\ See, e.g., Telomerase Activation Sci., Inc. et al., No. C-4644
(Apr. 19, 2018), https://www.ftc.gov/enforcement/cases-proceedings/142-
3103/telomerase-activation-sciences-inc-noel-thomas-patton-matter; FTC
v. Health Research Labs., Inc., No. 2:17-cv-00467 (D. Maine Nov. 30,
2017), https://www.ftc.gov/enforcement/cases-proceedings/152-3021/
health-research-laboratories-llc.
\26\ FTC v. Regenerative Med. Grp., Inc., No. 8:18-cv-01838 (C.D.
Cal. filed Oct. 12, 2018), https://www.ftc.gov/enforcement/cases-
proceedings/172-3062/regenerative-medicalgroup-inc; A&O Enters., Inc.,
No. 1723016 (Sept. 20, 2018), https://www.ftc.gov/enforcement/cases-
proceedings/172-3016/ao-enterprises-doing-business-iv-bars-aaron-k-
roberts-matter.
\27\ FTC v. Catlin Enters., Inc., No. 1:17-cv-403 (W.D. Tex. May
17, 2017), https://www.ftc.gov/enforcement/cases-proceedings/1623204/
catlin-enterprises-inc. In addition, in conjunction with the FDA, the
FTC issued letters to companies that appeared to be making questionable
claims in order to sell addiction or withdrawal remedies. See Press
Release, FTC, FTC, FDA Warn Companies about Marketing and Selling
Opioid Cessation Products (Jan. 24, 2018), https://www.ftc.gov/news-
events/press-releases/2018/01/ftc-fda-warn-companies-about-marketing-
selling-opioid-cessation.
\28\ FTC v. CellMark Biopharm, No. 2:18-cv-00014-JES-CM (M.D. Fla.
Jan. 12, 2018), https://www.ftc.gov/enforcement/cases-proceedings/162-
3134/cellmark-biopharma-derek-e-vest.
---------------------------------------------------------------------------
When consumers with serious health concerns fall victim to
unsupported health claims, they may put their health at risk by
avoiding proven therapies and treatments. Through consumer education,
including the FTC's advisories, the agency urges consumers to check
with a medical professional before starting any treatment or product to
treat serious medical conditions.\29\
---------------------------------------------------------------------------
\29\ FTC Consumer Blog, Treatments and Cures, https://
www.consumer.ftc.gov/topics/treatments-cures.
---------------------------------------------------------------------------
The FTC also protects consumers from illegal practices in the
financial area. For example, last month, the Commission alleged that
online student loan refinancer Social Finance made deceptive claims
about the average savings members could achieve by refinancing--
sometimes doubling the average savings.\30\ The Commission also filed a
complaint against Lending Club, an online lender, alleging that its
marketing was deceptive because it claimed its loans had ``no hidden
fees,'' when in fact consumers later learned they were charged
hundreds, and even thousands, of dollars in origination fees.\31\
---------------------------------------------------------------------------
\30\ Press Release, FTC, Online Student Loan Refinance Company SoFi
Settles FTC Charges, Agrees to Stop Making False Claims About Loan
Refinancing Savings (Oct. 28, 2018), https://www.ftc.gov/news-events/
press-releases/2018/10/online-student-loan-refinance-company-sofi-
settles-ftc-charges.
\31\ FTC v. Lending Club Corp., No. 3:18-cv-02454 (N.D. Cal. Apr.
25, 2018), https://www.ftc.gov/enforcement/cases-proceedings/162-3088/
federal-trade-commission-v-lendingclub-corporation.
---------------------------------------------------------------------------
C. Protecting Consumers from Fraud
Fighting fraud is a major focus of the FTC's law enforcement
efforts. The Commission's anti-fraud program tracks down and stops some
of the most egregious scams that prey on U.S. consumers--often, the
most vulnerable consumers who can least afford to lose money. For
example, reports about imposter scams have been on the rise over the
past few years, and many of these scams target older Americans.\32\
Fraudsters falsely claiming to be government agents (including the IRS
and even the FTC), family members, or well-known tech companies contact
consumers and pressure them to send money, often via cash-like payment
methods such as gift cards or money transfers, or trick them into
providing personal information. Fraudsters also target small
businesses, sometimes cold-calling businesses to ``collect'' on
invoices they do not owe.
---------------------------------------------------------------------------
\32\ FTC Fiscal Year 2019 Congressional Budget Justification,
https://www.ftc.gov/reports/fy-2019-congressional-budget-justification.
---------------------------------------------------------------------------
In 2017, the FTC joined federal, state, and international law
enforcement partners in announcing ``Operation Tech Trap,'' a
nationwide and international crackdown on tech support scams that dupe
consumers into believing their computers are infected with viruses and
malware, and then charge them hundreds of dollars for unnecessary
repairs.\33\ The FTC brought actions to shut down these deceptive
operations and also developed consumer education materials to help
consumers avoid falling victim to tech support scams in the first
place.\34\ This past June, the FTC announced ``Operation Main Street,''
an initiative to stop small business scams. The FTC, jointly with the
offices of two U.S. Attorneys' Offices, the New York Division of the
U.S. Postal Inspection Service, eight state Attorneys General, and the
Better Business Bureau, announced 24 actions targeting fraud aimed at
small businesses and released new education materials to help small
businesses identify and avoid potential scams.\35\
---------------------------------------------------------------------------
\33\ Press Release, FTC, FTC and Federal, State and International
Partners Announce Major Crackdown on Tech Support Scams (May 12, 2017),
https://www.ftc.gov/news-events/press-releases/2017/05/ftc-federal-
state-international-partners-announce-major-crackdown. ``Operation Tech
Trap'' is just one example of a law enforcement ``sweep''--coordinated,
simultaneous law enforcement actions with partners--that the FTC uses
to leverage resources to maximize effects. Another example of a recent
sweep is ``Game of Loans,'' the first coordinated federal-state law
enforcement initiative targeting deceptive student loan debt relief
scams. Press Release, FTC, State Law Enforcement Partners Announce
Nationwide Crackdown on Student Loan Debt Relief Scams (Oct.13, 2017),
https://www.ftc.gov/news-events/press-releases/2017/10/ftc-state-law-
enforcement-partners-announce-nationwide-crackdown.
\34\ FTC Guidance, Tech Support Scams (July 2017), https://
www.consumer.ftc.gov/articles/0346-tech-support-scams#How.
\35\ Press Release, FTC, FTC, BBB, and Law Enforcement Partners
Announce Results of Operation Main Street: Stopping Small Business
Scams Law Enforcement and Education Initiative (June 18, 2018), https:/
/www.ftc.gov/news-events/press-releases/2018/06/ftc-bbb-law-
enforcement-partners-announce-results-operation-main.
---------------------------------------------------------------------------
In September, the Commission brought an action against Sunkey
Publishing, alleging that the lead generation operation falsely claimed
to be affiliated with the military and promised to use consumers'
information only for military recruitment purposes. Instead, the FTC
alleged that Sunkey used the information it collected to make millions
of illegal telemarketing calls and sold the information to post-
secondary schools.\36\ This action is part of the FTC's work in the
area of lead generation, which is the process of identifying and
cultivating individual consumers who are potentially interested in
purchasing a product or service.\37\
---------------------------------------------------------------------------
\36\ Press Release, FTC, FTC Takes Action against the Operators of
Copycat Military Websites (Sept. 6, 2018), https://www.ftc.gov/news-
events/press-releases/2018/09/ftc-takes-action-agai
nst-operators-copycat-military-websites.
\37\ See generally FTC Staff Perspective, ``Follow the Lead''
Workshop (Sept. 2016), https://www
.ftc.gov/system/files/documents/reports/staff-perspective-follow-lead/
staff_perspective_follow_
the_lead_workshop.pdf.
---------------------------------------------------------------------------
The FTC strives to stay ahead of scammers, who are always on the
lookout for new ways to market old schemes. For example, there has been
an increase in frauds involving cryptocurrencies--digital assets that
use cryptography to secure or verify transactions.\38\ The Commission
has worked to educate consumers about cryptocurrencies and hold
fraudsters accountable.\39\ In March, the FTC halted the operations of
Bitcoin Funding Team, which allegedly falsely promised that
participants could earn large returns by enrolling in moneymaking
schemes and paying with cryptocurrency.\40\ And in June, the FTC hosted
a workshop to explore how scammers are exploiting public interest in
cryptocurrencies like Bitcoin and Litecoin, and discussed ways to
empower and protect consumers against this growing threat.\41\
---------------------------------------------------------------------------
\38\ See, e.g., FTC, What to Know About Cryptocurrency (Oct. 2018),
https://www.consumer
.ftc.gov/articles/what-know-about-cryptocurrency.
\39\ See, e.g., FTC Consumer Blog, Know the risks before investing
in cryptocurrencies, https://www.ftc.gov/news-events/blogs/business-
blog/2018/02/know-risks-investing-cryptocurrencies; FTC Consumer Blog,
Protecting your devices from cryptojacking, https://
www.consumer.ftc.gov/blog/2018/06/protecting-your-devices-
cryptojacking.
\40\FTC v. Thomas Dluca, et al., (Bitcoin Funding Team), No. 0:18-
cv-60379-KMM (S.D.N.Y. Mar. 16, 2018), https://www.ftc.gov/enforcement/
cases-proceedings/172-3107/federal-trade-com
mission-v-thomas-dluca-et-al-bitcoin-funding.
\41\ FTC Workshop, Decrypting Cryptocurrency Scams (June 25, 2018),
https://www.ftc.gov/news-events/events-calendar/2018/06/decrypting-
cryptocurrency-scams.
---------------------------------------------------------------------------
In addition to targeting scammers, the FTC also brings actions
against companies that facilitate fraud, often by ignoring red flags
associated with fraudulent transactions. Money transfers are a
preferred method of payment for fraudsters because money sent through
money transfer systems can be retrieved quickly at locations all over
the world, and once retrieved, the money is all but impossible to
recover. Earlier this month, MoneyGram agreed to pay $125 million to
settle allegations that the company failed to take steps required under
a 2009 FTC order to crack down on fraudulent money transfers that cost
U.S. consumers millions of dollars, and also to resolve allegations
that the company violated a 2012 deferred prosecution agreement with
the U.S. Department of Justice (``DOJ'').\42\
---------------------------------------------------------------------------
\42\ Press Release, FTC, MoneyGram Agrees to Pay $125 Million to
Settle Allegations that the Company Violated the FTC's 2009 Order and
Breached a 2012 DOJ Deferred Prosecution Agreement (Nov. 8, 2018),
https://www.ftc.gov/news-events/press-releases/2018/11/moneygram-
agrees-pay-125-million-settle-allegations-company; see also FTC v. The
Western Union Co., No. 1:17-cv-00110 (M.D. Pa. Jan. 19, 2017), https://
www.ftc.gov/enforcement/cases-proceedings/122-3208/western-union-
company.
---------------------------------------------------------------------------
D. Illegal Robocalls
Illegal robocalls also remain a significant consumer protection
problem and consumers' top complaint to the FTC. They repeatedly
disturb consumers' privacy, and frequently use fraud and deception to
pitch goods and services, leading to significant economic harm. In FY
2018, the FTC 1received more than 3.7 million robocall complaints.\43\
The FTC has used many methods to fight these illegal calls, including
136 enforcement actions to date.\44\ Technological advances, however,
have allowed bad actors to place millions or even billions of calls,
often from abroad, at very low cost, and in ways that are difficult to
trace. This phenomenon continues to infuriate consumers and challenge
enforcers.
---------------------------------------------------------------------------
\43\ Total unwanted-call complaints for FY 2017, including both
robocall complaints and complaints about live calls from consumers
whose phone numbers are registered on the Do Not Call Registry,
exceeded 7 million. See Do Not Call Registry Data Book 2017: Complaint
Figures for FY 2017, https://www.ftc.gov/reports/national-do-not-call-
registry-data-book-fiscal-year-2017.
\44\ See FTC Robocall Initiatives, https://www.consumer.ftc.gov/
features/feature-0025-robocalls. Since establishing the Do Not Call
Registry in 2003, the Commission has fought vigorously to protect
consumers' privacy from unwanted calls. Indeed, since the Commission
began enforcing the Do Not Call provisions of the Telemarketing Sales
Rule (``TSR'') in 2004, the Commission has brought 136 enforcement
actions seeking civil penalties, restitution for victims of
telemarketing scams, and disgorgement of ill-gotten gains against 444
corporations and 358 individuals. As a result of the 125 cases resolved
thus far, the Commission has collected over $121 million in equitable
monetary relief and civil penalties. See Enforcement of the Do Not Call
Registry, https://www.ftc.gov/news-events/media-resources/do-not-call-
registry/enforcement. In August, the FTC and its law enforcement
partners achieved an historic win in a long-running fight against
unwanted calls when a Federal district court in Illinois issued an
order imposing a $280 million penalty against Dish Network--the largest
penalty ever issued in a Do Not Call case. U.S. et al., v. Dish
Network, L.L.C., No. 309-cv-03073-JES-CHE (C.D. Ill. Aug. 10, 2017),
https://www.ftc.gov/enforcement/cases-proceedings/052-3167/dish-
network-llc-united-states-america-federal-trade.
---------------------------------------------------------------------------
Part of the huge uptick in illegal calls, including robocalls, is
attributable to relatively recent technological developments that
facilitate telemarketing without requiring a significant capital
investment in specialized hardware and labor.\45\ Today, robocallers
benefit from automated dialing technology, inexpensive international
and long distance calling rates, and the ability to move
internationally and employ cheap labor. The result: law-breaking
telemarketers can place robocalls for a fraction of one cent per
minute. Moreover, technological changes have also affected the
marketplace by enabling telemarketers to conceal their identities and
``spoof'' caller IDs when they place calls.\46\
---------------------------------------------------------------------------
\45\ FTC Workshop, Robocalls: All the Rage (Oct. 18, 2012), https:/
/www.ftc.gov/news-events/events-calendar/2012/10/robocalls-all-rage-
ftc-summit. A transcript of the workshop is available at https://
www.ftc.gov/sites/default/files/documents/public_events/robocalls-all-
rage-ftc-summit/robocallsummittranscript.pdf.
\46\ Recently, the FTC filed a complaint against two related
operations and their principals who allegedly facilitated billions of
illegal robocalls to consumers nationwide. The complaint charged that
these operations provided the computer-based dialing platform and
``spoofed'' caller IDs for robocallers to pitch everything from auto
warranties to home security systems and supposed debt-relief services.
FTC v. James Christiano et al., No. 8:18-cv-00936 (C.D. Cal. June 5,
2018), https://www.ftc.gov/enforcement/cases-proceedings/162-3124/
james-christiano-et-al-netdotsolutions-inc.
---------------------------------------------------------------------------
Recognizing that law enforcement, while critical, is not enough to
solve the problem of illegal calls, the FTC has taken steps to spur the
marketplace to develop technological solutions. For instance, from 2013
to 2015, the FTC led four public challenges to incentivize innovators
to help tackle the unlawful robocalls that plague consumers.\47\ The
FTC's challenges contributed to a shift in the development and
availability of technological solutions in this area, particularly
call-blocking and call-filtering products. Consumers can access
information about potential solutions available to them on the FTC's
website.\48\
---------------------------------------------------------------------------
\47\ The first challenge, in 2013, called upon the public to
develop a consumer-facing solution to block illegal robocalls. One of
the winners, ``NomoRobo,'' was on the market within 6 months after
being selected by the FTC. NomoRobo, which reports blocking over 600
million calls to date, is being offered directly to consumers by a
number of telecommunications providers and is available as an app on
iPhones. See Press Release, FTC, FTC Announces Robocall Challenge
Winners (Apr. 2, 2013), https://www.ftc.gov/news-events/press-releases/
2013/04/ftc-announces-robocall-challenge-winners; see also Press
Release, FTC, FTC Awards $25,000 Top Cash Prize for Contest-Winning
Mobile App That Blocks Illegal Robocalls (Aug. 17, 2015), https://
www.ftc.gov/news-events/press-releases/2015/08/ftc-awards-25000-top-
cash-prize-contest-winning-mobile-app-blocks; Press Release, FTC, FTC
Announces Winners of ``Zapping Rachel'' Robocall Contest (Aug. 28,
2014), https://www.ftc.gov/news-events/press-releases/2014/08/ftc-
announces-winners-zapping-rachel-robocall-contest.
\48\ See https://www.consumer.ftc.gov/features/how-stop-unwanted-
calls.
---------------------------------------------------------------------------
In addition, the FTC regularly works with its state, federal, and
international partners to combat illegal robocalls. For example, this
spring the FTC and the Federal Communications Commission (``FCC'') co-
hosted a Joint Policy Forum on illegal robocalls to discuss the
regulatory and enforcement challenges posed by this activity, as well
as a public expo featuring new technologies, devices, and applications
to minimize or eliminate the number of illegal robocalls that consumers
receive.\49\ As described in more detail in the International
Cooperation section, the Commission also participated in several
international initiatives focusing on robocalls and other calling
abuses.\50\
---------------------------------------------------------------------------
\49\ Press Release, FTC, FTC and FCC to Host Joint Policy Forum on
Illegal Robocalls (Mar. 22, 2018), www.ftc.gov/news-events/press-
releases/2018/03/ftc-fcc-host-joint-policy-forum-illegal-robocalls;
Press Release, FTC, FTC and FCC Seek Exhibitors for an Expo Featuring
Technologies to Block Illegal Robocalls (Mar. 7, 2018), www.ftc.gov/
news-events/press-releases/2018/03/ftc-fcc-seek-exhibitors-expo-
featuring-technologies-block-illegal.
\50\ See, e.g., Memorandum of Understanding Among Public
Authorities of the Unsolicited Communications Enforcement Network
Pertaining to Unlawful Telecommunications and SPAM (May 2016), https://
www.ftc.gov/policy/cooperation-agreements/international-unlawful-
telecommunications-spam-enforcement-cooperation; Press Release, FTC,
FTC Signs Memorandum of Understanding With Canadian Agency To
Strengthen Cooperation on Do Not Call, Spam Enforcement (Mar. 24,
2016), https://www.ftc.gov/news-events/press-releases/2016/03/ftc-
signs-memoran
dum-understanding-canadian-agency-strengthen
---------------------------------------------------------------------------
Also, for many years, the Commission has testified in favor of
eliminating the common carrier exemption. The exemption is outdated and
no longer makes sense in today's marketplace where the lines between
telecommunications and other services are increasingly blurred. It
impedes the FTC's work tackling illegal robocalls and more broadly
circumscribes other enforcement initiatives. For example, a carrier
that places, or assists and facilitates, illegal telemarketing may be
beyond the Commission's reach because of the common carrier exemption.
Likewise, the exemption may frustrate the Commission's ability to
obtain complete relief for consumers when there are multiple parties,
some of whom are common carriers. It also may pose difficulties when a
company engages in deceptive or unfair practices involving a mix of
common carrier and non-common carrier activities. Finally, litigation
has been complicated by entities that attempt to use their purported
status as common carriers to shield themselves from FTC
enforcement.\51\
---------------------------------------------------------------------------
\51\ See, e.g., Answer and Affirmative Defenses of Defendant
Pacific Telecom Communications Group at 9, 17-20, Dkt. 19, FTC et al.,
v. Carribbean Cruise Line et al., No. 0:15-cv-60423 (S.D. Fla. June 2,
2015), https://www.ftc.gov/enforcement/cases-proceedings/122-3196-
x150028/caribbean-cruise-line-inc.
---------------------------------------------------------------------------
E. Consumer and Business Education and Outreach
Public outreach and education is another critical element of the
FTC's efforts to fulfill its consumer protection mission. The
Commission's education and outreach programs reach tens of millions of
people each year through the FTC's website, the media, and partner
organizations that disseminate consumer information on the agency's
behalf. The FTC delivers actionable, practical, plain-language guidance
on dozens of issues, and updates its consumer education materials
whenever it has new information to share. The FTC disseminates these
tips through articles, blog posts, social media, infographics, videos,
audio, and campaigns. For example, in response to the enactment of the
Economic Growth, Regulatory Relief, and Consumer Protection Act,\52\
which allows consumers to freeze their credit and place one-year fraud
alerts for free, the Commission updated its IdentityTheft.gov website
to help consumers take advantage of the new protections.\53\
---------------------------------------------------------------------------
\52\ Pub. L. No: 115-174.
\53\ See, Press Release, FTC, Starting Today, New Federal Law
Allows Consumers to Place Free Credit Freezes and Yearlong Fraud Alerts
(Sept. 21, 2018), https://www.ftc.gov/news-events/press-releases/2018/
09/starting-today-new-law-allows-consumers-place-free-credit-freezes.
---------------------------------------------------------------------------
Among the key audiences served by the FTC are older adults, as
described in a recent report to Congress that details how older adults
experience scams.\54\ For example, according to the FTC's 2017 data,
people 60 and over are much more likely to report fraud than people in
their 20s, but far less likely to say they lost money.\55\ However,
when people 80 and over report losing money to a scam, they lose much
more than do their younger counterparts.\56\ As a response to older
adults' experience with scams, the FTC created its Pass It On
campaign,\57\ which gives older adults the information they need to
start a conversation about scams with family and friends.
---------------------------------------------------------------------------
\54\ FTC Report, Protecting Older Consumers: 2017-2018 (Oct. 2018),
https://www.ftc.gov/reports/protecting-older-consumers-2017-2018-
report-congress-federal-trade-commission.
\55\ Id. at 5.
\56\ Id. at 6.
\57\ See www.ftc.gov/PassItOn and www.ftc.gov/Pasalo. The campaign
has distributed more than 9.5 million print publications since its
creation, including 2.2 million in Fiscal Year 2018.
---------------------------------------------------------------------------
The Commission also works to provide companies with resources on a
variety of issues that affect businesses. Just last month, we released
our ``Cybersecurity for Small Business'' campaign, based on concerns we
heard from small businesses. The campaign discusses a dozen need-to-
know topics, such as ``Cybersecurity Basics,'' ``Tech Support Scams,''
and ``Hiring a Web Host.'' \58\
---------------------------------------------------------------------------
\58\ See Cybersecurity Resources for Your Small Business (Oct. 18,
2018), https://www.ftc.gov/news-events/blogs/business-blog/2018/10/
cybersecurity-resources-your-small-business.
---------------------------------------------------------------------------
III. Competition Mission
In addition to the work of BCP described above, the FTC enforces
U.S. antitrust law in many sectors that directly affect consumers and
their wallets, such as health care, consumer products and services,
technology, manufacturing, and energy. The Commission shares Federal
antitrust enforcement responsibilities with the Antitrust Division of
the Department of Justice.
One of the agencies' principal responsibilities is to prevent
mergers that may substantially lessen competition. Under U.S. law,
parties to certain mergers and acquisitions must file premerger
notification and observe the statutorily prescribed waiting period
before consummating their transactions. Premerger filings under the
Hart-Scott-Rodino (``HSR'') Act have increased steadily since FY 2013.
In FY 2017, the antitrust agencies received over 2,000 HSR filings for
the first time since 2007, bringing filings in the past Fiscal Year to
the average over the past 20 years.\59\ The vast majority of reported
transactions do not raise competitive concerns and the agencies clear
those non-problematic transactions expeditiously. But when the evidence
gives the Commission reason to believe that a proposed merger likely
would be anticompetitive, it does not hesitate to intervene. Since the
beginning of FY 2017, the Commission has challenged 45 mergers after
the evidence showed that they would likely harm consumers. Although
many of these cases were resolved through divestiture settlements, in
FY 2018 alone, the Commission voted to initiate litigation to block
five mergers, each of which has required a significant commitment of
resources. Three of the challenges ended successfully when the parties
abandoned the transactions before the district court could issue a
decision,\60\ while the other two are still being litigated.\61\ In two
of these matters, a federal district court granted the Commission's
motion for a preliminary injunction pending an administrative trial,
and issued a decision resolving important issues of merger law.\62\
---------------------------------------------------------------------------
\59\ In FY 2017, the agencies received notice of 2,052
transactions, compared with 1,326 in FY 2013 and 2,201 in FY 2007. For
historical information about HSR filings and U.S. merger enforcement,
see the joint FTC/DOJ Hart-Scott-Rodino annual reports, https://
www.ftc.gov/policy/reports/policy-reports/annual-competition-reports.
\60\ FTC v. DraftKings, Inc., No. 17-cv-01195 (D.D.C. June 19,
2017), https://www.ftc.gov/enforcement/cases-proceedings/161-0174/
draftkings-fanduel-ftc-state-california-district-columbia-v; Press
Release, FTC, FTC Challenges Proposed Acquisition of Conagra's Wesson
Cooking Oil Brand by Crisco owner, J.M. Smucker Co., (Mar. 5, 2018),
https://www.ftc.gov/news-events/press-releases/2018/03/ftc-challenges-
proposed-acquisition-conagras-wesson-cooking-oil; In re CDK Global &
Auto/Mate, Dkt. 9382 (Mar. 20, 2018), https://www.ftc.gov/enforcement/
cases-proceedings/171-0156/cdk-global-automate-matter.
\61\ Tronox Ltd., Dkt. 9377 (Dec. 5, 2017), https://www.ftc.gov/
enforcement/cases-proceedings/171-0085/tronoxcristal-usa; Otto Bock
HealthCare North America, Inc., Dkt. 9378 (Dec. 20, 2017), https://
www.ftc.gov/enforcement/cases-proceedings/171-0231/otto-bock-
healthcarefree
dom-innovations.
\62\ FTC v. Wilhelmsen, No. 1:18-cv-00414 (D.D.C. Feb. 23, 2018),
https://www.ftc.gov/enforcement/cases-proceedings/171-0161/wilhelm-
wilhelmsen-et-al-ftc-v; FTC v. Tronox, Ltd., No. 1:18-cv-01622 (D.D.C.
Jul. 10, 2018), https://www.ftc.gov/enforcement/cases-proceedings/171-
0085/tronox-limited-et-al-ftc-v.
---------------------------------------------------------------------------
One increasing challenge for the Commission in litigating
competition cases is the continuing need to hire testifying economic
experts. Qualified experts are a critically important component in all
of the FTC's competition cases heading toward litigation. While the
agency thus far has managed to find sufficient resources to fund the
experts needed to support its cases, the FTC is reaching the point
where it cannot meet these needs without compromising its ability to
fulfill other aspects of the agency's mission. The Commission
appreciates Congress's attention to its resource needs, including the
need to hire outside experts.
The Commission also maintains a robust program to identify and stop
anticompetitive conduct, and it currently has a number of cases in
active litigation.\63\ For over twenty years and on a bipartisan basis,
the Commission has prioritized ending anticompetitive reverse-payment
patent settlements in which a brand-name drug firm pays its potential
generic rival to delay entering the market with a lower cost generic
product. Following the U.S. Supreme Court's 2013 decision in FTC v.
Actavis, Inc.,\64\ the Commission is in a much stronger position to
protect consumers. Since that ruling, the FTC obtained a landmark $1.2
billion settlement in its litigation involving the sleep disorder drug,
Provigil,\65\ and other manufacturers have agreed to abandon the
practice.\66\ In addition, the Commission has challenged other
anticompetitive conduct by drug manufacturers, including the abuse of
government process through sham litigation or repetitive regulatory
filings intended to slow the approval of competitive drugs.\67\ For
example, a Federal court recently ruled that AbbVie Inc. used sham
litigation illegally to maintain its monopoly over the testosterone
replacement drug Androgel, and ordered $493.7 million in monetary
relief to consumers who were overcharged for Androgel as a result of
AbbVie's conduct.\68\ The Commission also obtained a stipulated
injunction in which Mallinckrodt ARD Inc. agreed to pay $100 million
and divest assets to settle charges that it had illegally acquired the
rights to develop a drug that threatened its monopoly in the U.S.
market for a specialty drug used to treat a rare seizure disorder
afflicting infants.\69\
---------------------------------------------------------------------------
\63\ In addition to the cases involving pharmaceutical firms
discussed infra, pending litigation alleging anticompetitive conduct
includes FTC v. Qualcomm, Inc., No. 17-cv-00220 (N.D. Cal. Jan. 17,
2017), https://www.ftc.gov/enforcement/cases-proceedings/141-0199/
qualcomm-inc; In re 1-800 Contacts, Inc., Dkt. 9372 (Aug. 8, 2016),
https://www.ftc.gov/enforcement/cases-proceedings/141-0200/1-800-
contacts-inc-matter; In re Louisiana Real Estate Appraisers Board, Dkt.
9374 (May 31, 2017), https://www.ftc.gov/enforcement/cases-proceedings/
161-0068/louisiana-real-estate-appraisers-board; In re Benco Dental
Supply et al., Dkt. 9379 (Feb. 12, 2018), https://www.ftc.gov/
enforcement/cases-proceedings/151-0190/bencoscheinpatterson-matter.
\64\ FTC v. Actavis, Inc., 570 U.S. 756 (2013).
\65\ Press Release, FTC, FTC Settlement of Cephalon Pay for Delay
Case Ensures $1.2 Billion in Ill-Gotten Gains Relinquished; Refunds
Will Go To Purchasers Affected by Anticompetitive Tactics (May 28,
2015), https://www.ftc.gov/news-events/press-releases/2015/05/ftc-
settlement-cephalon-pay-delay-case-ensures-12-billion-ill.
\66\ Joint Motion for Entry of Stipulated Order for Permanent
Injunction, FTC v. Allergan plc, No. 17-cv-00312 (N.D. Cal. Jan. 23,
2017), https://www.ftc.gov/enforcement/cases-proceedings/141-0004/
allergan-plc-watson-laboratories-inc-et-al; Stipulated Order for
Permanent Injunction, FTC v. Teikoku Pharma USA, Inc., No. 16-cv-01440
(E.D. Pa. Mar. 30, 2016), https://www.ftc.gov/enforcement/cases-
proceedings/141-0004/endo-pharmaceuticals-impax-labs.
\67\ FTC v. AbbVie Inc., No. 14-cv-5151 (E.D. Pa. Sept. 8, 2014),
https://www.ftc.gov/enforcement/cases-proceedings/121-0028/abbvie-inc-
et-al.
\68\ Statement of FTC Chairman Joe Simons Regarding Federal Court
Ruling in FTC v. AbbVie (June 29, 2018), https://www.ftc.gov/news-
events/press-releases/2018/06/statement-ftc-chairman-joe-simons-
regarding-federal-court-ruling.
\69\ Stipulated Order for Permanent Injunction and Equitable
Monetary Relief, FTC v. Mallinckrodt ARD Inc., No. 1:17-cv-00120
(D.D.C. Jan. 30, 2017), https://www.ftc.gov/system/files/documents/
cases/stipulated_order_for_permanent_injunction_mallinckrodt.pdf.
---------------------------------------------------------------------------
The Commission also follows closely developments in the high-
technology sector. From smart appliances and smart cars to mobile
devices and artificial intelligence, the widespread adoption of new
technologies is not only changing the way we live, but also the way
firms operate. Although many of these changes may offer consumer
benefits, they also raise complex competition issues. Given the
important role that technology companies play in the American economy,
it is critical that the Commission--in furthering its mission to
protect consumers and promote competition--not only understand the
current and developing business models, but also ensure that companies
in this sector abide by the same rules of competitive markets that
apply to any company.\70\
---------------------------------------------------------------------------
\70\ See, e.g., 1-800 Contacts, Inc., No. 9372 (Nov. 14, 2017),
https://www.ftc.gov/enforcement/cases-proceedings/141-0200/1-800-
contacts-inc-matter (Commissioner Phillips dissented in this matter);
DraftKings, Inc./FanDuel Ltd., No. 9375 (July 14, 2017), https://
www.ftc.gov/enforcement/cases-proceedings/161-0174/draft-kings-inc-
fanduel-limited.
---------------------------------------------------------------------------
In addition to competition enforcement, the FTC promotes
competition principles in advocacy comments to state lawmakers and
regulators, as well as to its sister Federal agencies,\71\ and in
amicus briefs filed in Federal courts considering important areas of
antitrust law.\72\ Last year, the Commission concluded a comprehensive
review of its merger remedies to evaluate the effectiveness of the
Commission's orders issued between 2006 and 2012, and made public its
findings.\73\ The Commission continues to conduct merger
retrospectives, examining prior merger enforcement decisions to assess
their impact on competition and consumers, and plans to broaden this
effort going forward. Similarly, through the series of hearings
described above, the Commission is devoting significant resources to
refresh and, if warranted, renew its thinking on a wide range of
cutting-edge competition issues.\74\
---------------------------------------------------------------------------
\71\ See generally https://www.ftc.gov/policy/advocacy.
\72\ Amicus briefs are posted at https://www.ftc.gov/policy/
advocacy/amicus-briefs.
\73\ FTC Staff Report, The FTC's Merger Remedies 2006-2012: A
Report of the Bureaus of Competition and Economics (2017), https://
www.ftc.gov/system/files/documents/reports/ftcs-merger-remedies-2006-
2012-report-bureaus-competition-economics/
p143100_ftc_merger_remedies_2006
-2012.pdf.
\74\ See Prepared Remarks of Chairman Simons Announcing the
Competition and Consumer Protection Hearings (June 20, 2018), https://
www.ftc.gov/system/files/documents/public_
statements/1385308/
prepared_remarks_of_joe_simons_announcing_the_hearings_6-20-18_0.pdf.
---------------------------------------------------------------------------
IV. International Cooperation
In addition to its domestic programs, the FTC engages in
significant international work, much of which relies on the expiring
SAFE WEB Act, which the Commission urges Congress to reauthorize. On
the competition side, with the expansion of global trade and the
operation of many companies across national borders, the FTC and DOJ
increasingly engage with foreign antitrust agencies to ensure close
collaboration on cross-border cases and convergence toward sound
competition policies and procedures.\75\ The FTC effectively
coordinates reviews of multijurisdictional mergers and continues to
work with its international counterparts to achieve consistent outcomes
in cases of possible anticompetitive conduct. The U.S. antitrust
agencies facilitate dialogue and promote convergence through multiple
channels, including through strong bilateral relations with foreign
competition agencies and multilateral competition organization projects
and initiatives. When appropriate, the FTC also works with other
agencies within the U.S. government to advance consistent competition
enforcement policies, practices, and procedures in other parts of the
world.\76\
---------------------------------------------------------------------------
\75\ In competition matters, the FTC also seeks to collaborate with
the state Attorneys General to maximize results and use of limited
resources in the enforcement of the U.S. antitrust laws.
\76\ For example, the Commission works through the U.S.
government's interagency processes to ensure that competition-related
issues that also implicate broader U.S. policy interests, such as the
protection of intellectual property and non-discrimination, are
addressed in a coordinated and effective manner.
---------------------------------------------------------------------------
On the consumer protection side, enforcement cooperation is the top
priority of the FTC's international consumer protection program. In a
global, digital economy, the number of FTC investigations and cases
with cross-border components--including foreign-based targets and
defendants, witnesses, documentary evidence, and assets--continues to
grow. During the last Fiscal Year, the FTC cooperated in 43
investigations, cases, and enforcement projects with foreign consumer,
privacy, and criminal enforcement agencies. To sustain this level of
productive cooperation, the agency often works through global
enforcement networks, such as the International Consumer Protection and
Enforcement Network, the Global Privacy Enforcement Network, the
Unsolicited Communications Enforcement Network, and the International
Mass Marketing Fraud Working Group. Just last month, for example, the
FTC organized an Unsolicited Communications Enforcement Network
conference with 11 foreign enforcement agencies (plus the FCC) to
develop international approaches on robocalls, tech support scams, and
other online abuses.
The FTC's key tool for cross-border enforcement is the U.S. SAFE
WEB Act.\77\ Passed in 2006 and renewed in 2012, this Act strengthens
the FTC's ability to work on cases with an international dimension. It
has allowed the FTC to share evidence and provide investigative
assistance to foreign authorities in cases involving spam, spyware,
misleading health and safety claims, privacy violations and data
security breaches, and telemarketing fraud. In many of these cases, the
foreign agencies investigated conduct that directly harmed U.S.
consumers, while in others, the FTC's action led to reciprocal
assistance.
---------------------------------------------------------------------------
\77\ Undertaking Spam, Spyware, and Fraud Enforcement With
Enforcers Beyond Borders Act (U.S. SAFE WEB Act), Pub. L. No. 109-455,
120 Stat. 3372, extended by Pub. L. No. 112-203, 126 Stat. 1484
(amending 15 U.S.C. Sec. Sec. 41 et seq.).
---------------------------------------------------------------------------
The U.S. SAFE WEB Act has been a remarkable success. The FTC has
responded to 130 SAFE WEB information sharing requests from more than
30 foreign enforcement agencies. The FTC has issued more than 115 civil
investigative demands in more than 50 investigations on behalf of
foreign agencies, both civil and criminal. The Commission has also used
this authority to file suit in Federal court to obtain judicial
assistance for one of its closest law enforcement partners, the
Canadian Competition Bureau.\78\ The FTC's foreign law enforcement
partners similarly have assisted FTC enforcement actions. In cases
relying on the U.S. SAFE WEB Act, the FTC has collected millions of
dollars in restitution for injured consumers, both foreign and
domestic. For example, the FTC worked with DOJ, the Royal Canadian
Mounted Police, and other Canadian agencies to obtain a Montreal court
order returning nearly $2 million to the U.S. victims of a mortgage
assistance and debt relief scam.\79\ In the privacy arena, the FTC used
key provisions of the U.S. SAFE WEB Act to collaborate successfully
with the Office of the Privacy Commissioner of Canada in the FTC's
first case involving Internet-connected toys. Specifically, in 2018,
the FTC brought an enforcement action against V-Tech, a Hong Kong-based
electronics toy manufacturer, alleging COPPA violations.\80\ The Act
sunsets in 2020: the Commission requests that Congress reauthorize this
important authority and eliminate the sunset provision.
---------------------------------------------------------------------------
\78\ Press Release, Competition Bureau Canada, Bureau case against
Rogers, Bell, Telus and the CWTA advances thanks to collaboration with
U.S. Federal Trade Commission (Aug. 29, 2014), http://
www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/03805.html.
\79\ Press Release, FTC, FTC Returns $1.87 Million to Consumers
Harmed by Debt Relief Scam (May 9, 2016), https://www.ftc.gov/news-
events/press-releases/2016/05/ftc-returns-187-million-consumers-harmed-
debt-relief-scam.
\80\ U.S. v. VTech Elec. Ltd. et al., No. 1:18-cv-00114 (N.D. Ill.
Jan. 8, 2018), https://www.ftc.gov/enforcement/cases-proceedings/162-
3032/vtech-electronics-limited.
---------------------------------------------------------------------------
The Act also underpins the FTC's ability to participate in cross-
border cooperation arrangements, including the EU-U.S. Privacy Shield
Framework, which facilitates billions of transatlantic data flows.\81\
Critically, the Act also expressly confirms the FTC's authority both to
challenge practices occurring in other countries that harm U.S.
consumers, a common scenario in cases involving fraud, and to challenge
U.S. business practices harming foreign consumers, such as Privacy
Shield violations.
---------------------------------------------------------------------------
\81\ See generally https://www.ftc.gov/tips-advice/business-center/
privacy-and-security/privacy-shield. The FTC's SAFE WEB powers enable
stronger cooperation with European data protection authorities on
investigations and enforcement against possible Privacy Shield
violations, a point cited in the European Commission's Privacy Shield
adequacy decision. See Commission Implementing Decision No. 2016/1250
(on the adequacy of the protection provided by the EU-U.S. Privacy
Shield), 2016 O.J. L207/1 at � 51, https://eur-lex.europa.eu/legal-
content/EN/TXT/HTML/?uri=OJ:L:2016:207:FULL&from=EN.
---------------------------------------------------------------------------
A key focus of the FTC's international privacy efforts is support
for global interoperability of data privacy regimes. The FTC works with
the U.S. Department of Commerce on three key cross-border data transfer
programs for the commercial sector: the EU-U.S. Privacy Shield, the
Swiss-U.S. Privacy Shield, and the Asia-Pacific Economic Cooperation
(``APEC'') Cross-Border Privacy Rules (CPBR) System. As already
explained, the Privacy Shield programs provide legal mechanisms for
companies to transfer personal data from the EU and Switzerland to the
United States with strong privacy protections. The APEC CBPR system is
a voluntary, enforceable code of conduct protecting personal
information transferred among the United States and other APEC
economies. The FTC enforces companies' privacy declarations and
commitments in these programs, bringing cases as violations of Section
5 of the FTC Act.\82\ The FTC also works closely with agencies
developing and implementing new privacy and data security laws around
the world, including Asia, Africa, and Latin America. And the FTC
convenes discussions on important and emerging privacy issues. For
example, just two weeks ago, senior officials from the agency-conducted
meetings with government officials and other stakeholders in India,
together with partners from the U.K. and Japan, on India's proposed
data security and privacy legislation.
---------------------------------------------------------------------------
\82\ See, e.g., ReadyTech Corp., No. C-4659 (Oct. 25, 2018),
https://www.ftc.gov/enforcement/cases-proceedings/182-3100/readytech-
corporation-matter; Md7, LLC, No. C-4629 (Nov. 29, 2017), https://
www.ftc.gov/enforcement/cases-proceedings/172-3172/md7-llc; Tru
Commc'n, Inc., No. C-4628 (Nov. 29, 2017), https://www.ftc.gov/
enforcement/cases-proceedings/172-3171/tru-communication-inc; Decusoft,
LLC, No. C-4630 (Nov. 29, 2017), https://www.ftc.gov/enforcement/cases-
proceedings/172-3173/decusoft-llc; Sentinel Labs, Inc., No. C-4608
(Apr. 14, 2017), https://www.ftc.gov/enforcement/cases-proceedings/162-
3250/sentinel-labs-inc; Vir2us, Inc., No. C-4609 (Apr. 14, 2017),
https://www.ftc.gov/enforcement/cases-proceedings/162-3248/vir2us-inc;
SpyChatter, Inc., No. C-4614 (Apr. 14, 2017), https://www.ftc.gov/
enforcement/cases-proceedings/162-3251/spychatter-inc.
---------------------------------------------------------------------------
VII. Conclusion
The FTC remains committed to marshalling its resources efficiently
in order to effectively protect consumers and promote competition, to
anticipate and respond to changes in the marketplace, and to meet
current and future challenges. We look forward to continuing to work
with the Subcommittee and Congress, and we would be happy to answer
your questions.
Senator Moran. It's my understanding that my understanding
was incorrect: that you all hoped to make an opening statement.
We do not have your written testimony as required by our rules,
but I think it would be a mistake for us not to hear from you
if you're prepared to do so.
So we do not have in front of us their written statement,
but all the Commissioners would like to make a statement, and I
now recognize Mr. Chopra.
STATEMENT OF HON. ROHIT CHOPRA, COMMISSIONER, FEDERAL TRADE
COMMISSION
Mr. Chopra. Chairman Moran, Ranking Member Blumenthal and
members of the Subcommittee, thank you for holding this
hearing.
The FTC has a clear mission: to make sure markets are fair
and competitive, not corrupted by conflicts of interest,
distortions, and lies. The primary way we seek to accomplish
this is through our law enforcement program.
Today I want to talk about some of the most important
questions that the FTC must routinely answer when enforcing the
law. Given all the misconduct in the market, which companies
are the best targets, and, after investigation, when should we
push for a settlement and when should we go to trial?
In my view, no matter how big or powerful they might be, we
must hold companies accountable for widespread failures and we
must always be willing to take them to court. Forty-five years
ago, Congress gave the FTC the authority to sue companies and
individuals in Federal court using Section 13(b) of the FTC
Act. The FTC can go to court to seek restitution for victims,
take back ill-gotten gains, permanently halt harmful practices,
and seek other changes to business practices.
And like almost every other Federal enforcement agency with
the power to take companies to court, the FTC resolves most of
its actions through settlements. And without question,
settlements are important. No agency can litigate everything,
but no agency should ever appear to strong-arm small defendants
into financial ruin while letting large companies off the hook
with a slap on the wrist.
Now, in the aftermath of the financial crisis, we saw how
large firms saw settlements as nothing more than the cost of
doing business. After all, corporate boards on Wall Street
almost never agreed to a settlement that threatened their
profit model. And while big penalties made for good headlines,
I question whether they truly deterred lawbreaking. Too many
individual executives evaded accountability and even got
rewarded with a bonus for their skillful dealings with the
government. Unsurprisingly, even after big settlements, we saw
how agencies continued to fight fire after fire with companies
like Wells Fargo where abuse was widespread.
In trials, we get to find out the whole story told from
both sides by the actual individuals who called the shots and
we see due process in action. And when the government prevails,
the law can provide for recoupment of certain taxpayer costs.
Now, the FTC has shown it is willing to go to trial. Too
often, pharmaceutical companies go to great lengths to protect
monopolies created by their patents. Take the example of
AbbVie, the pharmaceutical giant famous for continuing to
raises prices and creating billions of dollars in healthcare
costs with the blockbuster drug Humira.
In 2014, the FTC sued AbbVie for filing sham patent
infringement lawsuits that stopped generic drug makers from
challenging another top-selling product, AndroGel. A few months
ago, a court ruled that AbbVie did indeed use sham lawsuits to
illegally maintain its monopoly. The court ordered the company
to pay 448 million dollars for its wrongdoing that harmed
patients, the public, and its competitors. After the ruling, we
saw pharmacies who were allegedly harmed by these practices
filing their own actions, and certain aspects of this matter
remain on appeal.
In another matter, after years of litigation and a trial, a
court-ordered DISH Network to pay $280 million for its Do Not
Call violations, and in a few weeks the FTC will begin its
trial against semiconductor giant Qualcomm for its alleged
anti-competitive tactics in the chip market.
Filing a lawsuit and taking a powerful corporation to trial
is tough. In my past agency experience, I have seen how going
up against a company with legions of lawyers and lobbyists and
PR professionals can be daunting for an agency with finite
resources. But Congress cannot expect any agency, including the
FTC, to meet its mission unless it is unambiguous to the market
that we have the resources and the resolve to go to court no
matter how big or connected a company may be.
It will be critical for Congress to continue to support our
13(b) authority and to ensure that every law enforcement agency
exercises its prosecutorial discretion in ways that create real
accountability for those that break the law.
Thank you, and I look forward to your questions.
Senator Moran. Thank you, Commissioner.
Commissioner Phillips.
STATEMENT OF HON. NOAH JOSHUA PHILLIPS, COMMISSIONER, FEDERAL
TRADE COMMISSION
Mr. Phillips. Thank you. Chairman Moran, Ranking Member
Blumenthal, distinguished members of the Subcommittee, thank
you for the opportunity to appear before you today. Thanks
especially to Senator Nelson for his thoughtful and kind
remarks earlier.
I'm honored to be back here, especially with my fellow
commissioners, to highlight the important work that the FTC and
its talented staff do every day on behalf of American
consumers. In my brief remarks, I'd like to address two
international issues as well as the legislative process that
you all have undertaken on consumer privacy.
While offering incredible opportunities for American
consumers, the digital economy poses new challenges for law
enforcement particularly relating to cross-border activities.
In 2006, Congress recognized this and passed the U.S. SAFE WEB
Act allowing the FTC to share evidence with and assist foreign
authorities in matters involving issues such as privacy
violations and data breach. U.S. SAFE WEB also confirms our
authority to challenge foreign frauds that harm U.S. consumers
or involve material conduct in the United States. Using SAFE
WEB, we have worked with foreign authorities to stop illegal
conduct and secure millions for consumers and sometimes even
obtain criminal convictions with the help of our partners.
SAFE WEB is a vital tool but it sunsets next year.
Congress should reauthorize it and should eliminate the
sunset provision.
Next, the FTC works with the Department of Commerce to
enable transatlantic data flows and support American business
leadership through three cross-border data transfer programs
including the E.U./U.S. Privacy Shield. We as an agency look
for Privacy Shield violations in four ways.
First, referrals from the Department of Commerce; second,
priority referrals from the European Union; third, we look for
violations in every privacy investigation that we conduct as an
agency; and finally, we conduct proactive monitoring for
Privacy Shield participants. We are committed to the success of
these cross-border data transfer mechanisms. We have brought
nearly 50 actions over the course of their lives, and
enforcement will remain a priority for all of us.
Finally, on the ongoing debate we are all having as a
nation on consumer privacy, I want to stress three points.
First, privacy can be a nebulous concept. And as you consider
legislation, it is critical to be clear and frank about the
wrongs you seek to right. Advocates for new regulation invoke a
variety of alleged market failures to justify new rules: from
data insecurity to imperfect information about data sharing to
creepiness and surveillance. According to the NTIA, while
online privacy concerns appear generally to be declining,
Americans' level of concern about privacy issues varies based
on the subject, with people substantially more concerned about
issues like identity theft and consumer fraud than, for
example, the collection of data by firms or the loss of control
of data.
Reasonable minds can differ on the privacy risks. But
everyone should agree that the best policy is developed when
aimed at clearly defined harms and with consensus built about
how to address them. High-profile incidents and large firms
dominate headlines, but legal restrictions have an impact that
is broader and more fundamental.
Second, any new rules will come with tradeoffs: to
consumers, innovation, and competition. As I've said elsewhere,
regulations can chill innovation and competition, including by
entrenching incumbents. We need to keep small businesses and
startups in mind.
To be clear, that is not to say that we should not
reevaluate our privacy regime given emerging issues and
technologies, but neither can we ignore half a century of our
nation's experience balancing privacy and other interests
including tremendous levels of innovation. On innovation,
America has been leading. I am concerned that early indications
about the European GDPR indicate reduced investment in
technology and greater concentration in ad tech.
The tradeoffs are not easy and there are no simple answers.
So my third point is that, given the important value judgments
that must be made, Congress is the place to make them. Broad
delegations to an expert agency are a poor substitute for the
lawmaking process that our founders created. I was honored to
work here in the Senate for seven years, so I have great faith
in the capacity of Congress to listen to the public, to build
consensus, and to reach the right answer.
Of course the FTC with our talented staff and half a
century of experience enforcing privacy law stand ready to
assist you in fashioning legislation and we will enforce any
new privacy authority that Congress deems fit to assign us.
Thank you for your time, and I look forward to answering
any questions that you may have.
Senator Moran. Thank you, Commissioner.
Commissioner Slaughter.
STATEMENT OF HON. REBECCA KELLY SLAUGHTER, COMMISSIONER,
FEDERAL TRADE COMMISSION
Ms. Slaughter. Thank you. Can you hear me?
Chairman Moran, Ranking Member Blumenthal and members of
the Subcommittee, thank you so much for inviting us here today.
I have spent my first six months at the FTC immersed in
getting to know the talented staff of the agency and
understanding the opportunities and challenges they see on the
ground as the Commission fulfills its dual missions of
protecting consumers and promoting competition.
As Senator Blumenthal noted, in today's increasingly data-
driven and concentrated economy, consumers demand and deserve
vigorous enforcement from the FTC. That is precisely what
Chairman Simons has pledged, and I join him in his commitment.
We should and we will enforce the law against wrongdoers to the
fullest extent that our authority and our resources allow and
we should continue to engage in critical self-examination to
identify ways we can do more within those parameters. However,
I want to use my time today to highlight how additional
resources and authority would enable the Commission to better
protect consumers and promote competition.
Let me first address resources. I'll begin with an example.
In 2012, the FTC sued a payday lender known as AMG that buried
consumers with illegal fees. The FTC aggressively litigated
this matter and ultimately secured a hard-fought $1.3 billion
court order against the defendants in 2016. Two months ago, in
late September, the FTC returned over $500 million to AMG-
related victims.
The outcome in AMG is instructive in two ways. First, it
demonstrates that the FTC provides meaningful results for
consumers that far exceed our resources. On that one day in
September, we returned to consumers more than our entire
appropriated budget for Fiscal Year 2018, which is about $300
million. In fact, during all of Fiscal Year 2018, Commission
actions resulted in over $1.6 billion being returned to
consumers, more than five times our annual budget. Put another
way, the FTC provides an extremely good return on investment
for the American taxpayer.
The AMG resolution also demonstrates a second plain but
paramount point. Good outcomes for consumers take time and
money, especially where the target of the investigation is a
large, well-financed corporation. Very simply, no substitute
for careful, thorough investigation and, where appropriate,
aggressive litigation.
I agree with Commissioner Chopra's comments about the value
of litigation and I want to be clear about what it means from a
resource perspective. Litigation requires teams of dedicated
and talented staff and complementary resources. Case such as
AMG and the AbbVie case that Commissioner Chopra mentioned
demonstrate the talent and the dedication are here, but imagine
how much more we could be doing with additional resources.
The challenges consumers face in the marketplace today are
growing in number and complexity. To address them, the FTC must
initiate more investigations and litigate more cases. Those
cases have become more complex both legally and technologically
and they involve defendants with deep pockets and armies of
attorneys. Our resources have not kept pace with these
developments.
As one key metric, consider that we had about 50 percent
more full-time-equivalent employees in the beginning of the
Reagan administration than we do today. It is critical that the
FTC has sufficient resources to support its work, particularly
as demands for enforcement in so many complex areas continue to
grow.
In addition to sufficient resources, sufficient authority
is critical for the FTC to meet the demands of the 21st century
marketplace. Expanding our authority to seek monetary penalties
for violations of the law, providing the FTC with better
rulemaking authority, and eliminating jurisdictional exemptions
would each go a long way to help the FTC better meet today's
challenges as well as tomorrow's.
I want to highlight in particular that the limitations on
our authority are particularly constraining when it comes to
protecting consumer data. No matter how big the breach or how
egregious the conduct, the FTC has no authority to seek
financial penalties for most types of abuse or misuse of
consumer data. We also lack the authority to engage in notice-
and-comment rulemaking in the areas of consumer privacy and
data security, and the common carrier and nonprofit exemptions
put some of the largest hosts of consumer data beyond our
reach.
I strongly support Chairman Simons's call for Congress to
consider enacting Federal privacy legislation that would
address these limitations. I believe we need a law that
requires companies to take consumer privacy seriously, gives
the FTC the authority to impose significant penalties for
failing to do so, and invests the necessary resources for the
FTC to carry out Congress's directive effectively.
I look forward to continuing this important dialogue with
you and to taking your questions.
Senator Moran. Thank you.
Now Commissioner Wilson.
STATEMENT OF HON. CHRISTINE S. WILSON, COMMISSIONER, FEDERAL
TRADE COMMISSION
Ms. Wilson. Thank you, Chairman Moran, Ranking Member
Blumenthal, and distinguished members of the Subcommittee for
the opportunity to appear before you and testify today. It is
an honor to be here for the first time since I joined the
Commission two months ago.
I would like to highlight today one of the areas I
identified as a priority during the confirmation process: the
healthcare industry. As you know, this industry impacts every
American and takes a bite out of each paycheck. Given its
importance, it should come as no surprise that the FTC is quite
active in this segment of the economy. I would like to briefly
discuss two issues associated with healthcare, one related to
consumer protection and the other to competition.
On the consumer protection side, the marketing of unproven
or ineffective treatments for serious health conditions is
unfortunately all too common and rightly remains a top priority
for FTC enforcement. One important area is marketing that
targets opioid addiction. The CDC estimates that a staggering
115 Americans die every day--every day--from an opioid
overdose. People seeking life-saving help for opioid addiction
or withdrawal must get the right kind of help as soon as they
are ready to receive it. Products that promise miracle cures or
fast results can cost precious time and money and can
contribute to relapse or even death.
The Commission has sued two companies that marketed bogus
withdrawal and addiction treatment products. The FTC also is
conducting a number of non-public investigations in this area.
Thanks to the leadership of members of this Committee including
Senators Cortez Masto and Capito, the FTC can now bring civil
penalty authority to bear when companies market sham opioid
treatments and services.
Earlier this year, the FTC partnered with the FDA to send
warning letters to marketers selling products that claimed to
help with opioid addiction. The FTC also collaborated with the
Substance Abuse and Mental Health Services Administration to
release a fact sheet on getting the right help with opioid
dependence or withdrawal. Armed with our expanded resources,
the FTC will continue to support local, state, and Federal
agencies combating the opioid epidemic.
On the competition side, the FTC has long recognized and
challenged false and unsubstantiated health claims, but REMS
abuses, in contrast, are a relatively recent problem. The FTC
continues to investigate allegations that branded
pharmaceutical companies misuse Risk Evaluation and Mitigation
Strategies, known as REMS, to impede competition.
In theory, a REMS program is designed to protect patient
safety by managing the known or potential risks associated with
the use or distribution of certain medications. Often times
that is also the practice. But sometimes branded manufacturers
misuse REMS to thwart entry by would-be generic competitors.
This conduct upsets the careful balance between competition and
innovation that Congress established in both the Hatch-Waxman
Act and the Biologics Price Competition and Innovation Act.
REMS abuses can take various forms. But regardless of the
precise method employed, concerns arise when branded
manufacturers subvert laws and regulations that are designed to
protect the health and safety of consumers and instead use
those frameworks to insulate themselves from competition. By
excluding competitors from the market, branded drug companies
can price products higher than they otherwise would, preventing
drug prices from falling. Recognizing that REMS abuse is a
competition problem, the FTC has used its existing powers to
investigate potential antitrust violations and is actively
looking for a good case to bring. The Commission has also
engaged in advocacy, including filing amicus briefs in private
litigation.
We are grateful that members of the subcommittee share our
concerns and have proposed legislation that would more directly
address this problem. FTC staff have provided technical
assistance on various bills and we will continue to support
these important legislative efforts.
I am happy to answer any questions you may have.
Senator Moran. Thank you very much.
I'm going to defer to the Ranking Member who has another
hearing to attend. I'll turn to him for questions, then it'll
be my turn and then we'll----
Senator Blumenthal. Great.
Senator Moran.--work our way across.
[Applause.]
Senator Blumenthal. Before he leaves, I want to join in
thanking Senator Nelson for his leadership over such a
distinguished and extraordinary period of time. Thank you,
Senator.
I also want to thank each of you for your testimony today,
and I want to begin with coming back to big tech.
This morning, a member of the U.K. parliament disclosed
that an entity with Russian I.P. addresses was pulling over 3
billion data points a day about Facebook users, using
fraudulent means. This allegation is new and chilling.
Mr. Chairman, were you aware of it?
Mr. Simons. Not until it was reported.
Senator Blumenthal. Facebook never disclosed it to you and
they never disclosed it to us; correct?
Mr. Simons. That's my understanding.
Senator Blumenthal. I am assuming that the FTC continues to
have an ongoing investigation; correct?
Mr. Simons. Yes, absolutely.
Senator Blumenthal. It has been eight months since the FTC
first indicated that investigation. Since then, the United
Kingdom's Information Commissioner's Office issued penalties to
Facebook regarding the matter of privacy violation, and on
Sunday, a U.K. parliamentary committee also seized a trove of
documents from the company Six Four Three regarding Facebook's
privacy practices.
The urgency of this investigation could not be clearer. Can
you tell us when you will be done and when you will have
results of this investigation?
Mr. Simons. Thank you, Senator.
It's inappropriate for me to comment on a specific non-
public investigation, but let me say the following: Any time
you see a press report of a significant privacy issue, a
potential privacy violation of our authority, it is safe to
assume that we either are investigating it already or shortly
after that media release we will investigate it.
The other thing to keep in mind is that when companies have
problems that become public that are serial in nature--as you
described, new problems--you can also assume that we will be
looking at those too. I am standing here----
Senator Blumenthal. With all due respect, Mr. Chairman--and
I do have great respect for you--you're saying it's safe to
assume. It is not safe to assume anything.
Mr. Simons. It's safe to assume what my staff is doing,
what our staff is doing.
Senator Blumenthal. But we need to know, and that was my
question, when you will have some results; because these
continuing violations clearly show that we have something more
than a single bad-actor problem and it is not only Facebook. I
want to be fair to Facebook. It is not only Facebook.
And one of the most dramatic and important questions that
was asked--and I asked it during the hearings with Mark
Zuckerberg--was how many more Cambridge Analyticas are there
out there? We still have no idea. So I think you have an
obligation to tell us when you think this investigation will be
done.
Mr. Simons. We're going to do this--our goal is to do this
as fast as possible and get to the right result as soon as
possible, but I cannot comment on the details of any specific
non-public investigation. I'm sorry, Senator.
Senator Blumenthal. How many full-time employees are
assigned to investigate Facebook's privacy and data protection
practices?
Mr. Simons. Again, I can't comment on a non-public
investigation.
Senator Blumenthal. Are you satisfied there are sufficient
resources devoted to this investigation?
Mr. Simons. That is my goal with respect to every
investigation that the FTC is conducting, and especially the
most important ones.
Senator Blumenthal. Facebook knew about Cambridge Analytica
at least since December 2015. Did Facebook disclose this matter
to the FTC prior to March 2018?
Mr. Simons. Again, Senator, I'm sorry, but it's
inappropriate for me to comment on the specific details of a
non-public investigation.
Senator Blumenthal. Well, without being unduly critical of
your predecessors, are you satisfied that the Facebook consent
decree was adequately enforced?
Mr. Simons. What I would say is this: We do engage in self-
critical examination. It's a very important part of our history
and we take that very seriously. And so one of the things we
are looking at is how to modify our orders to make sure that
things that shouldn't have happened before don't happen again.
Senator Blumenthal. Are you monitoring the Cambridge
Analytica bankruptcy?
Mr. Simons. Again, I don't want to comment on a specific
non-public investigation.
Senator Blumenthal. Do you have any investigation
concerning the issues relating to Google that I mentioned
earlier?
Mr. Simons. Again, I can't comment on any non-public
investigations that may or may not be going on.
Senator Blumenthal. Well, I think that, again, with all due
respect, the American people really deserve to know more about
these ongoing investigations, either generally as to timeframe,
amounts of resources, and, indeed whether you have wrongdoing
and abuses under investigation. I'm not talking only about
Facebook but about other companies as well.
Mr. Simons. Our goal is to vigorously enforce, and we are
working hard at that and I think we are going to . . . One
thing I hope to do, Senator, is I hope to turn your opinion
around in terms of the performance of the FTC. That is one of
my main goals with respect to you and others in the Congress.
Senator Blumenthal. Well, I appreciate that and I have
great respect for, again, the commissioners and the very
dedicated professionals that you have working for you at the
FTC and I share my colleagues' view that, to some extent, it
may be a matter of resources but we need to know what is needed
for, as you put it, turning around performance.
Mr. Chairman, I have many more questions and I'm going to
defer to my colleagues now and stay roughly within the five-
minute rule. Thank you.
Senator Moran. You were late, you talked long, and our
agreement is that you're not coming back.
Senator Blumenthal. I will be back; I shall return. But I
thank you for those kind words, Mr. Chairman.
Senator Moran. Senator Blumenthal has focused on Facebook
and current investigations. I just would add to what he said:
that this Subcommittee and me personally, will do everything we
can to provide you the resources, both legal and financial, and
we will continue to monitor.
We obviously want more information than you're capable of
giving us, Mr. Chairman, at this point in time, but we're going
to pay a lot of attention to this issue. And by that, I think
we are conveying its importance to us and to you.
Let me start with a resource question. Senator Udall and I
used to serve together on FSGG that funds the FTC. He abandoned
me, so I think I'm the only appropriator in the room. I would
say to you that I have a strong interest in ensuring that your
agency has the resources it needs to effectively and
efficiently protect consumers from unfair and deceptive
practices. In part, our efforts will be determined by what the
administration and you request in your budget submission.
I would start with, because I think your workload is
growing and I think it is going to continue to grow, I think
it's conceivable that Congress will give you greater
authorities, but let's start with just what you have current
authority to do at the FTC.
Let me see if I can get you to tell me in short order, in
few words, does the FTC have the necessary resources to enforce
its current consumer data privacy and security authorities as
provided by Section 5 of the FTC Act and other relevant
statutes?
Mr. Simons. Senator, I think we do, but let me also say
that if we had additional resources, I guarantee they could be
put to very good use.
Senator Moran. I think anyone could say that, Mr. Chairman.
I think I--well, in my own household.
Mr. Simons. Fair.
Senator Moran. So what is it that you would do if you had
more resources?
Let me make certain I stick with current. What would you do
under your current authorization, what you're legally obligated
to do? What more would you do if you had additional resources?
Mr. Simons. So I think we would--we have an enormous
litigation level going on inside the Commission, and if that
remains the same, our staff is literally almost killing
themselves, they're working so hard on these litigations. If
that remains at an historic high level or increases, we would
need more resources for that.
In addition, we probably could use some resources with
respect to the Bureau of Economics and also technology
resources.
Senator Moran. It's my understanding that a significant
amount of work at the FTC is provided by consultants and by
outside counsel. Is that the best method by which you can
perform your responsibilities?
Mr. Simons. So not so much outside counsel, but
consultants, experts; so economists, technology people. And
what we want to do is we want to have a good mix because we
want to have the technology available to us that we need, and
so that may vary from case to case. And so sometimes you'll
have new types of cases that you haven't had before and you
bring in a consultant specifically for that case because that
may come and go; it may not be sustained. So I think you want a
mix. You want a core of people who are inside the agency and
supplement that with outside consultants.
Senator Moran. I've tried to focus and I want to make sure
that any commissioner who has a comment to make about this
topic has that opportunity. But I tried to get you to tell me
about current responsibilities----
Mr. Simons. Yes.
Senator Moran.--and current needs for resources based upon
those current responsibilities.
I also would ask you that as we develop--and I indicated in
my opening statement and Senator Blumenthal confirmed in his
that we're working to author legislation related to privacy. I
also need from you not only yours--as Commissioner Phillips
indicated a willingness to provide us and a number of you
indicated the things that you would suggest in that
legislation, but I also need to understand what the additional
resources that would be necessary that would come with
additional responsibilities or greater authorities of the FTC.
So I want to make sure that as we develop legislation,
we're not operating in a vacuum in which we would have the
likelihood of saying, well, this is what the law should be, but
knowing that the law would be somewhat irrelevant if the
resources aren't there to enforce the new authority. So I need
to know what additional resources it would take as we develop
this legislation?
Let me see if any of the commissioners have anything they'd
like to respond to my questions or comments or perhaps
different than the Chairman.
Mr. Chopra. Well, Senator, I'll just add that with respect
to data privacy and security, more and more sectors of our
economy, whether it's the automotive industry, the agriculture
industry, retail, there is more and more data collection, and
our largest firms in the economy are relying heavily on how to
monetize that data. So this is not just about consumer-facing
businesses; it is a bigger and bigger part of the U.S. GDP. And
if that is going to grow, then the FTC's resources have to grow
commensurately. When cities grow and get much bigger, they hire
more cops, and we have to do the same for us.
Senator Moran. Anyone need or want to add--want or need to
add something to this? Ms. Slaughter?
Ms. Slaughter. Yes, I'll just--I'll echo what Commissioner
Chopra said and say I agree with everything Chairman Simon said
he would do with more resources.
I would depart only that I think we do need them. I don't
think that we have enough resources right now to do the job
that consumers and Congress expects of us. I think we want to
do that job. And those additional technologists, those
additional employees getting us anywhere back to near the
staffing levels we had in the Reagan administration I think
would be very valuable to carry out our mission.
Senator Moran. Let me say just from my perspective, I've
never met an agency or a department or a Commission that didn't
believe they needed more resources. I hear it on an ongoing
basis.
But I think this is different. I am sympathetic to that
plea because the volume--as Commissioner Chopra says, the city
is growing. And there has to be a greater focus on how we spend
the money, but that is insufficient in this case, I think, to
have the necessary resources to meet the demand.
Senator?
Mr. Phillips. Yes.
Senator Moran. Senator, Phillips or--didn't mean to----
Mr. Phillips. I expect my colleagues will agree with me. As
my colleagues have said, it bears repeating, we work very
nimbly and we work very efficiently, so you should trust in the
fact that we are giving great credence to the resources we are
given and we are employing them efficiently.
Senator Moran. All right. Thank you.
Senator Klobuchar.
STATEMENT OF HON. AMY KLOBUCHAR,
U.S. SENATOR FROM MINNESOTA
Senator Klobuchar. Thank you very much, Mr. Chairman.
Thanks for having this popular hearing.
So when you were talking about the town growing, the other
thing that has really grown, as the commissioners know, is
mergers, and we've had a 50 percent increase in the number of
mergers in just the last 5 years.
And I thank you, Mr. Chairman, for your testimony in front
of the Antitrust subcommittee that Chairman Lee and I have
chaired for a long period of time. And as you know, I have a
bill to add more resources to that piece of your work by
charging some extra fees on some of the mega mergers, the very
large mergers. And could you just explain to my Commerce
Committee friends here your feelings on doing something like
that?
Mr. Simons. Yes. So this is one of the things I mentioned
before. We have like an historic level of litigation going on
at the agency right now, and particularly on the competition
side. So when I showed up on May 1 at the agency, there were
four merger cases being litigated at once. I don't remember
that ever happening.
Senator Klobuchar. Just to the legislation because I have
so many other questions.
Mr. Simons. So--and one of the things we want to do and
which also is I think in your legislation, which is to do
merger retrospectives. So one of the things we need to do for
that is more economists. And so that will help us get a better
sense of, you know, whether our merger enforcement has been too
lax, whether we have to tighten it up and how much.
Senator Klobuchar. And just for my colleagues' sake,
Senator Lee and Senator Moran is interested in this bill, some
version of this only because it's not more taxpayer money; it
is the humongous billion-, trillion-dollar mergers that these
guys are trying to analyze. And so that's why we are looking at
it as a way to get them the resources to do it as well as the
Justice Department with Mr. Delrahim.
Second, my colleague Senator Blumenthal asked a lot about
Facebook. As you know, I've been very involved with that with
the Honest Ads Act, with the privacy legislation that I have
with Senator Kennedy.
Could you tell me, Mr. Chairman, will the FTC make a
statement at the conclusion of this investigation to inform the
public of the circumstances surrounding this breach and whether
Facebook's action or lack thereof violated the terms of its
consent order?
Mr. Simons. I would think so.
Senator Klobuchar. OK. Thank you.
Commissioner Slaughter, you were talking, I know you do a
lot on privacy. Can you talk about why it's important to have
disclosures on online ads and disclaimers? Of course this is
something that is under some of the FCC's jurisdiction, but in
general why do you think that's important?
Ms. Slaughter. Thank you, Senator, for the question.
Disclosures help consumers understand what is happening
with their data, with the information that they're seeing. The
FTC has the opportunity to police against deceptive disclosures
in various circumstances, but if there is no disclosure, we
could not call the disclosure deceptive specifically in most
circumstances.
Senator Klobuchar. Right.
Ms. Slaughter. So I think I under--I am familiar with your
bill. I think it's a really important contribution to the
debate around making sure consumers understand what they're
seeing and from whom they're seeing it.
Senator Klobuchar. And as you know, some of the companies
including Twitter and Facebook have done this voluntarily, but
we're going to have a patchwork. We have a lot of other
platforms that aren't doing it at all and a complete crazy
situation where TV, radio, and newspaper is required and these
guys aren't.
Commissioner Chopra, why is it important for the FTC to
have enforcement over privacy violations? And could you talk
about--we have in our bill, Senator Kennedy and I, notification
of consumers of a privacy violation within 70 hours. Do you
support something like that?
Mr. Chopra. Yes, I think we need some clear rules of the
road at the Federal level of when people's data is essentially
stolen from them.
And look, you can pass all the privacy laws you want, but
if there's no enforcement and no penalties for violating them,
no one's going to follow them.
Senator Klobuchar. Right.
OK. And then Commissioner Slaughter, back to you.
The CREATES Act. This is something that Senator Grassley
and Leahy and Lee and I have introduced on the Senate side.
This is of course about prescription drugs and trying to get
more competition going. Do you believe the legislation could
help put a stop to some of the anti-competitive practices?
As you know, Senator Grassley and I have our pay-for-delay
bill that I know we will pass if we could just get a vote, and
I know the FTC, all of you have been involved in this issue. Do
you want to comment further on that?
Ms. Slaughter. Sure. These are very important issues for
consumers. Commissioner Wilson in her opening talked about REMS
abuse and the problems of REMS abuse, and we're actively
looking for opportunities to enforce, but I know the
legislation that's out there would make it a lot harder for the
bad practices to happen, to begin with, and a lot easier for us
to enforce against them.
Ms. Slaughter. Very good.
Well, I will ask--Commissioner Phillips and Wilson, I will
be asking you something in writing because my time is now
ended.
Look at those crossed arms. It is time for me to end my
questions.
So thank you very much for your time and your really good
work and your commitment to making the FTC as bipartisan as it
has been for so long and working together even though you
probably don't agree on every single thing. Thank you.
Senator Moran. Pleased to recognize Chairman Thune.
STATEMENT OF HON. JOHN THUNE,
U.S. SENATOR FROM SOUTH DAKOTA
The Chairman. Well, good afternoon, and I want to thank
Chairman Moran and Ranking Member Blumenthal for holding this
hearing and for their continued work on FTC oversight and also
want to thank all the commissioners for being here today to
provide the Committee with an update of some of the FTC's
activities.
Earlier this fall, the FTC began a series of innovation
hearings aimed at ensuring the Commission can meet the
challenges posed by modern economic and consumer trends, and
I'm looking forward to hearing more about how these sessions
will inform the Commission's competition consumer protection
work. I'm also here to discuss possible comprehensive data
privacy legislation with the commissioners as well.
Currently the Committee and several key members are
exploring privacy legislation, I'm sure as you know, and it
would be helpful to know from the commissioners if you all
support this effort, if you think the FTC's an appropriate
enforcement agency, and what kind of penalties and statutory
tools are going to be needed to ensure compliance.
Let me start with you, Mr. Simons, Mr. Chairman. In the
past, the Commission has used its authority under Section 6(b)
of the FTC Act to study particular industries or practices. For
example, in 2014, the Commission completed a 6(b) study of the
data broker industry and issued a report of its findings along
with some recommendations.
Would the Commission consider using its 6(b) authority to
study consumer information data flows; specifically, sending
requests to Google, Facebook, Amazon and others in the tech
industry to learn what information they collect from consumers
and how that information is used, shared and sold?
Mr. Simons. 6(b) is a really powerful tool and that's the
type of thing that might very well make sense for us to use it
for.
The Chairman. Well, it seems to me, at least, based upon
what we know and what we observe happening around us today and
there would be a lot of interest among consumers in this
country in having that sort of information available.
Mr. Simons. And that may be guided also by what comes out
of our hearings.
The Chairman. Right.
Mr. Chopra. And Senator, the 6(b) studies can actually
inform not just our consumer protection enforcement, but, in
the case you mention, also our antitrust enforcement where data
and data flows is of intense interest to us.
The Chairman. Yes. And I want to shift to that for just a
minute because, as I'd mentioned earlier, this Committee has
been exploring comprehensive consumer privacy legislations and
we've held two hearings this fall earlier, one with industry
and one with public-interest groups, to discuss the issue of
consumer privacy.
And this would be for any of you to respond to, but do you
support efforts by Congress to develop comprehensive privacy
legislation?
Mr. Simons. Absolutely.
Mr. Phillips. Yes, I support those efforts.
Mr. Chopra. Yes.
Ms. Slaughter. Yes.
Ms. Wilson. Yes.
The Chairman. Good answer.
So now for the harder question, and that is, in your view,
are there key features that should be included in any privacy
legislation?
Mr. Simons. So one of the things that we've asked for on
the data security side is civil penalty authority in order to
create effective deterrents, and my sense is that the same
dynamic is going to apply on the privacy side as well, so I
think that will be very important, that there is civil penalty
authority.
The Chairman. Yes. Is that a view that is shared by members
of the Commission?
Mr. Phillips. Senator, I have a slightly different view on
that.
The Chairman. OK.
Mr. Phillips. And it's not a totally settled one. As I said
in my opening remarks, one of the things about privacy is that
it is a nebulous concept and different people see different
risks as greater. Those are very reasonable debates. A lot of
people have strong feelings about this.
It is critical that Congress decide what the harms are and
then target tools to address those harms. I don't think that
the liability standard, what harms we are addressing, can be
separated from the civil penalties. You have to think about the
two together: what you're enforcing and how. Because what you
don't want to do, penalties can chill conduct. You want to make
sure that the conduct that you're chilling is bad conduct, not
conduct that potentially benefits consumers.
Ms. Wilson. If I could also address this. First of all, I
do encourage Congress to pursue privacy legislation. Businesses
need clarity and certainty regarding the rules of the road.
Markets work best when consumers have complete information and
can make informed choices. And studies show that right now
consumers do not understand what is being done with their data.
And current legislation does provide protections but it's been
outstripped by technological developments.
For example, HIPAA protects medical information stored in
the doctors' files but not the medical information collected by
your Fitbit. And so I think I perhaps have a slightly different
perspective than Commissioner Phillips.
I do believe the FTC should be the one to enforce any new
legislation that is prepared, and I think in terms of elements
of new legislation, I think it should grant jurisdiction to the
FTC over nonprofits and common carriers. I think it should
provide for civil monetary penalties. I think it should grant
targeted APA rulemaking authority and I think it should be
undertaken in conjunction with a national data breach
notification and data security law.
The Chairman. Good. So does everybody on the Commission
share the view that the FTC is the appropriate enforcement
agency for comprehensive privacy legislation?
Mr. Simons. Yes.
Mr. Phillips. Yes.
Ms. Slaughter. Yes.
The Chairman. And you answered this question, too, but to
the other members of the Commission: Should Congress repeal the
common-carrier exemption to the FTC Act?
Ms. Wilson. Yes.
Mr. Phillips. Yes.
Mr. Chopra. Yes.
Mr. Simons. You bet.
The Chairman. Mr. Chairman, my time is expired, so thank
you and I will yield back.
Senator Moran. I will treat you better than I treated
Senator Blumenthal.
Senator Markey.
STATEMENT OF HON. EDWARD MARKEY,
U.S. SENATOR FROM MASSACHUSETTS
Senator Markey. Thank you, Mr. Chairman.
We're celebrating the 20th anniversary of the Child Online
Privacy Protection Act which I authored back 20 years ago. Now
we're seeing where the holes might exist in the modern era.
Google's You Tube is a particularly troubling example. Last
year an enormous 80 percent of 6- through 12-year-olds used You
Tube on a daily basis yet Google claims that even its third-
most You Tube channel, Toy Reviews for Kids, is not targeted to
children, meaning COPPA does not apply.
Chairman Simon, in your opinion, is Toy Reviews for Kids
targeted to children?
Mr. Simons. Thank you, Senator. I don't want to comment on
any specific investigation that may or may not be going on, but
that clearly would be of concern to us, Senator.
Senator Markey. I hope it would be a concern because
they're collecting data from kids about what their preferences
would be, which can be used to market back to them.
I also sent the Commission a letter after a recent study
found that thousands of apps were accessing children's
sensitive information such as location without obtaining the
required consent. The study also found that Google's app store
is including games that aren't COPPA compliant in its kids'
section.
Chairman Simons, in light of this evidence, will you commit
to investigating allegations that app developers track kids'
each and every movement and whether app stores such as Google
take adequate steps to ensure apps labeled as kid-friendly are
in fact kid-friendly and do not track children?
Mr. Simons. We got your letter and we share your concerns.
The Commission has a long history of protecting children from
deception and unfair advertising practices online and this will
continue to be a priority for us.
Senator Markey. Just for the record, new research found
that over half of reviewed apps were violating COPPA and many
games were collecting kids' geolocation data without consent. I
urge you to follow up and to proceed accordingly.
Earlier this month I sent the Federal Trade Commission a
letter encouraging the Commission to investigate manipulative
marketing in children's apps. A new study found that children's
games frequently disguise advertisements, coerce children into
making in-app purchases and, characterize themselves as
educational when they are in fact saturated with advertising.
Chairman Simons, do you believe this business practice
constitutes unfair and deceptive practices under Section 5 of
the Federal Trade Commission Act?
Mr. Simons. Yes. Without reaching a conclusion on any
specific issues or specific matters, nonpublic investigations
or whatever, certainly that would--that's a concern for us.
Senator Markey. And just a little more info here, in one
game the main character starts crying if the child playing does
not spend money on the app. In another game, Harvey
continuously urges players to put on clothing that can only be
unlocked through an extra purchase. So these are, from my
perspective, unfair and deceptive practices taking advantage of
kids, and we just have to do something about it. So thank you
for that.
And finally just let me say that we do need new protections
for young people. Any comprehensive privacy legislation that
Congress considers next year must include special safeguards
for children and teens. Must update the Child Online Privacy
Protection Act of 1998. First and foremost, we need to extend
special protections to 13, 14, and 15-year-olds who right now
are not covered. We only went to under 13 in 1998.
And so toward that goal, I will be reintroducing the Do Not
Track Kids Act of 2019. So in addition to extending privacy
protection to teens, the bill bans targeted advertisements to
children, creates an eraser button for parents and children by
requiring companies to permit users to eliminate personal
information posted by the child and prohibits the sale of
connected devices targeted toward children and minors unless
they meet the strongest possible cybersecurity standards.
Commissioner Chopra, what do you think? Do we need to add
protections into these areas?
Mr. Chopra. Well, I hope that as part of the whole
comprehensive privacy bill debate you look at updating that.
There are places where we will have some ideas of where it
needs to be updated and catch up.
And let me just say that this is part of the reason why it
was good Congress gave us rulemaking. Rulemaking allows us,
with the parameters you set, to update the law based upon
what's happening in the marketplace rather than it just staying
static.
Senator Markey. Yes. If we reach a consensus on nothing
else, it should be on the children of our country not just
being a product that all these companies trying to create for
their own financial benefit.
Thank you, Mr. Chairman.
Senator Moran. Thank you, Senator Markey.
Senator Udall.
STATEMENT OF HON. TOM UDALL,
U.S. SENATOR FROM NEW MEXICO
Senator Udall. Thank you very much, Mr. Chairman.
And let me just say I'm still on the Appropriations
Committee and I'm not going to abandon you if you want the FTC
to have additional resources and I'm happy to co-lead a letter
with you or whatever to push for the additional resources. I
think it's appalling that they're below the Reagan
administration level in terms of employees and I think we all
know that they have made a very persuasive case on that here
today.
While the FTC should be conducting a significant amount of
work to protect consumers, I'm very concerned about what the
appointment of Matthew Whitaker as Acting Attorney General says
about the future of consumer protection, not only in the World
Patent Marketing case but other consumer protection enforcement
actions.
Before he was hired as Chief of Staff to Attorney General
Jeff Sessions, Matthew Whitaker served as a paid Advisory
Committee Board Member to World Patent Marketing. World Patent
Marketing is under criminal investigation by the FBI for
allegedly scamming millions of dollars from consumers. It paid
a $25 million fine to settle the FTC investigation and to shut
down the company.
Mr. Whitaker is known to have sent at least one threatening
e-mail to a dissatisfied customer to defend his company, and
most shockingly, media stories say he was issued a subpoena for
documents but failed to comply with the subpoena. Reportedly,
he was too busy moving to go to Washington, D.C. to go to work
for the Justice Department.
The FTC is tasked with a critical mission, consumer
protection, and we must do all we can to protect your ability
to continue to do so.
Chairman Simons, my colleagues and I sent you a letter this
morning regarding Mr. Whitaker's involvement with the World
Parent Marketing case. It is worrisome if a person so closely
involved in World Patent Marketing could fail to respond to a
lawful subpoena and that he is now appointed to be the Nation's
chief law enforcement officer, which many believe is
unconstitutional and illegal.
I will now ask you a series of yes-or-no questions.
Did the FTC seek a subpoena from Mr. Whitaker in the World
Patent Marketing case?
Mr. Simons. Senator, so this case was done before any of us
showed up at the Commission and I don't have the details of
what went on in the case. It was quite extensive. But I would
be more than happy for the staff to come talk to you and brief
you. They have all the details.
Senator Udall. OK. We'd be happy to do that and we would
really like to have solid answers on these.
Mr. Simons. Absolutely.
Senator Udall. If you don't have a copy of the letter, I
hope you have it, but----
Mr. Simons. I haven't seen it yet but I'll make sure I get
it and----
Senator Udall. The House is also very interested in this.
House Democratic members wrote you about this case seeking
information to be shared. Are you complying with that request?
Mr. Simons. We certainly are.
Senator Udall. OK. And you'll give us everything you're
giving them?
Mr. Simons. We certainly will.
Senator Udall. OK. And you've agreed to brief us on the
details.
Additionally, if the Department of Justice attempts to
interfere with the enforcement of the stipulated order against
World Patent Marketing, will you notify both the majority and
minority staff of this committee?
Mr. Simons. The only reservation I have is if my general
counsel tells me for some reason I can't do it, but absent
that, yes.
Senator Udall. But thinking about it here, I mean if that
happened----
Mr. Simons. Oh, it would----
Senator Udall.--interfering with you, you must be concerned
about that.
Mr. Simons. Oh, I would be extremely concerned.
Senator Udall. Yes, yes. And so I'm not even sure you'd
listen to your general counsel, would you?
That's OK.
Mr. Simons. Yes. Any kind of----
Senator Udall. You don't need to answer that one.
Mr. Simons. Any kind of political intervention----
Senator Udall. Yes.
Mr. Simons.--would be something I would be very, very
allergic to.
Senator Udall. OK. Good.
Mr. Chopra. Senator, I just want to say I have no concern
about any of my colleagues, including the Chairman, engaging in
any special treatment or being stooges to anybody, and you
should have no concern that we are going to exercise our
authority independently.
Senator Udall. Good. Thank you.
Ms. Slaughter. I also wanted to add that I think it's
important. I think I can speak for all of my colleagues here
when I say that, from our perspective, compliance with FTC
subpoenas and investigation demands are not optional and we
will pursue people who receive them to the fullest extent of
the law to ensure compliance.
Senator Udall. Thank you, Commissioner Slaughter.
Mr. Chairman, are you aware of any previous instance when a
potential party to an FTC order has served in a senior DOJ
position? Can you--any of you, can you think of anyone where
you had that situation?
We've been trying to research it. We can't find anything.
So do you----
Mr. Simons. No, I'm not aware of any.
Senator Udall. Any of you can think of anybody who has been
promoted and the guy's now Acting Attorney General of the
United States of America?
OK. Thank--your blankness, I will take that as you can't
think of any incidents. Is that fair?
Mr. Simons. That's fair.
Senator Udall. All of you are nodding.
Mr. Phillips, please.
Mr. Phillips. I just wanted to add one thing. I wanted to
add one thing my colleague has said. And you absolutely should
rest assured that we will not let any kind of politics
interfere with the work we do.
What I will also say is that the history of our work with
the Justice Department has been a very positive thing. We've
worked together as partners. And I hope I speak--I'm certain I
speak for all of us when I say we all expect that to continue.
Mr. Simons. And it has continued.
Senator Udall. Yes. And I know that very well. That's what
concerns me. I'm very aware of what you're saying.
Mr. Simons. We recently had a big case involving Moneygram
where they did a terrific job working alongside our staff and
we recovered $125 million.
Senator Udall. Yes. Thank you all for your service. Really
appreciate the work you do on behalf of consumers.
Thank you, Mr. Chairman. Sorry for running over a little
bit there, but I was kind of taking General Blumenthal's lead
here. That's how I know him. You know, we're former attorneys
general. He served 20 years. I only served 8, so I still call
him General.
Senator Moran. And part of your time was indicting a
willingness to cooperate with me, so I wasn't counting it,
Senator Udall. Thank you.
Senator Hassan.
STATEMENT OF HON. MAGGIE HASSAN,
U.S. SENATOR FROM NEW HAMPSHIRE
Senator Hassan. Well, thank you, Mr. Chair and Ranking
Member Blumenthal. Thank you for holding this hearing.
And thank you to all of the commissioners. Thank you for
your service and for your testimony and answers today.
I want to start by following up on the topic of how we're
doing on protecting our kids that Senator Markey started to
raise.
Earlier this year at the confirmation hearing for most of
you, I discussed the possibility of the FTC examining the issue
of children in the videogame space. Specifically we discussed
loop boxes which allow in-game purchases with real currency,
for surprise winnings, and most of you agreed that this is an
area that could use additional oversight by the FTC.
Loop boxes are now endemic in the videogame industry and
are present in everything from casual smart phone games to the
newest, high-budget videogame releases. Loop boxes will
represent a 50-billion-dollar industry by the year 2022
according to the latest research estimates.
Children may be particularly susceptible to engaging with
these in-game purchases which are often considered integral
components of videogames. And just this month, Great Britain's
gambling commission released a report finding that 30 percent
of children have used loop boxes in videogames. The report
further found that this exposure may correlate with the rise in
young problem gamblers in the United Kingdom. Belgium, the
Netherlands, Japan, and other countries have all moved to
regulate the use of loop boxes in videogames given this close
link to gambling.
So given the seriousness of this issue, I think it is in
fact time for the FTC to investigate these mechanisms to ensure
that children are being adequately protected and to educate
parents about potential addiction or other negative impacts of
these games.
Would you commit to undertaking this project and keeping
this Committee informed about it?
Mr. Simons. Yes.
Mr. Chopra. Yes.
Mr. Phillips. Yes.
Senator Hassan. I'm seeing nodding heads.
Ms. Wilson. Yes.
Ms. Slaughter. Yes.
Senator Hassan. Wonderful. Thank you.
I also wanted to follow up on something that I know is of
an interest to Commissioner Slaughter, and Commissioner Wilson,
you mentioned it too, so maybe I'll just--I'll start with you,
Commissioner Slaughter, and then we'll let anybody else who
wants to respond.
We've discussed that the heroin, fentanyl and opioid crisis
is our most pressing public health and safety challenge facing
both my home state of New Hampshire and the home states of just
about everybody in the United States Senate. It's taking a
massive toll on our communities, our workforce, our economy.
So we all understand that this is an epidemic that impacts
people from all walks of life, in every corner of every state,
and it really requires a concerted, all-hands-on-deck response
and approach including from agencies that may not traditionally
be focused on some of the issues that the epidemic presents.
It's my understanding that the investigation surrounding
deceptive marketing practices with regard to products like
opioids. And Commissioner Wilson, you mentioned recovery
programs as well. But it's my understanding that right now
these are handled through a 1971 Memorandum of Understanding
between the FTC and the FDA.
Is the protocol from 1971 working specifically for opioids
or should we revisit this to ensure that we're doing all we can
to fight the epidemic? And I'll start with you, Commissioner
Slaughter.
Ms. Slaughter. Thank you for the question, Senator. As a
parent, as a person, the opioid epidemic literally keeps me up
at night and I agree with you that it is something that
requires an all-hands-on-deck.
Too many of these addictions start with legal
prescriptions----
Senator Hassan. Right.
Ms. Slaughter.--in the first place, and so I think one of
the really important tools we need to apply is all collective
efforts to keep people from getting addicted to begin with. And
I think it is a great idea for the FTC, the FDA, DOJ to all sit
down together and consider how we can best employ the statutory
tools at all of our disposal to most effectively combat this
epidemic where it starts.
Senator Hassan. Thank you.
Commissioner Wilson, would you like to comment?
Ms. Wilson. I agree with Commissioner Slaughter's comments.
I would also like to note my understanding since I arrived is
that the FTC and the FDA have been working closely on ways to
combat this problem together----
Senator Hassan. Right.
Ms. Wilson.--have sent out letters to marketers of products
that appear to have false claims. But I agree that if there are
ways that we can work more closely together, we should be doing
that.
Senator Hassan. Thank you.
Anyone else want to comment?
Mr. Chopra. I guess I'll just say that we now know years
later that the maker of OxyContin knew----
Senator Hassan. Right.
Mr. Chopra.--that their drug was very addictive, being
snorted, and they continued to advertise it as the less
addictive pill.
Now, if we don't figure out how to sanction companies like
this, we will see this happen again----
Senator Hassan. Right.
Mr. Chopra.--in a different field. So we need to see all of
this that is happening as downstream from that.
Senator Hassan. Yes.
Mr. Chopra. We know that what happened, we did not get
justice there, and so we have to be on alert and maybe be
thinking broadly about how are we going to hold pharmaceutical
companies accountable when they break the law repeatedly? You
know, we grant them government patents----
Senator Hassan. Right.
Mr. Chopra.--for them to promote innovation, but when they
consistently abuse it, we really need to think about what the
sanction should be.
Senator Hassan. Thank you all for that, and I look forward
to working with you all on it. Thank you. Thank you, Mr. Chair.
Senator Moran. Senator Cortez Masto.
STATEMENT OF HON. CATHERINE CORTEZ MASTO,
U.S. SENATOR FROM NEVADA
Senator Cortez Masto. Thank you. Thank you, Mr. Chair and
Ranking Member for holding this hearing, and welcome to all
five of you.
Let me just say I am very supportive and have been over the
years of the FTC and have, similar to my colleagues, as an AG,
worked closely with the FTC and so appreciate your candor in
coming forward and talking about the needs and the direction,
where you see we need to be focused for the future.
I do support additional resources. I think you are
understaffed for just the very reasons we talked about today,
and I know, as somebody with former law enforcement, yes, you
can always use more money, but it can be used so effectively to
not only protect consumers and competition but we've seen the
positive impacts of it. So I support any direction that we move
forward for your organization.
Let me jump back, though, to the conversation that we have
on privacy and data security. This is our future, and we need
to get a handle on this. That's why this is a discussion that I
so appreciate some of my colleagues are working on legislation.
I'm looking at something as well.
But one of the conversations we've had over many hearings
is this idea of data minimization, and as you are aware, we're
talking about this is the idea that businesses should only
collect, process, and store the minimum amount of data that is
necessary to carry out the purposes for which it is collected.
But we also know that at the same time we are in the age of big
data analytics which is going to be necessary as we move
forward with smart communities, artificial intelligence, so
many important technological future for the use of this
technology.
I'm curious on your thoughts on how we balance that. And
let me put it to you this way: A lot of the questions on this
have been asked on your thoughts on how we address data
security and privacy.
One of the things I heard, though, was the targeted
rulemaking authority FTC should have, and I'm curious.
And I know that was Commissioner Wilson; you talked about
that. What do you mean by targeted? And if you could address
it.
Are you including in that the idea that finding this
balance between minimization as well as big data analytics and
how, by giving you that targeted authority, it allows you to
kind of grow into this space and evolve and be flexible with it
without Congress coming in and dictating this is where you can
only go and this is where you cannot go? So I'm curious just if
you don't mind talking a little bit about targeted rulemaking
authority.
Ms. Wilson. Sure. To take a step back, when you talk about
the data minimization and artificial intelligence, these are
topics that the FTC is exploring in the hearings that are being
held. We have held a number of hearings on related topics. We
will continue to explore these topics. We appreciate the input
that we have been provided and we are working through that
input with the FTC staff and so we will continue to think about
and grapple with these issues.
In terms of the rulemaking that I mentioned, Congress
enacted COPPA, Gramm-Leach-Bliley, a number of other laws and
then delegated to the FTC after creating the broad strokes of
the legislation filling in the gaps and creating some of the
specifics to the rulemaking authority of the Federal Trade
Commission. I do agree that that would be appropriate here.
As my fellow commissioner, Commissioner Phillips,
mentioned, we do believe it is appropriate for Congress to
establish the balance between the different values that are
being considered but then to ask the FTC as the expert agency
to help flesh out some of the specifics and then to maintain a
rule going forward that can evolve as the market evolves.
Senator Hassan. Please, go ahead.
Ms. Slaughter. I want to add that I think some of the
benefits of rulemaking that are important to consider are,
first, flexibility. As technology evolves and practices evolve,
we want rules to change and evolve and keep pace with them, and
rules can change and evolve more easily and more quickly than
statutes can, often.
And the second is the element of rulemaking that involves
openness, transparency, and stakeholder involvement. Notice-
and-comment rulemaking requires an opportunity for
stakeholders, public advocates, good government groups to have
an opportunity to consider the rules that we might propose, to
issue comments, to have us reconsider them. And that back and
forth is a really important part to keep, make sure we're doing
it right and make sure stakeholders are actively engaged. I
think those are benefits that are important to keep in mind as
you consider crafting legislation.
Senator Hassan. Thank you.
Mr. Chopra. Senator, on minimization, this is really in
some ways not a new concept. In the Fair Credit Reporting Act,
there's disposal. In COPPA, there are some minimization
concepts. In GDPR and many of the other global privacy laws,
data minimization is key.
And I want to be responsive to your question. You can still
harness some of the benefits without necessarily keeping a
dossier on every individual consumer about individual data. If
you run a search engine, your algorithm can get better and
better without you keeping the search history of every single
person who has used it. So I'm not sure the tradeoffs are
incredibly hard. They need to be thoughtful.
But I think that balance and minimization, that's becoming
the global norm, and because the U.S. has not really passed a
comprehensive privacy law, the rest of the world is essentially
already converging around that, so I expect that our firms are
also going to be complying with that anyway.
Senator Hassan. OK. Thank you. I notice my time is up.
Thank you.
Senator Moran. Senator Capito.
STATEMENT OF HON. SHELLEY MOORE CAPITO,
U.S. SENATOR FROM WEST VIRGINIA
Senator Capito. Thank you, Mr. Chairman. Thank all of you.
Thank you for your service and thank you for being with us
today.
I recently had a birthday, and my phone rang and I looked
down and I thought, oh, I'm sure this is a birthday greeting
from one of my friends that I didn't have in my address book,
and lo and behold, it was a robocall trying to sell me
insurance. I cannot tell you how many times my constituents say
to me, Congress has got to do something about this. I thought
we had. We addressed it. We've had hearings on it.
And so I guess my question to you is because I know there's
some jurisdictional issues with FCC and FTC, so I'm going to
throw it open to the panel. How can we stop this practice of
spoofing numbers and locations onto your phone? And really for
elderly people, which I represent a state that has a lot of
elderly people, when you tell your grandmother don't pick up
the phone unless you know who it is, you could be doing her a
good service or maybe not such a good service because it could
be somebody registering an emergency call or something to help
her out.
So would anybody like to tell me the status of this and
who's really taking the lead here between the FCC and the FTC?
Mr. Simons. I think this is a joint effort. So they have
authority and powers that we don't have and maybe vice versa.
So we work with them to try to--like for example, one of the
things that they have done recently is empower the carriers to
do some call blocking and identification, which is helpful.
On our side, one of the things that we have done is run
technology challenges that have produced some software which is
now on the market which you can load onto your smart phone and
which will block robocalls, and one of them even will send the
call to a bot which will keep the robocaller online
indefinitely, wasting their money and time and not yours.
One other thing I would say is that I think it would be a
significant help to us in dealing with these robocalls if we
got rid of the common carrier exemption because a lot of the
robocalls are coming through specific carriers and these
carriers know that they are transmitting robocalls.
Senator Capito. So that would take a legislative action,
then?
Mr. Simons. Yes.
Senator Capito. To block that.
Mr. Simons. Right.
Senator Capito. Well, you know, again, I think it's
frustrating and a challenge. We all get it. But for particular
reasons, I think it can be damaging to individuals.
Mr. Simons. Oh, yes.
Senator Capito. I'm going to change to the topic of
fraudulent addiction and recovery centers. I believe
Commissioner Wilson mentioned it in her opening statement.
Senator Cortez Masto and I were able to get that into the big
bill based on stories of people either--I guess the term is
``body brokering,'' which I hadn't really heard, or convincing
addicts to attend fraudulent rehab centers.
Not really having a quality index of rehab centers and
particularly for an area like mine and other areas that are
deeply affected, this is of grave concern.
So Commissioner Wilson, could you speak to that a little
bit, what direction the FTC is going on this?
Ms. Wilson. So my understanding--of course I've been there
just a few short weeks, but my understanding is that staff is
very focused on monitoring claims that are made and ensuring
that claims that are made are valid and accurate, and to the
extent they're not, staff is pursuing those claims. There are a
number of non-public investigations that are ongoing right now,
and I think we all agree with you that this is a significant
issue. If people are addicted and are seeking to end that
addiction, they need legitimate help as soon as they are ready
to receive it, and wasting time and money with false or
ineffective treatments is a travesty.
Ms. Wilson. Or even treatments where you fraudulently bring
them into your system for treatment and all you're doing is
giving them more drugs at the same time. I know a couple of
those cases have come up.
But I know as friends of parents who have had this issue,
you're going to do anything you can to help your child or your
husband or your wife, whoever it is, and you're so vulnerable
at this time, especially maybe it's not your first treatment
but it's your second or third and numerous overdoses and
everything. So this is an area of great concern.
Did anybody else want to speak about that on the panel?
Yes. Commissioner Phillips, yes.
Mr. Phillips. I just wanted to thank you both for your
efforts. You've given us new authority and we mean to use it.
Senator Capito. OK. Last question I have on fraudulent
marketing would be the--I didn't realize this was a problem but
my staff brought it to my attention--the fraudulent ``Made In
America'' label. How prevalent is this and what are some of the
means you're going to use to try to curb this practice?
Mr. Simons. This is fairly prevalent. We get hundreds of
these, hundreds of complaints a year that people are improperly
using the Made In the U.S.A. label, and we are committed to
investigating those.
I mean usually a lot of times what happens is the firm, the
company doesn't even realize that it's a violation and so we
explain to them it's a violation and they stop it.
Sometimes companies do it intentionally. Sometimes we tell
them and they don't stop, and those people we sue. And one of
the things that we're exploring now, as a general rule, we've
only gotten injunctive relief in cases like this previously but
now we're exploring whether we can find a good case that would
be appropriate for monetary relief to serve as an additional
deterrent.
Mr. Chopra. I just want to add here that I think there are
manufacturers out there who hire American workers and who
purposefully do that because they want to put the flag on their
product, and for those who lie, this cheapens the Made In
U.S.A. label. So it's not just hurting American consumers, it's
hurting every American manufacturer who----
Ms. Wilson. Right.
Mr. Chopra.--is trying to do right. So you know, I want us
to be much more aggressive with this, actually, and if you and
Senator Cortez Masto want to team up again, you know, finding
civil penalties for some of these bad actors, we can really
make sure we increase compliance levels.
And I got to tell you, right now there's country-of-origin
labeling issues in agriculture, country-of-origin issues in
product marketing. We have to do more to put a stop to this
because this is extremely unfair to honest companies.
Ms. Slaughter. I would agree with everything my colleagues
have said and I would add that Commissioner Chopra's point
about financial-penalty authority is a well-taken one. In order
for us to assess monetary--we'd say penalties, but in order for
us to get a monetary remedy right now we'd have to show a
monetary harm and show a price premium and make that
demonstration. That can be very difficult to do.
So we can't just say you've broken the law, now pay the
government money, even if the ability to do so might really
deter some of this reprehensible behavior.
Mr. Chopra. We would like to reduce these--or at least I
would like to reduce these settlements that end in no money, no
findings of fact, no nothing. We just received a comment letter
from a company who actually was denied the ability to sell
their products to the members of the military because one of
our respondents actually was violating this. So this is
extremely unfair and we need to fix it.
Senator Capito. All right. Thank you.
Thank you, Mr. Chairman.
Senator Moran. Senator Blumenthal surprised me and
indicated he has a couple more questions.
Senator Blumenthal.
Senator Blumenthal. Thanks, Mr. Chairman. I know how
grateful you are for my additional questions.
I want to again, by the way, in all seriousness, thank
Senator Moran for his leadership here. Believe it or not, we
have an excellent team going. And I want to thank our staff who
have prepared for this hearing.
And come back to the Whitaker issue that was raised with
you, Mr. Simons, Chairman Simons. There has been a report that
Mr. Whitaker contacted one consumer to say that there would be,
in quotes, serious civil and criminal consequences, end quote,
if that consumer engaged in any further online negative reviews
of World Patent Marketing.
Are you aware of that report?
Mr. Simons. I've seen that; yes, sir.
Senator Blumenthal. Are you aware of facts that would
substantiate it?
Mr. Simons. I don't have the detail on that.
As I mentioned to Senator Udall, this case was completed
before we showed up. We would be happy----
Senator Blumenthal. Well, it was----
Mr. Simons. And we would be very happy to have the staff
who has all the details provide a complete briefing for you.
Senator Blumenthal. Are you aware of facts that would
substantiate that report?
Mr. Simons. Personally, no.
Senator Blumenthal. But your staff has such facts?
Mr. Simons. My staff has--has the facts.
Senator Blumenthal. OK. You would agree with me, would you
not, that that kind of statement----
Mr. Simons. That's troubling.
Senator Blumenthal.--would be improper?
Mr. Simons. That's troubling, yes.
Senator Blumenthal. And possibly illegal.
Mr. Simons. That's troubling.
Senator Blumenthal. Are you aware of a subpoena that was
issued to Mr. Whitaker? Or that Mr. Udall, Senator Udall has
asked you a similar question. I'm asking you whether you're
aware of any subpoena that's been issued to Mr. Whitaker by the
FTC?
Mr. Simons. I haven't studied what subpoenas have been
issued in that case but, like I said, the staff has all the
details, and it's not a secret. They would be more than happy
to provide a briefing.
Senator Blumenthal. Are you aware that the e-mail Mr.
Whitaker sent to that consumer was on the FTC's docket in that
case?
Mr. Simons. I'm not aware personally of that.
Senator Blumenthal. Would you be aware of subpoenas that
have not been complied with?
Mr. Simons. Potentially, but, you know, I'm not aware of
what happens with every subpoena that the Commission issues. We
issue lots of subpoenas.
Senator Blumenthal. This subpoena is a pretty high-profile
one; correct?
Mr. Simons. Like I said, we weren't at the Commission when
this was voted out.
Senator Blumenthal. Would you agree with me that anyone,
particularly somebody involved in the case as a potential
defendant, has an obligation to comply with FTC subpoenas?
Mr. Simons. Yes, we definitely expect people to comply with
subpoenas when we issue them.
There might be circumstances where they wouldn't. Like so,
for example, if the case--if the subpoena went out and the case
settled the next day, then you don't go out and try to enforce
the subpoena because you've gotten what you need already and
you've settled the case.
But generally, if we need the information, we should
enforce the subpoena.
Senator Blumenthal. But that kind of circumstance was not
present here, was it?
Mr. Simons. I don't know. But like I said, the staff would
be happy to brief you.
Senator Blumenthal. Well, I'm asking you these questions
not only because they are significant to Mr. Whitaker but they
are important to compliance with your subpoenas. If World
thinks that they can claim, well, I'm moving from one house to
another or I'm moving from Washington, D.C. to Iowa or Iowa to
Washington, D.C. and that's enough reason to just say forget
about it, you'll have diminished compliance with your
subpoenas, and that will take more resources to enforce them.
So----
Mr. Simons. I agree.
Senator Blumenthal.--it's really in your interest to have
answers to these questions.
Mr. Simons. Yes, I agree.
Ms. Wilson. If I can jump in for one minute.
Senator Blumenthal. Yes, of course.
Ms. Wilson. As a senior commissioner on the Commission, it
is my responsibility to work with the general counsel's office
to respond to motions to quash or motions to limit subpoenas
and CIDs. I can tell you we take this very seriously. There has
been an instance recently where I worked with the general
counsel's office to say, No, we are not going to quash the CID
and we fully expect that the respondents will not comply, and
we will take them to court to make sure we get the information
that we need from them. I've actually told my staff I'd like to
sit in the investigational hearing when those people are
brought in to give testimony because I'd like to see who it is
that wants to flout the authority of the Federal Trade
Commission. So we do take this very seriously.
Senator Blumenthal. I'm sure you do.
Well, let me ask you, Mrs. Wilson. Do you have knowledge of
this subpoena to Mr. Whitaker?
Ms. Wilson. I have no knowledge of these circumstances, no.
Senator Blumenthal. And why not?
Ms. Wilson. Because I was sworn in two months ago.
Senator Blumenthal. Well, you had to know we were going to
ask you about it today; right?
Ms. Wilson. The Chairman's office has been dealing with
this issue, it's my understanding, and I have not been briefed
on this topic.
Senator Blumenthal. Well, I really think that you owe this
Committee answers quickly about this subpoena for the sake of
your law enforcement credibility.
Mr. Simons. We're happy to provide the details. The staff
can give a briefing; they can be full and open and it's not an
issue. We'd be happy to do it.
Senator Blumenthal. And when you're going to be full and
open, I assume there's no problem with our disclosing ----
Mr. Simons. No.
Senator Blumenthal.--the circumstances because the case has
been settled; correct?
Mr. Simons. Correct.
Senator Blumenthal. OK. And by the way, a 26-million-dollar
settlement, that's not a nickel-and-dime. It's an all-time
case.
Mr. Simons. No. That's a serious case for us, absolutely.
Senator Blumenthal. Right. Has anyone from the White House
ever communicated with you about this case?
Mr. Simons. Not with me.
Senator Blumenthal. With anyone in the FTC, whether it's
the staff or any of the present or past commissioners?
Mr. Simons. Certainly not that I'm aware of.
Senator Blumenthal. Any other commissioners aware of any
contact from anyone in the White House from the President on
down about this case?
And the record should show that everyone is shaking their
heads no.
And are you aware of the White House contacting anyone at
the FTC about Mr. Whitaker if not about this case?
Mr. Simons. No.
Senator Blumenthal. And the same is true of others.
Mr. Simons. No.
Senator Blumenthal. Has the White House contacted you, Mr.
Chairman, or other commissioners about hiring anyone for either
the FTC staff or in any other capacity?
Mr. Simons. I don't remember anything like that.
Senator Blumenthal. No one has asked you to hire anyone
either from the private sector or from another government
agency?
Mr. Simons. I don't remember. I mean I don't have--I have
very little contact with the White House.
Senator Blumenthal. What kind of contact do you have?
Mr. Simons. I have had lunch at the White House mess where
I was introduced to the nominee for the BCFP and the General
Counsel of the Commerce Department because our agencies, you
know, work together, and that's really about it.
Senator Blumenthal. And the purpose of that lunch was to
introduce you to those individuals?
Mr. Simons. Yes.
Senator Blumenthal. OK. And I'm assuming that you will let
this Committee know of any contacts between you or any of the
commissioners and the White House staff, meaning any of the
political appointments including the President.
Mr. Simons. You mean in conjunction with Mr. Whitaker?
Senator Blumenthal. Or in any other way. Can we have that
commitment from you?
Mr. Simons. I think I would like to talk to the General
Counsel just to make sure there's not a reason that I can't do
it.
Senator Blumenthal. I'm happy to give you that opportunity.
Thank you.
That concludes my questions, Mr. Chairman. Thank you.
Senator Moran. Senator Blumenthal, thank you very much. As
you indicated, I appreciate the opportunity to work with you.
Let me ask a couple of questions and then I think we can
conclude this hearing.
There has been concerns raised about the recently adopted
California Consumer Privacy Act. Those concerns--that Act is
expected to take effect in 2020. The concerns are that that
legislation will influence other states to enact their own
versions of privacy regulations, each of which would
potentially impose differing obligations on companies and
different types of protections and remedies for consumers.
As the Federal agency that has primary expertise over
unfair and deceptive practices affecting interstate commerce,
what are your thoughts about this state-by-state approach to
regulating privacy practices of U.S. companies and whether that
complicates the consumer's ability to enjoy the same privacy
protections no matter where they live or use the Internet?
Do you believe that there is a potential for consumer
confusion between Federal standards and varying state-by-state
approaches?
Mr. Simons. I'll take that.
Sure. I think that is a possibility. If you've got a good
Federal statute and you've got state statutes that are either
inconsistent or varied, I think you can get confusion, and
depending on the right--you know, what the mix is and the
details, Federal preemption might be the way to go on that.
Senator Moran. Mr. Phillips.
Mr. Phillips. Thank you, Senator.
One of the things that I've said publicly, including here
today, about Federal privacy legislation is that we should keep
competition in mind. For large businesses, it's easy to deal
with lots of different compliance costs. For smaller
businesses, having one clear rule can help them compete.
Mr. Chopra. Can I just add that of all the preemption that
occurs, you should tread very, very carefully. We saw how
preemption of state law in the mortgage market--and the same
argument was used about making sure that there's enough entry,
not confusion. That preemption of state laws there was
catastrophic, and there are certain states that may want to
have higher standards than the Federal law.
We can talk about material conflicts, but broad preemption
I think would be a huge mistake, but I'm happy to keep talking
about that with you and figure out how we can balance all the
things you're concerned about.
Ms. Slaughter. I would say that I am not concerned about
states that want to have strong laws. I am concerned about the
idea of inconsistent laws between states. I think there could
be a case for Federal preemption as long as a Federal law was
really meaningful and really strong. I would be very concerned
about a weak Federal law that replaced strong state laws.
Ms. Wilson. I do respect federalism and states as
laboratories for democracy. In the words of Justice Brandeis,
the states provide an important opportunity to conduct novel
social and economic experiments.
And so I would be wary of advocating for preemption in very
many circumstances. But I think in this kind of circumstance,
it will be important to do that. I think for the reasons you
described, for consumer confusion but also businesses need
clarity and predictability so that we don't dampen innovation
and chill competition.
As Commissioner Phillips noted, if there are small
companies trying to get into the marketplace and they are
looking at a patchwork of laws, it raises the costs for them to
enter, and so I think in this kind of circumstance preemption
would be useful for consumers and useful for competition
itself.
Senator Moran. I have great regard for everyone's
commentary on this topic. It's a challenge.
Ms. Slaughter, you did say something that catches my
attention in that this may be the way to find the solution to
this issue is by the strength of the Federal law. In other
words, there's a give and take that takes place here, something
that we can further explore as we try to figure out a solution
to Federal legislation.
I support privacy rules that afford consumers the same
protection no matter where they are in the Internet ecosystem,
slightly a different topic than the one that we just were
talking about.
Would you agree that regulating and enforcing privacy rules
based on the sensitivity of the data collected, used or
transferred or stored is a preferred approach and in the best
interest of consumers in terms of certainty and transparency?
In other words, the standard, the focus should be on the type
of data that's involved and its consequences of being impaired
from privacy protection.
Senator--oh, I've call you Senator twice. I've promoted you
on two occasions and I'm sorry. Commissioner Phillips.
Mr. Phillips. In my heart, Senator, I'm still a staffer.
What I would say is this: The system we have today in
America, the system we've had for a long time protects health
information especially; it protects information about children,
it protects financial information. And that reflects a
collective judgment that there are certain kinds of data that
the disclosure of which inappropriately may pose greater risks
and may require greater care.
Additionally, something we talk a lot about in the privacy
world is the idea of context; you know, what consumer
expectations are in a given circumstance. It may be reasonable
for a consumer to expect more sensitive data to be treated with
more care, so I definitely think that there is a wisdom to how
things have long been done. There's a collective wisdom
reflected in our laws today.
I'm sorry. I think that's definitely an important issue to
keep in mind. Thank you.
Senator Moran. Let me turn to a different topic. The FTC
began holding open hearings in September to evaluate evolving
technologies and business practices in an increasingly
globalized economy while also identifying possible changes to
competition and consumer protection laws and enforcement
priorities.
Other topics including data security and privacy are
scheduled to occur in the near future, as I understand, in
early 2019. What would you describe as a high-level takeaway or
priority action item that you've identified through this public
process to date?
What have you learned so far, Mr. Chairman?
Mr. Simons. I think what we've learned so far is a lot of--
we've gotten views from both sides of the spectrum across a
whole range and so we're getting terrific input. We've had 200
people testify already from diverse backgrounds and we've had a
large number of written comments, some of them very detailed
and very thoughtful, so we're getting a lot of input.
I think at this point we're still--we still have more to
go, and in particular, we're going to get comments at the end
of the process. So I think as of this point we are still
absorbing the input and synthesizing it and we don't really
have any takeaways in terms of what the specific output of the
hearings is going to be.
Mr. Chopra. Senator, one initial takeaway I have is that
data is a more and more valuable asset every day to firms that
are in our economy. The traditional ways we have looked at how
to enforce some of our laws, whether it be on the antitrust
side or the consumer protection side, we are trying to develop
further views on that because there is clearly a race to get
all of our data and figure out how to monetize it in a big way.
This raises some issues that we deal with. It raises
national security issues. But we are in learning mode. But
certainly we have to accept that we are going to do our job in
a very data-oriented economy where that is similar to gold.
Senator Moran. Thank you for that comment. I have one
question and then I'm going to turn to Senator Cruz.
This one is for Commissioner Slaughter. As you are well
aware, we were successful in enacting better online ticket
sales, the Bots Act in 2016. We provided the FTC and state
attorneys general authority to treat any, quote, circumvention
of a security measure, access control system or other
technological measures including online bots to suppress ticket
purchasing limits as an unfair or deceptive practice.
I understand there's an upcoming workshop on this topic and
I was interested if you would explain this to me. But more
broadly than that, how are we coming along on the enforcement
of the Bots Act?
Ms. Slaughter. Thank you for the question, Senator. This is
one of those issues like robocalls that people really care
about. Consumers really, really care about it and it really
makes them nuts when they cannot get tickets to their favorite
show or a play, and that's an important thing for us to take
seriously.
So it was my pleasure and privilege and honor as a Senate
staffer to work with your office on the legislation and now it
is my pleasure and privilege and honor to be in the position of
considering the enforcement of it. So I would say two things to
you.
First in terms of enforcement, we're actively monitoring
for enforcement opportunities. It's an important tool that
we've been given and we need to use it and we would like to use
it.
And then in terms of the workshop, our goal I think is to
gather stakeholders, get input to make sure we're staying
abreast of the technological developments in the ticket
industry. It is a very fast-moving target and so we want to
make sure we know what's going on, we're targeting our
investigations and enforcement efforts appropriately and that
we're appropriately communicating with you to make sure that we
continue to have the tools we need to try to tackle this
important problem.
Senator Moran. Do you have any colleagues as commissioners
who don't share your enthusiasm for the Bots Act that I need to
question?
Ms. Slaughter. I cannot imagine that any of my colleagues
don't share my enthusiasm.
Senator Moran. Well, maybe I should ask them.
Are there any commissioners who do not share the enthusiasm
for the Bots Act?
Mr. Phillips. That was a double negative, but we share her
enthusiasm.
Senator Moran. Thank you.
Senator Cruz.
STATEMENT OF HON. TED CRUZ,
U.S. SENATOR FROM TEXAS
Senator Cruz. Thank you, Mr. Chairman. Welcome everyone,
and I would ask you to convey my well wishes to all the
wonderful people that work at the FTC.
Mr. Simons. I would be happy to do that.
Senator Cruz. It's good to see you.
I want to raise a topic that we've discussed at some length
in the past, which is big tech, and there are many issues about
big tech that intersect with the FTC's mission and mandate.
So I want to start with this past spring the Commission
received several requests to investigate Google's alleged
violations of privacy. One request from Senators Blumenthal and
Markey detailed what they described as Google's deceptive and
intrusive collection of location information on android smart
phones. Another request came from the Electronic Privacy
Information Center raising concerns about Google's tracking of
in-store purchases.
Yet another was filed by seven consumer groups about
Google's deceptive-by-design user privacy settings, and the
list goes on.
And I wanted to ask Chairman Simons has the Commission
investigated the claims in those letters and what have you all
found?
Mr. Simons. So I can't talk about any specific non-public
investigation, as you know, but one thing I will say is that if
you read about it in the press, if there's a Congressional
letter that points out a potential problem, we are on it.
Senator Cruz. Good.
Mr. Simons. We look at those things very carefully.
Senator Cruz. I am glad to hear that.
Let me ask a broader question to each of the commissioners.
During the February nomination hearing which most of you
all participated in, I highlighted concerns that was raised in
an article published in Esquire that detailed how, quote,
Facebook and Google are together worth $1.3 trillion, which to
put that in perspective, you could merge the world's top five
advertising agencies with five major media companies and still
need to add five major communications companies. And by the
way, that would be WPP, Omnicon, Publicist, IPG, Dentsu,
Disney, Time Warner, 21st Century Fox, CBS, Viacomm, AT&T,
Verizon, Comcast, Charter, and DISH all merged into one giant
company and that would still only total 90 percent of what
Google and Facebook are together worth.
Does the Commission have concerns about that massive
accumulation of power that big tech has and, in particular, how
should antitrust law approach that massive concentration of
power?
Mr. Simons. Thank you, Senator.
So in the antitrust context, we're worried about exercise
of market power, right? And so that's where you want to look
for the anticompetitive conduct; that's where you want to look
for your case generation and for your investigations. And so of
course when you've got a situation . . .
But let me say this, also, which is that the fact that
they're big doesn't mean it's a problem under the antitrust
laws. Big is not necessarily bad. But if you got big by being
bad, if you got big through anti-competitive conduct or you're
staying big because of anti-competitive conduct, that's
something that we need to prohibit and we need to stop.
Senator Cruz. Any other commissioners have thoughts on
that?
Mr. Chopra. Senator, I'll just add that if you talk to
investors, many of them will tell you that they're not going to
fund a new startup unless they can figure out how to sell that
company to an existing large incumbent like Google and
Facebook. And that makes me question, do we have a really
competitive, innovative economy where investors are putting
money only into ideas that they can sell to an existing
incumbent?
We should want to live in an economy where people are
investing to create new ideas that challenge and that create
real rivalry. And I worry about writ large when companies are
trying to get going but a larger incumbent can seal their fate
by cutting them off. So you know, we take these issues
seriously on the privacy side and the antitrust side, but it is
clear that we have to think about this hard and so do you.
Senator Cruz. I think you raise good and important concerns
there.
Let me shift the discussion slightly to a different aspect
of big tech's power, which is as I'm home in Texas and
listening to Texans, a concern that I hear on virtually a daily
basis is that the major technology companies are far too
willing to engage in censorship, that are using their market
power to silence voices in the political market's face and the
public discourse with which they disagree.
In recent weeks, media outlets have reported that Facebook
fired a senior executive because of his political views. We've
also seen Twitter recently getting bolder and bolder, blocking
conservatives altogether from speaking and just banning them
from the platform because what they were saying was
inconsistent with Twitter's political views.
And one of the frustrating things from the perspective of
this Committee is that there is virtually no transparency.
There are no objective data. Twitter, Facebook, Google, they
don't answer any questions. They don't answer the extent to
which they are silencing people, the extent to which political
bias is affecting those decisions.
How can and should the FTC address that concern that is
being raised? And it is a concern of millions across the
country.
Mr. Simons. It's not clear to me that the FTC should be
addressing that at all. What you're describing is something
similar to what the FCC used to do with the Fairness Act and so
maybe there's an FCC angle there that it is appropriate for
either the Congress to pursue or maybe the FCC to pursue. But
unless it's something that relates to a competition issue or
its unfair or deceptive, then I don't think we have a role.
Mr. Chopra. I'll just add here that I think the public,
you're right, knows very little about how some of these
companies make decisions, and there are free speech issues
which may not be in our, you know, authority.
But certainly, and as you know, Senator Cruz, the FTC has
its 6(b) authority where we can compel certain information
about business practices, and based upon a vote of the
Commission, make some of that information public.
I think the FTC is well situated to do quite a bit of study
and reveal some of those findings about how some of these
companies operate but I will think hard about what you're
mentioning about speech as well.
Senator Cruz. And I would very much encourage you to do so.
And I would also encourage the Commission, when you say
that you don't think you have the authority to address these
issues, you do have extensive consumer protection authority.
And when tech companies are holding themselves out to the
public and customers as neutral public forums and are actively
engaged in hidden censorship, that is actively deceptive, and
the FTC has a great deal of authority to address deception and
to help provide transparency.
And right now, big tech has been very comfortable refusing
to answer these questions. The FTC I think has ample authority
to help provide that transparency, which is I think something
both the public and Congress would be very interested in
knowing the answers to.
Mr. Phillips. Senator, if I could just add one thing just
to echo something the Chairman said before, we are very mindful
of the very important antitrust and consumer protection
authorities that we wield.
I think part of the concern is those are not authorities to
police the First Amendment itself. And you've been such a
leader in defending the First Amendment. We want to make sure
that we do the job assigned to us very carefully but that we
not tread into First Amendment-implicating space.
Senator Moran. Senator Blumenthal.
Senator Blumenthal. I just want to make sure we understand
each other. Senator Cruz was asking questions about antitrust
authority, and, as you will recall, I made similar reference
earlier in this hearing and one of you indicated that your
authority is limited to deceptive and misleading practice.
The fact is you do have antitrust authority; correct?
Mr. Simons. Correct.
Senator Blumenthal. Very much. And the misuse of market
power or market share, which is implied possibly--underscore
``possibly''--by some of what we've seen lately certainly would
be within your jurisdiction; correct?
Mr. Simons. Yes.
Senator Blumenthal. I notice Mr. Phillips----
Mr. Phillips. Yes.
Senator Blumenthal.--is nodding his head in assent and
others are as well.
I think, you know, that we're expecting you to use the full
range of your authority--consumer protection, antitrust--and
they're both really--and deceptive and misleading practices
that affect consumers and antitrust affects consumers. In fact,
the misuse of market power may include deceptive and
misleading----
Mr. Simons. Sure.
Senator Blumenthal.--practices. So what I'd like to ask is
a commitment from you that you will assess the market share of
the big tech companies, the top five, and that you will report
back to us on what that market share is.
Mr. Chopra. Well, I think our hearings and any studies we
might do to compel information--you know, market share is a
little bit of a tricky issue with this one. But let me just say
we have the antitrust laws, we have the FTC Act, we have other
statutes Congress has given us, but several of the largest tech
companies on the plant are also under order by the FTC--Google,
Facebook, Twitter and there's more--and we expect that those
orders are followed. They are not suggestions. And so we also
have that tool as well.
Senator Blumenthal. Well, this is a big question, and I'm
not going to prolong this hearing but I would like to follow up
on it with some questions for the record on information that
you could provide us that would reflect on the current
potential antitrust issues that we've raised here. Thank you.
Senator Moran. Thank you all very much.
No further questions from me, but I would indicate that
you've caught my attention on the U.S. SAFE WEB
reauthorization, and if you'd have your staff visit with my
staff, we'd be interested in working with you about its
reauthorization.
And I've always had the practice of allowing witnesses
before our Subcommittee to add anything to the record they'd
like to add. Is there anyone who has spoken today that would
like to say anything further, something you left out, something
you want to clear up or something that you feel like we did not
ask you?
All heads are shaking to the negative, suggesting that you
too are ready for this hearing to come to a conclusion.
The hearing record will remain open for two weeks. During
this time, senators are asked to submit any questions for the
record. Upon receipt, the witnesses are requested to submit
their written answers to the Committee.
I again thank you for appearing today and appreciate your
cooperation. I was impressed by the nature of your responses,
your testimony, your articulation of complicated matters, and I
was particularly pleased to see the nature of the relationship
that appears to be among all of you in working together that is
appealing to me.
With that, this hearing is now adjourned.
[Whereupon, at 4:49 p.m., the hearing was adjourned.]
A P P E N D I X
Electronic Privacy Information Center
Washington, DC, November 26, 2018
Hon. Jerry Moran, Chairman,
Hon. Richard Blumenthal, Ranking Member,
U.S. Senate Committee on Commerce, Science, and Transportation,
Subcommittee on Consumer Protection, Product Safety, Insurance, and
Data
Security,
Washington, DC.
Dear Chairman Moran and Ranking Member Blumenthal:
We write to you in advance of the hearing ``Oversight of the
Federal Trade Commission.'' \1\ We appreciate your interest in the role
of the FTC and consumer protection. We look forward to working with the
Commerce Committee in the next Congress. Your oversight of the Federal
Trade Commission is critical to safeguard the interests of American
consumers and businesses.
---------------------------------------------------------------------------
\1\ Oversight of the Federal Trade Commission, 115th Cong. (2018),
Senate Comm. on Commerce, Sci., and Trans., Subcomm. on Consumer
Protection, Product Safety, Insurance, and Data Security (Nov. 27,
2018), https://www.commerce.senate.gov/public/index.cfm/2018/11/
oversight-of-the-federal-trade-commission.
---------------------------------------------------------------------------
From EPIC's perspective, the FTC must do more far more to address
the growing threats to consumer privacy and to assure our trading
partners as to the adequacy of data protection in the United States.
Consumers today face unprecedented risks of identity theft, financial
fraud, and data breaches. And because so many U.S. firms collect
personal data of European consumers, the FTC's failure to enforce
consent orders also risks continued trade relations with the country's
largest trading partners. Before giving the FTC more authority, the
Senate Commerce Committee should review the FTC's use of its current
authority and ask specific questions about commitments made regarding
the enforcement of consent orders and merger review. In February, the
new Commissioners said there would be vigorous enforcement. That simply
has not happened.
For many years, EPIC has worked with the Senate Commerce Committee
to help protect the privacy rights of Americans.\2\ EPIC has also
played a leading role at the FTC, helping to establish the Commission's
authority to bring privacy investigations and to protect the personal
data of American consumers.\3\ EPIC is the group that filed the
comprehensive complaint against Facebook with the FTC in 2009,
resulting in the Commission's 2011 Consent Order with Facebook,\4\ and
is the group that sued the FTC for the Commission's failure to enforce
a similar order against Google.\5\
---------------------------------------------------------------------------
\2\ See, e.g, Impact and Policy Implications of Spyware on
Consumers and Businesses Before S. Comm. on Commerce, Sci., and
Transp., 110th Cong. (2008) (statement of Marc Rotenberg, Executive
Director, EPIC), https://epic.org/privacy/dv/Spyware_Test061108.pdf;
Protecting Consumers' Phone Records Before the S. Comm. On Commerce,
Sci., and Transp., 109th Cong. (2006) (statement of Marc Rotenberg,
Executive Director, EPIC), https://epic.org/privacy/iei/
testimony2806.pdf.
\3\ Letter from EPIC Executive Director Marc Rotenberg to FTC
Commissioner Christine Varney (Dec. 14, 1995), http://epic.org/privacy/
internet/ftc/ftc_letter.html (urging the FTC to investigate the misuse
of personal information by the direct marketing industry); See also
EPIC, In the Matter of DoubleClick, Complaint and Request for
Injunction, Request for Investigation and for Other Relief, before the
Federal Trade Commission (Feb. 10, 2000), http://epic.org/privacy/
internet/ftc/DCLK_complaint.pdf; EPIC, In the Matter of Microsoft
Corporation, Complaint and Request for Injunction, Request for
Investigation and for Other Relief (July 26, 2001), http://epic.org/
privacy/consumer/MS_complaint.pdf, In the Matter of Choicepoint,
(Complaint, Request for Investigation and for Other Relief) (Dec. 16,
2004), http://epic.org/privacy/choicepoint/fcraltr12.16.04.html.
\4\ In the Matter of Facebook, Inc. (EPIC, Complaint, Request for
Investigation, Injunction, and Other Relief) before the Federal Trade
Commission, Washington, D.C. (filed Dec. 17, 2009), http://
www.epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf.
\5\ EPIC v. FTC, 844 F. Supp. 2d 98 (D.D.C. 2012), https://
epic.org/privacy/ftc/google/EPICvFTC-CtMemo.pdf.
---------------------------------------------------------------------------
Below, EPIC raises five critical points for committee
consideration: (1) The FTC fails to enforce its own consent orders; (2)
Even when the FTC finds violations, it does not sanction companies; (3)
The FTC failed to stop mergers that threaten consumer privacy; (4) The
FTC lacks transparency; and (5) The United States needs a data
protection agency.
Why Does the FTC Fail to Enforce Its Own Consent Orders?
In 2011, the FTC entered into a Consent Order with Facebook,
following an extensive investigation and complaint pursued by EPIC and
several U.S. consumer privacy organizations. The Consent Order
specifically prohibited Facebook from transferring personal data to
third parties without user consent.\6\ As EPIC told this Committee in
April of this year, the transfer of personal data on 87 million
Facebook users to Cambridge Analytica could have been prevented had the
FTC enforced its 2011 Consent Order against Facebook.\7\ The obvious
question now is ``why did the FTC fail to act?''
---------------------------------------------------------------------------
\6\ Fed. Trade Comm'n., In re Facebook, Decision and Order, FTC
File No. 092 3184 (July 27, 2012), https://www.ftc.gov/sites/default/
files/documents/cases/2012/08/120810facebookdo.
pdf.
\7\ See, Letter from EPIC to S. Comm. on the Judiciary and S. Comm
on Commerce, Sci. and Trans. (Apr. 9, 2018), https://epic.org/
testimony/congress/EPIC-SJC-Facebook-Apr2018.pdf.
---------------------------------------------------------------------------
In 2011, EPIC also obtained a significant judgment at the FTC
against Google after the disastrous roll-out of Google ``Buzz.'' \8\ In
that case, the FTC established a consent order after Google tried to
enroll Gmail users into a social networking service without obtaining
meaningful consent.\9\ But a problem we did not anticipate became
apparent almost immediately: the FTC was unwilling to enforce its own
consent orders. Almost immediately after the settlements, both Facebook
and Google began to test the Commission's willingness to stand behind
its judgments: Dramatic changes in the two companies' advertising
models led to more invasive tracking of Internet users, user behaviors
both online and offline were tracked and merged, and Facebook used
facial recognition tools on Internet users who were not even using
their platform. Still the FTC did nothing.
---------------------------------------------------------------------------
\8\ In the Matter of Google, Inc., EPIC Complaint, Request for
Investigation, Injunction, and Other Relief, before the Federal Trade
Commission, Washington, D.C. (filed Feb. 16, 2010), https://epic.org/
privacy/ftc/googlebuzz/GoogleBuzz_Complaint.pdf.
\9\ Press Release, Fed. Trade Comm'n., FTC Charges Deceptive
Privacy Practices in Googles Rollout of Its Buzz Social Network: Google
Agrees to Implement Comprehensive Privacy Program to Protect Consumer
Data (Mar. 30, 2011), https://www.ftc.gov/news-events/press-releases/
2011/03/ftc-charges-deceptive-privacy-practices-googles-rollout-its-
buzz.
---------------------------------------------------------------------------
In March 2018, after the Cambridge Analytica scandal became public,
the FTC announced it would reopen the investigation of Facebook.\10\ In
a press release, the FTC stated that ``[c]ompanies who have settled
previous FTC actions must also comply with FTC order provisions
imposing privacy and data security requirements. Accordingly, the FTC
takes very seriously recent press reports raising substantial concerns
about the privacy practices of Facebook.'' \11\ Chairman Simons also
told this Committee in February, a ``first priority for the
Commission'' will be ``vigorous enforcement,'' \12\ and Commissioner
Rohit Chopra stated in May that ``FTC orders are not suggestions.''
\13\
---------------------------------------------------------------------------
\10\ Press Release, Fed. Trade Comm'n., Statement by the Acting
Director of FTC's Bureau of Consumer Protection Regarding Reported
Concerns About Facebook Privacy Practices (Mar. 26, 2018), https://
www.ftc.gov/news-events/press-releases/2018/03/statement-acting-
director-ftcs-bureau-consumer-protection.
\11\ Id.
\12\ Nomination Hearing, 115th Cong. (2018), S. Comm. on Science,
Commerce and Transportation, (Feb. 14, 2018) (Joseph Simons, Chairman,
Fed. Trade Comm'n. at 59:40), https://www.commerce.senate.gov/public/
index.cfm/hearings?ID=EECF6964-F8DC-469E-AEB2-D7C161
82A0E8.
\13\ Memorandum from Commissioner Rohit Chopra to Commission Staff
and Commissioners, Fed. Trade Comm'n, (May 14, 2018), https://
www.ftc.gov/system/files/documents/public_state
ments/1378225/chopra_-_repeat_offenders_memo_5-14-18.pdf.
---------------------------------------------------------------------------
Despite strong words, eight months have passed since the FTC's
announcement of a new investigation, but still there is no judgment, no
report, nor even a public statement about one of the most serious data
breaches in U.S. history. It is critical that the FTC conclude the
Facebook matter, issue a significant fine, and ensure that the company
upholds its privacy commitments to users.
The Committee should ask the FTC Chairman and the Commissioners:
When will there be a final determination in the Facebook investigation?
What other steps can the FTC take to assure the American public that
the Commission will enforce its legal orders?
Even When the FTC Finds Violations, It Does Not Sanction Companies
EPIC filed a complaint with the FTC in 2015 regarding Uber's
egregious misuse of personal data.\14\ That complaint led to an FTC
settlement with Uber in August 2017.\15\ But shortly after announcing
that settlement, the FTC discovered that Uber had failed to disclose
another massive data breach of its third-party cloud storage
service.\16\ The breach exposed unencrypted files containing more than
25 million names and e-mail addresses, 22 million names and phone
numbers, and 600,000 names and driver's license numbers.\17\ Uber
became aware of this breach in November 2016 but waited a full year to
notify its customers while secretly paying the hackers $100,000 through
its ``bug bounty'' program. Furthermore, Uber failed to notify the FTC
of this breach despite the fact that it occurred during the FTC's
investigation into Uber's failure to protect consumer data.
---------------------------------------------------------------------------
\14\ EPIC Complaint to the FTC, In the Matter of Uber Technologies,
Inc. (June 22, 2015), https://epic.org/privacy/internet/ftc/uber/
Complaint.pdf.
\15\ Agreement Containing Consent Order FILE NO. 1523054, In the
Matter of Uber Technologies, Inc., https://www.ftc.gov/system/files/
documents/cases/1523054_uber_technologies_
agreement.pdf.
\16\ Press Release, Fed. Trade Comm'n., Uber Agrees to Expanded
Settlement with FTC Related to Privacy, Security Claims (Apr. 12,
2018), https://www.ftc.gov/news-events/press-releases/2018/04/uber-
agrees-expanded-settlement-ftc-related-privacy-security.
\17\ Id.
---------------------------------------------------------------------------
Last month, the FTC finalized a revised settlement with Uber.\18\
The modified settlement requires Uber to submit all of its biennial
privacy assessments to the FTC, rather than just the initial
assessment, but those assessments will not be made public. Despite
Uber's repeated failures to protect consumer data, the proposed Order
contains no mandatory provisions for how Uber will safeguard consumer
data. The FTC imposed no fines.
---------------------------------------------------------------------------
\18\ Press Release, Fed. Trade Comm'n., Federal Trade Commission
Gives Final Approval to Settlement with Uber (Oct. 26, 2018), https://
www.ftc.gov/news-events/press-releases/2018/10/federal-trade-
commission-gives-final-approval-settlement-uber.
---------------------------------------------------------------------------
It is the responsibility of the FTC to protect consumer privacy and
prosecute companies that engage in unfair or deceptive trade practices.
The Commission has failed to do so. This is even more troubling because
the Commission claimed that its inability to impose fines hampers its
enforcement powers.\19\ But there is no such hurdle in cases involving
companies like Uber that are already subject to FTC consent orders.
---------------------------------------------------------------------------
\19\ Oversight of the Federal Trade Commission Before the Subcomm.
on Dig. Commerce and Consumer Prot. of the H. Comm. on Energy &
Commerce, 115th Cong. 6 (2018) (statement of Joseph J. Simons,
Chairman, Fed. Trade Comm'n), https://www.ftc.gov/system/files/
documents/public_statements/1394526/
p180101_ftc_testimony_re_oversight_house_07182018.pdf.
---------------------------------------------------------------------------
Why Has the FTC Failed to Stop Mergers that Threaten Consumer Privacy?
The FTC must also address the serious threats to consumer privacy
posed by increasing consolidation among the dominant technology firms
in the United States. Facebook's strategic acquisitions of Instagram
and WhatsApp, and their use of consumer data from both acquisitions,
provide two examples. As Columbia professor Tim Wu writes in his new
book The Curse of Bigness: Antitrust in the New Gilded Age, the
failures of antitrust enforcement ``sit right in front of our faces:
the centralization of the once open and competitive tech industries
into just a handful of giants. . .'' \20\ The FTC's failure to take
these threats into account in its merger review process is one of the
main reasons that consumer privacy has diminished and the secretive
tracking and profiling of consumers has proliferated.
---------------------------------------------------------------------------
\20\ Tim Wu, The Curse of Bigness: Antitrust in the New Gilded Age
23 (2018).
---------------------------------------------------------------------------
In 2007, EPIC warned the FTC that Google's acquisition of
DoubleClick would lead to Google tracking consumers across the web,
accelerating its dominance of the online advertising industry.\21\ The
FTC ultimately allowed the merger to go forward over the compelling
dissent of Pamela Jones Harbour.\22\ Not surprisingly, Google today
accounts for 90 percent of all Internet searches and, together with
Facebook, absorbs 73 percent of all digital advertising revenue in the
United States.\23\
---------------------------------------------------------------------------
\21\ In the Matter of Google Inc. and DoubleClick Inc., (EPIC
Complaint, Request for Injunction, Investigation, and Other Relief),
(Apr. 20, 2007), https://epic.org/privacy/ftc/google/epic_
complaint.pdf.
\22\ In the Matter of Google/DoubleClick, FTC File No. 070-0170
(2007) (Harbor, C., dissenting), https://www.ftc.gov/sites/default/
files/documents/public_statements/statement-matter-google/doubleclick/
071220harbour_0.pdf.
\23\ Editorial, Break Up Google, Boston Globe (June 14, 2018),
https://apps.bostonglobe.com/opinion/graphics/2018/06/break-google/.
---------------------------------------------------------------------------
Despite the clear lessons from Google-DoubleClick, in 2014, the FTC
failed to impose privacy safeguards for Facebook's acquisition of
WhatsApp, a text-messaging service that attracted users specifically
because of its strong privacy protections.\24\ The FTC allowed the
merger based on assurances by both companies that they would honor
WhatsApp users' privacy.\25\ But in 2016, WhatsApp announced that it
would begin disclosing its users' personal information to Facebook.\26\
The UK Information Commissioner's Office blocked WhatsApp's transfer of
data to Facebook,\27\ and the European Commission fined Facebook $122
million for misleading European authorities about the data
transfer.\28\ But the FTC again failed to take action.
---------------------------------------------------------------------------
\24\ In the Matter of WhatsApp, Inc., (EPIC and Center for Digital
Democracy Complaint, Request for Investigation, Injunction, and Other
Relief) (Mar. 6, 2014), https://epic.org/privacy/ftc/whatsapp/WhatsApp-
Complaint.pdf.
\25\ See, See Letter from Jessica L. Rich, Director, Bureau of
Consumer Prot., Fed. Trade Comm'n., to Facebook and WhatsApp (Apr. 10,
2014), https://epic.org/privacy/internet/ftc/whatsapp/FTC-facebook-
whatsapp-ltr.pdf (concerning the companies' pledge to honor WhatsApp's
privacy promises).
\26\ WhatsApp, Looking Ahead for WhatsApp, WhatsApp Blog, (Aug. 25,
2016), https://blog.whatsapp.com/10000627/Looking-ahead-for-WhatsApp.
\27\ Information Commissioner's Office, WhatsApp, Inc. (Mar. 12,
2018), https://ico.org.uk/media/action-weve-taken/undertakings/2258376/
whatsapp-undertaking-20180312.pdf.
\28\ Press Release, European Commission, Mergers: Commission Fines
Facebook €110 Million for Providing Misleading Information About
WhatsApp Takeover (May 18, 2017), http://europa.eu/rapid/press-
release_IP-17-1369_en.htm.
---------------------------------------------------------------------------
Chairman Joseph Simons said in February that ``the FTC needs to
devote substantial resources to determine whether its merger
enforcement has been too lax, and if that is the case, the agency needs
to determine the reason for such failure and to fix it.'' \29\ More
pointedly, Congress must ensure that the Commission uses its current
authorities to the fullest extent possible. For example, as EPIC has
argued elsewhere, the Commission could ``unwind'' the Facebook-WhatsApp
deal because of Facebook's failure to uphold its commitments to
users.\30\ Even the founders of WhatsApp have acknowledged that
Facebook broke its commitments. How can it be that the FTC does not act
in such circumstances?
---------------------------------------------------------------------------
\29\ Nomination Hearing Before the S. Comm. on Science, Commerce
and Transportation, 115th Cong. (2018) (testimony of Joseph Simons,
Nominee to be Chairman, Fed. Trade Comm'n.), https://
www.commerce.senate.gov/public/index.cfm/hearings?ID=EECF6964-F8DC-
469E-AEB2
-D7C16182A0E8.
\30\ Marc Rotenberg, The Facebook-WhatsApp Lesson: Privacy
Protection Necessary for Innovation, Techonomy (May 4, 2018), https://
techonomy.com/2018/05/facebook-whatsapp-lesson-privacy-protection-
necessary-innovation/.
---------------------------------------------------------------------------
The Committee should ask the FTC Chairman and the Commissioners:
Will the FTC unwind the Facebook-WhatsApp deal? What further steps is
the FTC going to take to protect consumer privacy in its merger review
process?
The FTC Lacks Transparency
The FTC should be more transparent about its review of companies
under consent orders. Earlier this year, EPIC filed a Freedom of
Information Act lawsuit against the FTC to publicly release the
biennial audits of Facebook's privacy practices and related records to
understand why the FTC failed to bring any enforcement action against
the company.\31\ As a result of EPIC's lawsuit, the FTC released
several communications between the FTC and Facebook that reveal the
comfortable relationship between the Commission and Facebook.\32\
---------------------------------------------------------------------------
\31\ See EPIC, EPIC v. FTC, https://www.epic.org/foia/ftc/
facebook/.
\32\ See EPIC, EPIC v. FTC: FOIA Documents, https://www.epic.org/
foia/ftc/facebook/#foia.
---------------------------------------------------------------------------
In the early years following the 2011 Consent Decree, a set of e-
mails revealed disagreement between Facebook and the FTC over potential
enforcement action on Facebook's proposed changes to its Data Use
Policy and Statement of Rights and Responsibility.\33\ In a September
11, 2013 e-mail, the FTC counsel wrote that the agency is ``greatly
disappointed that [Facebook] did not provide [the FTC with] the
information [the FTC] requested to assess Facebook's compliance with
the Commission's orders.'' \34\ The e-mail alludes to an earlier phone
call where Facebook would not answer the agency's questions to eight
specific issues, ``essentially making the call a waste of time.'' \35\
Facebook responded to this e-mail by stating they were ``surprised and
concerned by the suggestion'' that they did not address the FTC's
questions and stated that Facebook does not ``believe there is any
credible basis to assert that [the FTC's] questions relate to
Facebook's obligation under the Consent Order.'' \36\ Following this
exchange, Facebook cooperated with the FTC's request for information,
having stated that the provided information ``reflects Facebook's
continued commitment to cooperation and collaboration with [the FTC].''
\37\
---------------------------------------------------------------------------
\33\ See E-mail from S. Ashlie Beringer, Partner, Gibson, Dunn &
Crutcher, to Reenah Kim, et al., Attorney, Fed. Trade Comm'n 83-86,
https://epic.org/foia/ftc/facebook/EPIC-18-03-20-FTC-FOIA-20181019-FTC-
FB-Addtl-Communications-2013.pdf.
\34\ Id. at 83-84.
\35\ Id. at 84.
\36\ Id. at 83.
\37\ Letter from S. Ashlie Beringer, Partner, Gibson, Dunn &
Crutcher, to Reenah Kim, et al., Attorney, Fed. Trade Comm'n 98 (Sept.
30, 2013), https://epic.org/foia/ftc/facebook/EPIC-18-03-20-FTC-FOIA-
20181019-FTC-FB-Addtl-Communications-2013.pdf.
---------------------------------------------------------------------------
Communications since 2013 reflect a similar lack of commitment by
the FTC to enforce the terms of the original consent order. For
example, in a chain of e-mails, the FTC expressed concerns about the
scope of Facebook's 2015 assessment, stating ``[the auditor's] report
does not demonstrate whether and how Facebook addressed the impact of
the acquisitions on its Privacy Program.'' \38\ In another e-mail, the
FTC expressed similar concerns about the 2017 assessment and whether
the audit evaluated the company's acquisitions impact on Facebook's
privacy program.\39\ The FTC accepted Facebook and its auditor's
response letters assuring the Commission that the auditor addressed the
impact of acquisitions on Facebook's privacy program at face value
without additional inquiry.\40\ The release of this information, as a
result of EPIC's lawsuit, provides insight into the FTC's inability to
make use of its current enforcement authorities.
---------------------------------------------------------------------------
\38\ Letter from Laura D. Koss, et al., Attorney, Fed. Trade Comm'n
to Edward Palmieri, Assoc. General Counsel, Facebook 117-118 (June 4,
2015), https://epic.org/foia/FTC/facebook/EPIC-18-03-20-FTC-FOIA-
20181012-FTC-FB-Communications.pdf.
\39\ Letter from Reenah Kim, Attorney, Fed. Trade Comm'n to Edward
Palmieri, Assoc. General Counsel, Facebook 134-136 (June 1, 2017),
https://epic.org/foia/FTC/facebook/EPIC-18-03-20-FTC-FOIA-20181012-FTC-
FB-Communications.pdf.
\40\ See Response Letters from Facebook and PwC to Fed. Trade
Comm'n 108-119, https://epic.org/foia/ftc/facebook/EPIC-18-03-20-FTC-
FOIA-20180910-FB-Assessment-Records-2013.pdf.
---------------------------------------------------------------------------
The United States Needs a Data Protection Agency
The Federal Trade Commission helps to safeguard consumers and to
promote competition, but the FTC is not an effective data protection
agency. The agency lacks authority to enforce basic data protection
obligations and has failed to enforce the orders it has established.
The FTC also lacks the ability, authority and expertise to engage the
broad range of challenges we now confront--such as Internet of Things,
Artificial Intelligence, connected vehicles, and more. This problem
will not be solved by granting the FTC more authority: the agency has
failed to use the authority it already has.
Given the enormity of the challenge, the United States would be
best served to do what other countries have done and create a dedicated
data protection agency. An independent agency could more effectively
utilize its resources to police the current widespread exploitation of
consumers' personal information and would be staffed with personnel who
possess the requisite expertise to regulate the field of data security.
The United States is one of the few advanced economies in the world
that does not have a Federal data protection agency, even though the
original proposal for such an institution emerged from the United
States in the 1970s.\41\ The practical consequence is that the U.S
consumers experience the highest levels of data breach, financial
fraud, and identity theft in the world. And U.S. businesses, with their
vast collections of personal data, remain the target of cyber-attack by
criminals and foreign adversaries. The Cambridge Analytica case is just
one illustration of the ways in which that vulnerability threatens not
only U.S. citizens, but also our democratic institutions. The longer
the United States continues on this course, the greater will be the
threats to consumer privacy, democratic institutions, and national
security.
---------------------------------------------------------------------------
\41\ See EPIC, The Privacy Act of 1974, https://epic.org/privacy/
1974act/#history.
---------------------------------------------------------------------------
As the data breach epidemic reaches unprecedented levels, the need
for an effective, independent data protection agency has never been
greater.
Conclusion
The FTC has failed to make use of its current legal authorities to
enforce consent orders and unwind mergers that stifle innovation and
competition. Seven years have passed since the FTC heralded the consent
order with Facebook, and yet the Commission has not issued a single
fine against the company that has been widely criticized for its
business practices. It is unclear how additional regulatory authority
will fix that problem.
EPIC appreciates the Committee's decision to convene this hearing
and respects the FTC's role as the lead consumer protection agency in
the United States. But as for data protection in the United States, the
FTC is not up to the task. It is time to establish an independent
Federal data protection agency.
We ask that this letter be entered in the hearing record. EPIC
looks forward to working with the Committee on these issues of vital
importance to the American public.
Sincerely,
/s/Marc Rotenberg /s/Caitriona Fitzgerald
Marc Rotenberg Caitriona Fitzgerald
EPIC President EPIC Policy Director
/s/Christine Bannan /s/Enid Zhou
Christine Bannan Enid Zhou
EPIC Consumer Privacy Counsel EPIC Open Government Counsel
/s/Lorraine Kisselburgh /s/Jeff Gary
Lorraine Kisselburgh Jeff Gary
EPIC Scholar in Residence EPIC Legislative Fellow
Additional Resources
In the Matter of Facebook, Inc. (EPIC, Complaint, Request
for Investigation, Injunction, and Other Relief) before the
Federal Trade Commission, Washington, D.C. (filed Dec. 17,
2009), http://www.epic.org/privacy/inrefacebook/EPIC-
FacebookComplaint.pdf.
In the Matter of Facebook, Inc. (EPIC, Supplemental
Materials in Support of Pending Complaint and Request for
Injunction, Request for Investigation and for Other Relief)
before the Federal Trade Commission, Washington, D.C. (filed
Jan. 14, 2010), http://www.epic.org/privacy/inrefacebook/EPIC-
FacebookCom
plaint.pdf.
Fed. Trade Comm'n., Facebook Settles FTC Charges That It
Deceived Consumers by Failing to Keep Privacy Promises, Press
Release, (Nov. 29, 2011), https://www.ftc.gov/news-events/
press-releases/2011/11/facebook-settles-ftc-charges-it-
deceived-consumers-failing-keep.
EPIC v. FTC, 844 F. Supp. 2d 98 (D.D.C. 2012), https://
epic.org/privacy/ftc/google/EPICvFTC-CtMemo.pdf.
EPIC, In re Facebook and Facial Recognition (2018), https://
www.epic.org/privacy/ftc/facebook/facial-recognition2018.
Info. Comm'rs Office, Findings Recommendations and Actions
from ICO Investigation into Data Analytics in Political
Campaigns (2018), https://ico.org.uk/about-the-ico/news-and-
events/news-and-blogs/2018/07/findings-recommendations-and-
actions-from-ico-investigation-into-data-analytics-in-
political-campaigns.
EPIC Statement to Subcomm. on Antitrust, Competition Policy,
and Consumer Rights of the S. Comm. on the Judiciary, 115th
Cong. (2018), https://epic.org/testimony/congress/EPIC-SJC-
AntitrustOversight-Oct2018.pdf.
EPIC Statement to Subcomm. on Research and Tech. of the H.
Comm. on Sci., Space, and Tech., 115th Cong. (2018)), https://
epic.org/testimony/congress/EPIC-HSC-AI-June2018.pdf.
______
November 26, 2018
Joseph J. Simons, Chairman,
Federal Trade Commission,
Washington, DC.
VIA EMAIL TRANSMISSION
Dear Chairman Simons:
We, the undersigned consumer, privacy and civil liberties
organizations, write to express our disappointment about the comments
\1\ that the Federal Trade Commission (FTC) staff recently submitted to
the National Telecommunications and Information Administration's
request for comments on ``Developing the Administration's Approach to
Consumer Privacy.'' \2\ We appreciate the work that the FTC has done
over the years to protect consumers' privacy, within the limitations
that it describes in its comments.\3\ However, we remain frustrated by
the agency's failure to act promptly on timely and important privacy-
related complaints \4\ before the agency as well as by the lack of
adequate enforcement actions for cases resolved in recent years.\5\
---------------------------------------------------------------------------
\1\ https://www.ftc.gov/system/files/documents/advocacy_documents/
ftc-staff-comment-ntia-developing-administrations-approach-consumer-
privacy/p195400_ftc_comment_to_ntia_112018.pdf.
\2\ Federal Register Vol. 83, No 187 (September 26, 2018), notice
and request for comments, https://www.gpo.gov/fdsys/pkg/FR-2018-09-26/
pdf/2018-20941.pdf.
\3\ Supra at pages 18-19.
\4\ For instance, the FTC has taken no action on a complaint that
consumer and privacy groups made in 2016 alleging that cable and
satellite providers were deceiving consumers about their privacy
practices; see letter sent to the FTC one year after the complaint was
submitted, https://consumerfed.org/wp-content/uploads/2017/06/6-12-17-
FTC-Consumer-Privacy_Letter.pdf. Another example is the complaint that
consumer and privacy groups made about the internet-connected doll, My
Friend Cayla, in 2016, see December 2017 letter demanding action,
http://www.commercialfreechildhood.org/consumer-and-privacy-groups-
demand-action-toys-spy-children.
\5\ See, for example, April 6, 2018 complaint to the FTC from
consumer and privacy groups alleging that Facebook violated previous
Consent Order, https://consumerfed.org/wp-content/uploads/2018/04/
consumer-privacy-groups-ftc-complaint-facebook-facial-recognition.pdf,
and recent consumer and privacy group comments to the FTC about its
failure to protect privacy in its merger review process, https://
consumerfed.org/wp-content/uploads/2018/08/consumer-privacy-groups-
comment-on-intersection-between-privacy-big-data-and-competition.pdf.
---------------------------------------------------------------------------
What is most troubling to us in these comments, however, is the
FTC's apparent position, citing a study by the advertising industry,
that a policy approach in which consumers were opted out of online
advertising by default would not be appropriate because ``the likely
result would include the loss of advertising-funded online content.''
\6\ The study fails to cite any empirical data suggesting that without
targeted advertising, free online content will decrease. We would have
hoped that the FTC would take a broader look at the evidence, rather
than relying on a self-serving study by one stakeholder.
---------------------------------------------------------------------------
\6\ Supra at page 18.
---------------------------------------------------------------------------
The FTC's stated position ignores the fact that contextual
advertising, which does not raise the same privacy concerns as
behavioral advertising, would still be possible. In addition, the FTC
fails to recognize that placing the burden on individuals to deal with
the privacy-intrusive nature of behavioral tracking and targeting is
unfair. Privacy management across hundreds of websites and untold
numbers of advertisers and data brokers, many hidden from public view,
is an impossible task for consumers.
That is why the General Data Protection Regulation (GDPR) in Europe
places the burden on data controllers to demonstrate that they have a
legal basis to collect, use or share an individual's personal
information. A data controller can only process personal data if it has
a legal basis to do so, which includes the processing on the basis of a
freely given, specific, informed and unambiguous consent.\7\ In fact,
European data protection authorities have clarified that opt-in consent
should be required ``for tracking and profiling for purposes of direct
marketing, behavioural advertisement, data-brokering, location-based
advertising or tracking-based digital market research.'' \8\ We suggest
that the FTC's position is out of step with most of the rest of the
world, and it makes consumers in the United States second class
citizens when it comes to privacy protection.
---------------------------------------------------------------------------
\7\ Information about the GDPR and other EU data protections is
available at https://ec.europa.eu/info/law/law-topic/data-protection/
data-protection-eu_en.
\8\ Opinion 06/2014 on the notion of legitimate interests of the
data controller under Article 7 of Directive 95/46/EC, http://
ec.europa.eu/justice/data-protection/index_en.htm.
---------------------------------------------------------------------------
In its comments, the FTC cites examples of how consumer data fuels
innovation, most of which (such as better responses to emergency
situations, improved fraud detection, safer homes, better health and
wellness, improved inventory control, easier-to-find parking, and
increased connectivity) can be accomplished without necessarily unduly
impinging on individuals' privacy.\9\ These data uses (1) are
specifically related to the purposes for which the individuals provided
their data; (2) could be accomplished with aggregate data; or (3) could
be allowed under reasonable exceptions (e.g., fraud control). ``More
relevant online experiences,'' on the other hand, is something that
consumers should be given the option to affirmatively agree to if they
wish. We do not think that ``more relevant'' should be read to mean
more beneficial to advertisers.
---------------------------------------------------------------------------
\9\ Supra at pages 10-11.
---------------------------------------------------------------------------
The FTC staff also commented that the benefits of privacy
regulation should be weighed against potential costs to competition and
gives as an example a small outdoor equipment company seeking to expand
its customer base.\10\ We suggest that a narrow-minded economic
balancing test ignores the fundamental right to privacy that should be
the proper starting point for analysis. In any event, nothing would
prevent that small outdoor equipment company from serving ads on a
contextual basis--for instance, on a camping or hiking site.
Furthermore, if the FTC took more assertive action to ensure that
search engines cannot dominate the online ecosystem and unfairly rig
the results,\11\ individuals would be able to find that small company
more easily. It seems that the FTC relies on its own failures to police
competition in the online marketplace as justification for overriding
the privacy interests of consumers.
---------------------------------------------------------------------------
\10\ Id.
\11\ See European Commission press release announcing fine levied
against Google for imposing illegal restrictions on Android device
manufacturers and mobile network operators to cement its dominant
position in general Internet search (July 18, 2018), http://europa.eu/
rapid/press-release_IP-18-4581_en.htm. The FTC missed an opportunity to
rein in Google's anti-competitive behavior five years earlier, see
Craig Timberg, ``FTC: Google did not break antitrust law with search
practices,'' Washington Post (January 3, 2013), https://
www.washingtonpost.com/business/technology/ftc-to-announce-google-
settlement-today/2013/01/03/ecb599f0-55c6-11e2-bf3e-
76c0a789346f_story.html?utm_term=.3d532f0e0425.
---------------------------------------------------------------------------
We appreciate the fact that the FTC continues to call for Congress
to enact privacy and security legislation, and we support enhancing the
agency's resources, rulemaking authority and enforcement capabilities.
We do not believe, however, that the scale should be tipped in favor of
corporate interests over the fundamental civil and human rights of
individuals.
Sincerely,
Campaign for a Commercial Free Childhood
Center for Digital Democracy
Consumer Action
Consumer Federation of America
Consumer Watchdog
Customer Commons
Electronic Frontier Foundation
Electronic Privacy Information Center
Media Alliance
National Hispanic Media Coalition
Privacy Rights Clearinghouse
Public Citizen
Public Knowledge
Stop Online Violence Against Women
U.S. PIRG
CC: Commissioner Noah Joshua Phillips
Commissioner Rohit Chopra
Commissioner Rebecca Kelly Slaughter
Commissioner Christine S. Wilson
Andrew Smith, Director, Bureau of Consumer Protection
Maneesha Mithal, Director, Division of Privacy and Identity Protection
______
Response to Written Questions Submitted by Hon. John Thune to
Hon. Joseph J. Simons
Question 1. You recently attended the Second Annual Privacy Shield
Review. Did the European regulators raise any concerns about the
effectiveness of the program? Do you think Privacy Shield is operating
effectively and will continue to be a valid means for businesses to
transfer personal data to the United States from Europe?
Answer. The European Commission (EC) issued its report on the
Annual Review in December 2018. I agree with the ultimate conclusion of
the EC report: Privacy Shield remains a robust program for protecting
privacy and enabling transatlantic data flows. The report found that
U.S. authorities continue to improve the program, highlighting the
proactive approach to enforcement by the FTC. The EC raised concerns
with the national security aspects of the program, specifically
requesting the nomination of an Ombudsperson within the State
Department. The Administration has since created and filled a Privacy
Shield Ombudsperson position.
Question 2. Vertical mergers such as the merger between AT&T and
Time Warner have garnered some attention lately. The Federal Trade
Commission (FTC) and the Department of Justice (DOJ) have not updated
vertical merger guidance since 1984. Do you believe that the FTC and
DOJ should issue new guidance on vertical mergers?
Answer. I believe that the 1984 Non-Horizontal Merger Guidelines do
not reflect current scholarship and thinking on vertical merger
enforcement.\1\ They are significantly out of date. If we were to
attempt to draft new guidelines, we would probably have to start from
scratch, based on the practical learning and experience of more recent
merger challenges and investigations.
---------------------------------------------------------------------------
\1\ U.S. Dep't of Justice Non-Horizontal Merger Guidelines (1984),
https://www.justice.gov/sites/default/files/atr/legacy/2006/05/18/
2614.pdf.
---------------------------------------------------------------------------
Over the years, the Commission and its staff have provided
substantial insight on vertical merger analysis through speeches and
other policy work,\2\ and through rigorous case selection.\3\ The
Commission is actively considering whether we--along with our sister
agency, the Antitrust Division of the Department of Justice--should
formally publish vertical merger guidelines. This topic is a key focus
of the FTC's ambitious program of Hearings on Competition and Consumer
Protection in the 21st Century.\4\ Two panel discussions on vertical
mergers were held in November 2018, and the Commission has invited
public commentary on the topic.
---------------------------------------------------------------------------
\2\ See, e.g., Bruce Hoffman, Vertical Merger Enforcement at the
FTC, Remarks at Credit Suisse 2018 Washington Perspectives Conference
(Jan. 10, 2018), https://www.ftc.gov/public-statements/2018/01/
vertical-merger-enforcement-ftc (explaining the FTC's current analysis
of proposed vertical mergers and highlighting the extent to which that
analysis has moved beyond the 1984 Non-Horizontal Merger Guidelines).
\3\ For example, the Commission recently challenged a vertical
merger between Northrop Grumman, a leading provider of missile systems
to the Department of Defense, and Orbital ATK, a key supplier of solid
rocket motors. In re Northrop Grumman, Dkt. C-4652 (June 5, 2018),
https://www.ftc.gov/enforcement/cases-proceedings/181-0005-c-4652/
northrop-grumman-orbital-atk. See also In re Sycamore Partners II,
L.P., Staples, Inc., and Essendant Inc., Dkt. C-4667 (Jan. 25, 2018),
https://www.ftc.gov/enforcement/cases-proceedings/181-0180/sycamore-
partners-ii-lp-staples-inc-essendant-inc-matter (consent agreement
resolving charges that a merger between Staples, the world's largest
retailer of office products and related services, and Essendant, a
wholesale distributor of office products, was likely to harm
competition in the market for office supply products sold to small- and
mid-sized businesses).
\4\ FTC, Hearings on Competition and Consumer Protection in the
21st Century, https://www.ftc.gov/policy/hearings-competition-consumer-
protection; see also FTC Workshop, FTC Hearing #5: Competition and
Consumer Protection in the 21st Century (Nov. 1, 2018), https://
www.ftc.gov/news-events/events-calendar/ftc-hearing-5-competition-
consumer-protection-21st-century.
Question 3. Government lawsuits to stop mergers are litigated using
different procedures depending on which agency, the FTC or DOJ, handles
the case. Do you think Congress should take action to ensure that
agencies follow the same procedures, or do you support another
approach?
Answer. While I have no opinion as to whether Congress should take
action, I note that there are significant benefits to the Commission's
administrative litigation path; in particular, it provides the
Commission an opportunity to develop important aspects of competition
law. But if the FTC is denied a preliminary injunction in a merger
matter in Federal court, I do not believe the Commission should pursue
that matter in administrative litigation. The Commission has not
pursued an administrative proceeding following the denial of a
preliminary injunction in Federal court for over twenty years. I agree
with this approach.
Separately, it is not clear to me whether it would be beneficial to
prohibit the FTC from conducting an administrative proceeding while the
parties to a merger remain unable to close their transaction for a
significant period of time. Many transactions are subject to
multijurisdictional reviews, whether by foreign competition authorities
or state regulators. Under current law, the FTC can commence an
administrative action while other reviews are pending. The FTC may
delay an injunction action in Federal court until other review
processes are completed and the merger is imminent. This approach could
have certain advantages that I believe are worth discussing when
thinking about making changes to the Commission's process for
challenging mergers.
In the recent Tronox case, the FTC was able to complete an
administrative trial while the parties waited for foreign approvals.\5\
Once those approvals were granted and the parties would have been able
to close their transaction, the FTC filed suit in Federal court seeking
a preliminary injunction. The existence of the record from the FTC
administrative proceeding allowed the parties to avoid a substantial
discovery period in the Federal proceeding, enabled the district court
judge to substantially expedite the preliminary injunction hearing, and
very likely reduced the overall time for the court to reach a decision.
In this case, the injunction was granted. If the injunction had not
been granted, the parties likely would have been able to close their
transaction faster than if there had been no FTC administrative
proceeding. To the extent there was duplication between the two
proceedings, it appears to have been minor, and the matter was very
likely resolved faster as a result. Certainly, it reduced cost and
resource burdens on the Federal district court.
---------------------------------------------------------------------------
\5\ FTC v. Tronox Ltd. and Nat'l Titanium Dioxide Co. Ltd.
(Cristal), No. 1:18-cv-01622 (D.D.C. Sept. 12, 2018), https://
www.ftc.gov/enforcement/cases-proceedings/171-0085/tronox-limited-et-
al-ftc-v.
Question 4. Should Congress amend Section 5(n) of the FTC Act,
which addresses unfair practices, to clarify what constitutes
``substantial injury?'' If so, how?
Answer. No. Neither the Commission, nor the courts that have ruled
on this issue, have struggled to interpret that element of Section
5(n). Substantial injury can be financial, physical, reputational, or
unwanted intrusions. Financial injury can manifest in a variety of
ways: fraudulent charges, delayed benefits, expended time, opportunity
costs, fraud, and identity theft, among other things.\6\ Physical
injuries include risks to individuals' health or safety, including the
risks of stalking and harassment.\7\ Reputational injury involves
disclosure of private facts about an individual, which damages the
individual's reputation. Tort law recognizes reputational injury.\8\
The FTC has brought cases involving this type of injury, for example,
in a case involving public disclosure of individuals' Prozac use \9\
and public disclosure of individuals' membership on an infidelity-
promoting website.\10\ Finally, unwanted intrusions involve two
categories. The first includes activities that intrude on the sanctity
of people's homes and their intimate lives. The FTC's cases involving a
revenge porn website,\11\ an adult-dating website,\12\ and companies
spying on people in their bedrooms through remotely-activated webcams
fall into this category.\13\ The second category involves unwanted
commercial intrusions, such as telemarketing, spam, and harassing debt
collection calls.
---------------------------------------------------------------------------
\6\ See, e.g., TaxSlayer, LLC, No. C-4626 (F.T.C. Oct. 20, 2017),
https://www.ftc.gov/enforcement/cases-proceedings/162-3063/taxslayer
(alleging delayed benefits, expended time, and risk of identity theft).
\7\ See, e.g., FTC v. Accusearch, Inc., No. 06-CV-0105 (D. Wyo. May
3, 2006), https://www
.ftc.gov/enforcement/cases-proceedings/052-3126/accusearch-inc-dba-
abikacom-jay-patel (alleging that telephone records pretexting
endangered consumers' health and safety).
\8\ Under the tort of public disclosure of private facts (or
publicity given to private life), a plaintiff may recover where the
defendant's conduct is highly offensive to a reasonable person.
Restatement (Second) of Torts Sec. 652D (1977).
\9\ Eli Lilly and Co., No. C-4047 (F.T.C. May 8, 2002), https://
www.ftc.gov/enforcement/cases-proceedings/012-3214/eli-lilly-company-
matter.
\10\ FTC v. Ruby Corp., et al., No. 1:16-cv-02438 (D.D.C. Dec. 14,
2016), https://www.ftc.gov/enforcement/cases-proceedings/152-3284/
ashley-madison.
\11\ FTC v. EMP Media, Inc., et al., No. 2:18-cv-00035 (D. Nev.
Jan. 9, 2018), https://www.ftc
.gov/enforcement/cases-proceedings/162-3052/emp-media-inc-myexcom.
\12\ FTC v. Ruby Corp., et al., No. 1:16-cv-02438 (D.D.C. Dec. 14,
2016), https://www.ftc.gov/enforcement/cases-proceedings/152-3284/
ashley-madison.
\13\ See Press Release, FTC Halts Computer Spying (Sept. 25, 2012),
https://www.ftc.gov/news-events/press-releases/2012/09/ftc-halts-
computer-spying; see also Aaron's, Inc., C-4442 (F.T.C. Mar. 10, 2014),
https://www.ftc.gov/enforcement/cases-proceedings/122-3256/aarons-inc-
matter.
Question 5. Should the FTC issue more guidance to marketers on the
level of support needed to substantiate their claims? If so, when do
you anticipate that such guidance could be issued?
Answer. The FTC has issued extensive guidance over the years to
help marketers determine the level of support needed to substantiate
claims. The Commission first articulated the relevant factors used to
determine the level of evidence required to substantiate objective
performance claims in Pfizer, Inc.\14\ Those factors included the type
of claim, type of product, consequences of a false claim, benefits of a
truthful claim, cost of developing substantiation for the claim, and
amount of substantiation experts in the field believe is reasonable.
The Commission and the courts have reaffirmed this standard many times
since 1972.\15\ In addition, the FTC also has provided extensive
guidance through Guides and staff guidance documents.\16\ FTC staff
regularly provide further guidance through speeches and presentations
to industry trade groups and industry attorneys.
---------------------------------------------------------------------------
\14\ 81 F.T.C. 23 (1972)
\15\ See, e.g., Thompson Med. Co., 104 F.T.C. 648, 813 (1984),
aff'd, 791 F.2d 189 (D.C. Cir. 1986); Daniel Chapter One, 2009 WL
5160000 at *25-26 (F.T.C. 2009), aff'd, 405 Fed. Appx. 505 (D.C. Cir.
2010) (unpublished opinion), available at 2011-1 Trade Cas. (CCH) �
77,443 (D.C. Cir. 2010); POM Wonderful, LLC, 155 F.T.C. 1, 55-60
(2013), aff'd, 777 F.3d 478 (D.C. Cir. 2015), cert. denied, 136 S. Ct.
1839, 194 L. Ed. 2d 839 (2016); FTC Policy Statement Regarding
Substantiation, 104 F.T.C. 839, 840 (1984) (appended to Thompson Med.
Co., 104 F.T.C. 648 (1984)).
\16\ See, e.g., Guides for the Use of Environmental Marketing
Claims, 16 C.F.R. Sec. 260.2 (2019), https://www.ecfr.gov/cgi-bin/text-
idx?SID=bd96b2cdcd01f7620d43e50a9d1d8cec&mc=true&
node=se16.1.260_12&rgn=div8; Dietary Supplements: An Advertising Guide
for Industry, https://www.ftc.gov/tips-advice/business-center/guidance/
dietary-supplements-advertising-guide-industry.
---------------------------------------------------------------------------
The Commission's precedent and subsequent guidance set forth
flexible principles that can be applied to multiple products and
claims. These materials do not attempt to answer every question about
substantiation, given the virtually limitless range of advertising
claims, products, and services to which it could be applied. Instead,
they seek to strike the right balance: specific enough to be helpful,
but not so granular as to overlook some important factor that might
arise, and thereby chill useful speech.
Question 6. In June, the 11th Circuit vacated the Commission's data
security order against Lab-MD. What effect, if any, will this have on
the Commission's data security orders going forward?
Answer. The Eleventh Circuit determined that the mandated data
security provision of the Commission's LabMD Order was insufficiently
specific. We are engaged in an ongoing process to craft appropriate
order language in data security cases, based on the Eleventh Circuit
opinion, feedback we received from our December hearing on data
security, and our own internal discussion of how to use our existing
tools to implement remedies that better deter future misconduct.
Question 7. If Federal privacy legislation is passed, what
enforcement tools would you like to be included for the FTC?
Answer. First, I would recommend that Congress consider giving the
FTC the authority to seek civil penalties for initial privacy
violations, which would create an important deterrent effect. Second,
while the process of enacting Federal privacy legislation will involve
difficult tradeoffs that are appropriately left to Congress, targeted
APA rulemaking authority, similar to that in the Children's Online
Privacy Protection Act, would allow the FTC to keep up with
technological developments. For example, in 2013, the FTC used its APA
rulemaking authority to amend the COPPA Rule to address new business
models, including social media and collection of geolocation
information, that did not exist when the initial 2000 Rule was
promulgated. Third, the FTC could use broader enforcement authority to
take action against common carriers and nonprofits, which it cannot
currently do under the FTC Act.
Question 8. During the hearing, I asked you whether the FTC would
consider using its section 6(b) authority to study consumer information
data flows, specifically sending requests to Google, Facebook, Amazon,
and others in the tech industry to learn what information they collect
from consumers and how that information is used, shared, and sold. You
responded, ``Sure, 6(b) is a really powerful tool and that's the type
of thing that might very well make sense for us to use it for.'' I
believe the FTC's section 6(b) authority could provide some much needed
transparency to consumers about the data practices of large technology
companies, and help identify areas that may require additional
attention from lawmakers. Can you explain in more detail whether you
believe the FTC should conduct a study pursuant to section 6(b) of the
Federal Trade Commission Act on the data collection, use, filtering,
sharing, and sale practices of large technology companies?
Answer. I agree with you that the FTC's section 6(b) authority
could be used to provide some much needed transparency to consumers
about the data practices of large technology companies. We are
developing plans to issue 6(b) orders in the technology area.
______
Response to Written Question Submitted by Hon. Roy Blunt to
Hon. Joseph J. Simons
Question. The Food and Drug Administration (FDA) cataloged reports
that patients have foregone or discontinued their doctor prescribed
medications, in some cases resulting in serious injury and death, after
seeing lawsuit advertisements making claims about certain FDA-approved
medications.
It is incumbent upon the Federal Trade Commission (FTC) to examine
and curb false and misleading advertising practices, particularly when
such practices result in serious injury and death.
What is the FTC doing to stop these false and misleading lawsuit
advertising practices?
Answer. Some of these advertisements could be unfair or deceptive
in violation of the FTC Act. The FTC is monitoring attorney advertising
that solicits people who may have been harmed by prescription drugs or
medical devices to determine whether such advertising is likely to
cause physical or financial harm to consumers. We also are consulting
with the FDA to determine how we may assist each other in protecting
consumers. In particular, among other requests, we are seeking FDA
input as to whether particular ads contain misleading statements
concerning the risks associated with specific drugs and the potential
risk to patients of discontinuing the drugs without a doctor's
consultation. In addition, we are seeking information from the FDA
concerning adverse event reports suggesting a patient stopped taking
his or her medication after viewing such advertising. However, it
should be noted that adverse event reports do not establish causation,
and an enforcement action would have to be based on more than a
reported incident.
______
Response to Written Questions Submitted by Hon. Jerry Moran to
Hon. Joseph J. Simons
Question 1. Section 5(a) of the FTC Act, which prohibits ``unfair
or deceptive acts or practices in or affecting commerce'' is the legal
basis for a body of consumer protection law that covers data privacy
and security practices. The FTC has brought hundreds of cases to date
to protect the privacy and security of consumer information held by
companies of all sizes under this authority. The FTC staff recently
submitted comments to the National Telecommunications and Information
Administration (NTIA) that clearly indicate the FTC staff's view that
the FTC would be the appropriate agency to enforce a new comprehensive
privacy legislative framework. Do you agree with the staff's view?
Answer. Absolutely. The FTC has developed a substantial body of
expertise on privacy issues over the past several decades, by bringing
hundreds of cases, hosting approximately 70 workshops, and conducting
numerous policy initiatives. The FTC is committed to using all of its
expertise, its existing tools under the FTC Act and sector-specific
privacy statutes, and whatever additional authority Congress gives us,
to protect consumer privacy while promoting innovation and competition
in the marketplace.
Question 2. As Congress evaluates opportunities to create
meaningful Federal legislation to appropriately ensure privacy of
consumers' data, there have been suggestions to increase the FTC's
authorities to enforce in this space. Will you commit to working with
this Committee in measuring what resources, if any, will be needed to
allow the agency to enforce any additional authorities that may or may
not be provided in Federal legislation?
Question 3. Sharing responsibilities with the DOJ's Antitrust
Division, the FTC enforces antitrust law in a variety of sectors as
described by your testimony. While the vast majority of premerger
filings submitted to enforcement agencies do not raise competition
concerns, the FTC challenged 45 mergers since the beginning of 2017,
and of those, the FTC only voted to initiate litigation to block five
transactions. Would you please describe the resource needs of the
agency associated with hiring qualified outside experts to support its
litigation efforts? Please explain how developments in the high-
technology sector are accounted for in the FTC's decision-making
process related to antitrust enforcement.
Answer. I appreciate your attention to the agency's resource needs.
As I mentioned in my November 27 testimony, the FTC is committed to
maximizing its resources to enhance its effectiveness in protecting
consumers and promoting competition, to anticipate and respond to
changes in the marketplace, and to meet current and future challenges.
Resource constraints, however, remain a significant challenge. As
discussed in more detail below, evolving technologies and intellectual
property issues continue to increase the complexity of antitrust
investigations and litigation. This complexity, coupled with the rising
costs of necessary expert witnesses and increases in caseload,
sometimes leads to financial and personnel resource limitations. In the
past, we have requested additional resources for experts, information
technology, and more full-time employees in support of our mission to
protect consumers and promote competition. These continue to be
critical areas of need for our agency. If we were to receive additional
resources, they likely would be applied to these areas as needed.
Qualified experts are an essential resource in all of the FTC's
competition cases heading toward litigation (including some cases that
ultimately are resolved via consent orders, through which we obtain
effective relief without litigation). For example, the services of
expert witnesses are critical to the successful investigation and
litigation of merger cases; experts provide insight on proper
definition of product and geographic markets, the likelihood of entry
by new competitors, and the development of models to contrast merger
efficiencies with potential competitive harm.
Expert witness costs are highly dependent on the number, scope,
duration, and disposition of our Federal and administrative court
challenges. The cost of an expert, for example, increases if we require
the expert to testify or produce a report. To limit these costs, the
FTC has identified and implemented a variety of strategies, including
using internal personnel from its Bureau of Economics as expert
witnesses whenever practical. The opportunities to use internal experts
as testifying experts are limited, however, by several factors,
including staff availability, testifying experience, and the
specialized expertise required for specific matters. Under my
direction, the FTC will continue to evaluate how to increase its use of
internal experts and control expert costs without compromising case
outcomes or reducing the number of enforcement actions.
In addition to expert witness costs, you asked about how
developments in the high-technology sector factor into the FTC's
decision-making process related to antitrust enforcement. The FTC
follows closely activity in the high-technology sector. Given the
important role that technology companies play in the American economy,
it is critical that the Commission--in furthering its mission to
protect consumers and promote competition--understand the current and
developing business models and scrutinize incumbents' conduct to ensure
that they abide by the same rules of competitive markets that apply to
any company. When appropriate, the Commission will take action to
counter any harmful effects of coordinated or unilateral conduct by
technology firms.
The fundamental principles of antitrust do not differ when applied
to high-technology industries, including those in which patents or
other intellectual property are highly significant. The issues,
however, are often more complex and require different expertise, which
may necessitate the hiring of outside experts or consultants to help us
develop and litigate our cases. The FTC also strives to adapt to the
dynamic markets we protect by leveraging the research, advocacy, and
education tools at our disposal to improve our understanding of
significant antitrust issues and emerging trends in business practices,
technology, and markets. For example, last fall, the Commission
launched its Hearings on Competition and Consumer Protection in the
21st Century to consider whether the FTC's enforcement and policy
efforts are keeping pace with changes in the economy, including
advancements in technology and new business models made possible by
those developments.\17\ Under my leadership, the FTC will continue to
scrutinize technology mergers and conduct by technology firms to ensure
not only that consumers benefit from their innovative products, but
also that competition thrives in this dynamic and highly influential
sector. Our recent announcement of a new Technology Task Force within
the Bureau of Competition demonstrates our commitment to monitoring
competition in U.S. technology markets, investigating any potential
anticompetitive conduct in those markets, and taking enforcement
actions when warranted.
---------------------------------------------------------------------------
\17\ FTC, Hearings on Competition and Consumer Protection in the
21st Century, https://www.ftc.gov/policy/hearings-competition-consumer-
protection. Recent hearings included a two-day workshop on the
potential for collusive, exclusionary, and predatory conduct in
multisided, technology-based platform industries. FTC Workshop, FTC
Hearing #3: Competition and Consumer Protection in the 21st Century
(Oct. 15-17, 2018), https://www.ftc.gov/news-events/events-calendar/
2018/10/ftc-hearing-3-competition-consumer-protection-21st-century.
Similarly, in early November, the Commission held a two-day workshop on
the antitrust frameworks for evaluating acquisitions of nascent
competitors in the technology and digital marketplace, and the
antitrust analysis of mergers and conduct where data is a key asset or
product. FTC Workshop, FTC Hearing #6: Competition and Consumer
Protection in the 21st Century (Nov. 6-8, 2018), https://www.ftc.gov/
news-events/events-calendar/ftc-hearing-6-competition-consumer-pro
tection-21st-century. Also in November, the Commission held a two-day
workshop on the competition and consumer protection issues associated
with algorithms, artificial intelligence, and predictive analysis in
business decisions and conduct. FTC Workshop, FTC Hearing #7:
Competition and Consumer Protection in the 21st Century (Nov. 13-14),
https://www.ftc.gov/news-events/events-calendar/ftc-hearing-7-
competition-consumer-protection-21st-century.
Question 4. Earlier this year, I introduced legislation called the
Senior Scams Prevention Act with Senator Bob Casey to combat continued
and increasingly complex attempts to defraud one of the Nation's most
vulnerable populations, our senior community. This bill seeks to ensure
retailers, financial institutions and wire transfer companies have the
resources to train employees to help stop financial frauds and scams on
seniors. Would you agree that awareness and education, guided by ``best
practices'' established by industry and government partners, is a
valuable tool in preventing consumer harms against our Nation's
seniors?
Answer. Yes, I agree, and your question fully aligns with the FTC's
work in this area. Protecting older consumers is one of the agency's
top priorities. As the population of older Americans grows, the FTC's
efforts to identify scams affecting seniors and to bring aggressive law
enforcement action, as well as provide awareness and useful advice to
seniors, are increasingly vital. Based on consumer research, the FTC
developed its Pass It On campaign to share preventative information
about frauds and scams with older adults.\18\ This popular campaign,
used by many of our partners, engages active older adults to share
these educational materials with others in their communities, including
people in their lives who may particularly benefit from this
information. The FTC stands ready to work with industry and government
partners to create additional materials for industry, such as
retailers, financial institutions, and wire transfer companies, to help
prevent harm to our Nation's seniors.
---------------------------------------------------------------------------
\18\ Consumer Information--Pass it on, https://
www.consumer.ftc.gov/features/feature-0030-pass-it-on (providing
consumer information on identity theft, imposter scams, charity fraud,
and other topics).
Question 5. In its comments submitted to NTIA on ``Developing the
Administration's Approach to Consumer Privacy,'' the FTC discussed the
various cases that it has taken up to address privacy-related harms to
consumers, and it specifically noted four categories of harms:
financial injury, physical injury, reputational injury, and unwanted
intrusion. Could you please briefly describe each category while noting
any FTC enforcement considerations specific to that type of harm?
Answer. Certainly. Financial injury can manifest in a variety of
ways: fraudulent charges, delayed benefits, expended time, opportunity
costs, fraud, and identity theft, among other things.\19\ Physical
injuries include risks to individuals' health or safety, including the
risks of stalking and harassment.\20\ Reputational injury involves
disclosure of private facts about an individual, which damages the
individual's reputation. Tort law recognizes reputational injury.\21\
The FTC has brought cases involving this type of injury, for example,
in a case involving public disclosure of individuals' Prozac use \22\
and public disclosure of individuals' membership on an infidelity-
promoting website.\23\ Finally, unwanted intrusions involve two
categories. The first includes activities that intrude on the sanctity
of people's homes and their intimate lives. The FTC's cases involving a
revenge porn website,\24\ an adult-dating website,\25\ and companies
spying on people in their bedrooms through remotely-activated webcams
fall into this category.\26\ The second category involves unwanted
commercial intrusions, such as telemarketing, spam, and harassing debt
collection calls. In terms of enforcement considerations, as noted
above, the FTC is very mindful of ensuring that it addresses these
harms, while not impeding the benefits of legitimate data collection
and use practices.
---------------------------------------------------------------------------
\19\ See, e.g., TaxSlayer, LLC, No. C-4626 (Oct. 20, 2017), https:/
/www.ftc.gov/enforcement/cases-proceedings/162-3063/taxslayer (alleging
delayed benefits, expended time, and risk of identity theft).
\20\ See, e.g., FTC v. Accusearch, Inc., No. 06-CV-0105 (D. Wyo.
May 3, 2006), https://www.ftc.gov/enforcement/cases-proceedings/052-
3126/accusearch-inc-dba-abikacom-jay-patel (alleging that telephone
records pretexting endangered consumers' health and safety).
\21\ Under the tort of public disclosure of private facts (or
publicity given to private life), a plaintiff may recover where the
defendant's conduct is highly offensive to a reasonable person.
Restatement (Second) of Torts Sec. 652D (1977).
\22\ Eli Lilly and Co., No. C-4047 (May 8, 2002), https://
www.ftc.gov/enforcement/cases-proceedings/012-3214/eli-lilly-company-
matter.
\23\ FTC v. Ruby Corp., et al., No. 1:16-cv-02438 (D.D.C. Dec. 14,
2016), https://www.ftc.gov/enforcement/cases-proceedings/152-3284/
ashley-madison.
\24\ FTC v. EMP Media, Inc., et al., No. 2:18-cv-00035 (D. Nev.
Jan. 9, 2018), https://www.ftc.gov/enforcement/cases-proceedings/162-
3052/emp-media-inc-myexcom.
\25\ FTC v. Ruby Corp., et al., No. 1:16-cv-02438 (D.D.C. Dec. 14,
2016), https://www.ftc.gov/enforcement/cases-proceedings/152-3284/
ashley-madison.
\26\ See Press Release, FTC Halts Computer Spying (Sept. 25, 2012),
https://www.ftc.gov/news-events/press-releases/2012/09/ftc-halts-
computer-spying; see also Aaron's, Inc., No. C-4442 (F.T.C. Mar. 10,
2014), https://www.ftc.gov/enforcement/cases-proceedings/122-3256/
aarons-inc-matter.
Question 6. In the FTC's recent comments in NTIA's privacy
proceeding, the FTC said that its ``guiding principles'' are based on
``balancing risk of harm with the benefits of innovation and
competition.'' Would you describe what this means, how you strike this
balance, and how it is applied in practice under your Section 5
authority in the FTC Act?
Answer. In unfairness cases, section 5(n) of the FTC Act requires
us to strike this balance. It does not allow the FTC to bring a case
alleging unfairness ``unless the act or practice causes or is likely to
cause substantial injury to consumers, which is not reasonably
avoidable by consumers themselves and not outweighed by benefits to
consumers or to competition.'' Thus, for example, in our data security
complaints and orders, we often plead the specific harms that consumers
are likely to suffer from a company's data security failures. We do not
assert that companies need to spend unlimited amounts of money to
address these harms; in many of our cases, we specifically allege that
the company could have fixed the security vulnerabilities at low or no
cost.
Question 7. The FTC's comments pertaining to ``control'' in NTIA's
privacy proceeding stated, ``Choice also may be unnecessary when
companies collect and disclose de-identified data, which can power data
analytics and research, while minimizing privacy concerns.'' How would
the FTC suggest Federal regulation account for de-identified data, if
at all?
Answer. One possible standard identified in the FTC's 2012 Privacy
Report states that data is de-identified if it is not ``reasonably
linkable'' to a consumer, computer, or device.\27\ Data can be deemed
to be de-identified to the extent that a company: (1) takes reasonable
measures to ensure that the data is de-identified; (2) publicly commits
not to try to re-identify the data; and (3) contractually prohibits
downstream recipients from trying to re-identify the data. Although
this language provides some general principles for de-identification,
we would be happy to work with your staff on drafting more specific
legislative language.
---------------------------------------------------------------------------
\27\ FTC Report, Protecting Privacy in an Era of Rapid Change:
Recommendations for Businesses and Policymakers (Mar. 2012), https://
www.ftc.gov/sites/default/files/documents/reports/federal-trade-
commission-report-protecting-consumer-privacy-era-rapid-change-
recommenda
tions/120326privacyreport.pdf
Question 8. Your testimony indicated that continued technological
developments allow illegal robocallers to conceal their identities in
``spoofing'' caller IDs while exponentially increasing robocall volumes
through automated dialing systems. These evolving technological changes
mean that the critical law enforcement efforts of the FTC cannot be the
only solution, and your testimony described the additional steps the
FTC is taking to develop innovative solutions to these issues. Would
you please describe the process and outcomes of the four public
challenges that the FTC held from 2013 to 2015? Are there plans to
incentivize innovators to combat robocalls in the future?
Answer. The FTC's process for its robocall challenges included
public announcements, committees with independent judges, and, in some
cases, cash prizes awarded under the America COMPETES Reauthorization
Act.\28\ To maximize publicity, the FTC announced each of its four
challenges in connection with public events. The FTC announced the
first robocall challenge at the FTC's 2012 Robocall Summit. In 2014,
the FTC conducted its second challenge, ``Zapping Rachel,'' at DEF CON
22. The FTC conducted its third challenge, ``DetectaRobo,'' in June
2015 in conjunction with the National Day of Civic Hacking. The final
phase of the FTC's fourth public robocall challenge took place at DEF
CON 23. When the FTC held its first public challenge, there were few,
if any, call blocking or call labeling solutions available for
consumers. Today, two FTC challenge winners, NomoRobo and Robokilller,
offer call blocking applications, and there are hundreds of mobile apps
offering call blocking and call labeling solutions for cell phones.
Many home telephone service providers also now offer call blocking and
call labeling solutions. The FTC will not hesitate to initiate
additional innovation contests if it identifies further challenges that
could meaningfully benefit consumers by reducing the harm caused by
illegal robocalls.
---------------------------------------------------------------------------
\28\ Details About the FTC's Robocall Initiatives, https://
www.consumer.ftc.gov/features/feature-0025-robocalls.
---------------------------------------------------------------------------
In addition to developing call blocking and call labeling
technology, the telecom industry has also developed call verification
technology, called STIR/SHAKEN, to help consumers know whether a call
is using a spoofed Caller ID number and to assist call analytics
companies in implementing call blocking and call labeling products. If
widely implemented and made available to consumers, the STIR/SHAKEN
protocol should minimize unwanted calls. Certain industry members have
begun to roll out this technology in beta-testing mode. We will monitor
this industry initiative and, assuming the results are as expected,
continue to encourage its implementation.
Question 9. Would you please describe the FTC's coordination
efforts with state, federal, and international partners to combat
illegal robocalls?
Answer. The FTC frequently coordinates its efforts with its state,
federal, and international partners. The FTC often brings robocall
enforcement actions with states as co-plaintiffs. For example, in the
FTC's case against Dish Network, the FTC brought the case jointly with
California, Illinois, North Carolina, and Ohio. Collectively, the
states and the FTC obtained a historic $280 million trial verdict.\29\
---------------------------------------------------------------------------
\29\ Press Release, FTC and DOJ Case Results in Historic Decision
Awarding $280 Million in Civil Penalties Against Dish Network and
Strong Injunctive Relief for Do Not Call Violations (June 6, 2017),
https://www.ftc.gov/news-events/press-releases/2017/06/ftc-doj-case-
results-historic-decision-awarding-280-million-civil. The case is on
appeal before the Seventh Circuit Court of Appeals.
---------------------------------------------------------------------------
The FTC also coordinates outreach and education with the FCC. In
2018, the agencies co-hosted two robocall events--a policy forum that
discussed technological and law enforcement solutions to the robocall
problem \30\ and a public expo that allowed companies to showcase their
call blocking and call labeling products for the public.\31\
Additionally, the FTC and FCC hold quarterly calls, speak regularly on
an informal basis, and coordinate on a monthly basis with our state
partners through the National Association of Attorneys General. The FTC
also engages with international partners through participation in
international law enforcement groups such as the International Consumer
Protection Enforcement Network, International Mass Marketing Fraud
Working Group, and Unsolicited Communications Network (formerly known
as the London Action Plan).
---------------------------------------------------------------------------
\30\ Press Release, FTC and FCC to Host Joint Policy Forum and
Consumer Expo to Fight the Scourge of Illegal Robocalls (Mar. 22,
2018), https://www.ftc.gov/news-events/press-releases/2018/03/ftc-fcc-
host-joint-policy-forum-illegal-robocalls.
\31\ Press Release, FTC and FCC to Co-Host Expo on April 23
Featuring Technologies to Block Illegal Robocalls (Apr. 19, 2018),
https://www.ftc.gov/news-events/press-releases/2018/04/ftc-fcc-co-host-
expo-april-23-featuring-technologies-block-0.
Question 10. Your testimony described the limitations of the FTC's
current data security enforcement authority provided by Section 5 of
the FTC Act including: lacking civil penalty authority, lacking
authority over non-profits and common carrier activity, and missing
broad APA rulemaking authority. Please describe each of these
limitations and how adjusted FTC authority to address these items would
improve the protection of consumers from data security risks.
Answer. Under current law, the FTC cannot obtain civil penalties
for first-time data security violations. I believe this lack of civil
penalty authority under-deters problematic data security practices. If
Congress were to give the FTC the authority to seek civil penalties for
first-time violators (subject to statutory limitations on the
imposition of civil penalties, such as ability to pay and stay in
business), better deterrence would be achieved. Additionally, should
Congress enact specific data security legislation, it would be
important for the FTC to have associated APA rulemaking authority \32\
so that the Commission can enact rules and amend them as necessary to
keep up with technological developments. For example, in 2013, the FTC
was able to use its APA rulemaking authority to amend its Rule under
the Children's Online Privacy Protection Act to address new business
models, including social media and collection of geolocation
information, that did not exist when the initial 2000 Rule was
promulgated. As to nonprofits and common carriers, news reports are
filled with breaches affecting these sectors (e.g., the education
sector) but the FTC does not currently have jurisdiction over them.
Giving the FTC jurisdiction over these entities to enforce data
security laws would create a level playing field and ensure that these
entities would be subject to the same rules as other entities that
collect similar types of data.
---------------------------------------------------------------------------
\32\ The FTC is not seeking general APA rulemaking authority for a
broad statute like Section 5.
---------------------------------------------------------------------------
______
Response to Written Questions Submitted by Hon. Richard Blumenthal to
Hon. Joseph J. Simons
Facebook: FTC Investigation Status
In May, the Bureau of Consumer Protection took the rare step of
acknowledging a ``non-public investigation'' into the privacy practices
of Facebook. It is now over eight months since the FTC's announcement
with no further comment or report.
Question 1. How many full-time employees have been primarily
assigned to investigate Facebook's privacy and data protection
practices?
Question 2. Who is responsible for coordinating the investigation
of Facebook? What divisions of the FTC are involved in the
investigation?
Question 3. Has the FTC made requests for documents or conducted
interviews with Facebook, Cambridge Analytica, and other relevant
parties?
Question 4. Is the FTC in regular contact with its European
counterparts on their investigation of Facebook?
Question 5. Does the FTC require further resources, including
technologists or privacy lawyers, in order to complete its
investigation of Facebook?
Answer. Although the existence of this investigation has been made
public, details about the investigation, including how it is being
staffed and any steps that have or have not been taken, are non-public.
Therefore, we cannot answer these questions at this time.
Question 6. Has the FTC ever taken issue with Facebook or Google's
assessments under their consent decrees?
Question 7. Has the Commission reviewed its consent decree with
Google this year to determine whether the company is in compliance?
Answer. As part of its review of compliance with consent decrees,
the FTC carefully reviews all assessments, seeks additional information
as appropriate, and reviews compliance through a variety of means.
However, because any investigation of a specific company's compliance
is non-public, we cannot comment specifically about the steps taken
regarding Google or Facebook.
Privacy Rules
We know that Americans care about privacy--that they eagerly want
these rights. We need baseline rules. Companies should not store
sensitive information indefinitely and use that data for purposes that
people never intended. Federal rules must set meaningful obligations on
those that handle our data. We must enable consumers to trust and
control their personal data.
Question 8. Do you support providing state AGs with the power to
enforce Federal privacy protections and would you commit to working
with state AGs?
Answer. Yes. I view the Attorneys General as important partners in
protecting consumers. I endorse a model that gives state Attorneys
General the power to enforce Federal privacy protections, which ensures
that there are multiple enforcers on the beat.
Question 9. Why is it important that the FTC have rulemaking
authority when it comes to privacy? Where best would rulemaking be
applied?
Answer. The process of enacting Federal privacy legislation will
involve difficult tradeoffs that are appropriately left to Congress.
Targeted APA rulemaking authority within those parameters is important,
because it will enable the FTC to keep up with technological
developments. For example, Congress gave the FTC APA rulemaking
authority to implement the Children's Online Privacy Protection Act. In
2013, the FTC was able to use this authority to amend a rule it had
initially promulgated in 2000, in order to address new business models,
including social media and collection of geolocation information, as
well as new technologies such as smart phones, that did not exist when
the initial 2000 rule was promulgated.
Question 10. Do you believe elevating the Office of Technology
Research and Investigation to the Bureau level would meaningfully help
the FTC in addressing new technological developments across its
mandates?
Answer. At this time, I do not believe that elevating the Office of
Technology Research and Investigation to the Bureau level would
meaningfully enhance the FTC's ability to vigorously pursue our current
enforcement mandates. I am, however, actively considering how best to
integrate technologists into our agency and how most effectively to
deploy our limited resources to address our needs in this area. This
effort includes evaluating the information developed at the
Commission's Hearings on Competition and Consumer Protection in the
21st Century.
Question 11. When will the FTC appoint a Chief Technology Officer?
Answer. I have held off on appointing a Chief Technology Officer
because I was actively considering the best way to utilize our existing
resources and integrate new ones, across both our consumer protection
and competition missions. We recently announced the creation of a
Technology Task Force within the Bureau of Competition, which will be
dedicated to monitoring competition in U.S. technology markets,
investigating any potential anticompetitive conduct in those markets,
and taking enforcement actions when warranted. The task force will
include a Technology Fellow who will provide important technical
assistance and expertise to support the task force's investigations. In
addition, members of the task force will coordinate with their
counterparts in the Bureau of Consumer Protection who also focus on
technology platforms. Once the new task force is up and running, we
will be in a better position to evaluate our need for technologists,
including a Chief Technology Officer, and how best to integrate and
leverage additional expertise.
Board Accountability
Question 12. What is the FTC doing to investigate and hold
accountable individual board members and executives who knowingly
assist their companies in committing fraud? What more should the FTC be
doing in this regard?
Answer. The FTC always considers the potential liability of
individual officers and others who participated in or controlled
deceptive and unfair practices. In cases where the FTC finds evidence
of wrongdoing that meets the applicable legal standard, and where
naming the individual is appropriate to obtain full and complete relief
for consumers and appropriate injunctive relief, we do so.
Net Neutrality
After the FCC abdicated its responsibility to protect net
neutrality this year, we are left with no discernible rules to prevent
Internet service providers from blocking or slowing Internet traffic.
We have already started to see the effects of this disastrous decision.
Earlier this month, Senators Markey, Wyden, and I wrote to several
mobile carriers on reports those companies throttled video streaming
applications. These practices would violate the core principle of net
neutrality.
Question 13. Has the FTC investigated reports that mobile carriers
are throttling video applications?
Answer. As you know, because the Commission's investigations are
not public, I cannot comment on the practices of specific companies.
However, the Commission has a strong interest in ensuring that
companies stand by their promises to consumers and do not engage in
deceptive or unfair practices. In general, except for the period when
the FCC reclassified Broadband Internet Access Service (``BIAS'') as a
common carrier activity and the FTC lost the ability to protect
consumers in this space, FTC staff has been monitoring and will
continue to monitor the marketing and business practices of BIAS
providers. To determine whether particular instances of throttling are
deceptive or unfair, the Commission must evaluate what representations
the provider made to consumers about its services, as well as available
information and data about the nature and quality of the services
actually provided to consumers.
The Commission will closely review any relevant research that may
support or disprove particular advertising claims or provide evidence
of particular business practices. When reviewing such reports, we
evaluate a study's design, scope, and results, and consider how the
study relates to a particular claim or informs a particular practice.
Question 14. If an Internet service provider blocks an application,
does the FTC have the authority to investigate and penalize such
actions?
Answer. When the FCC reclassified BIAS as a common carrier
activity, the FTC temporarily lost the ability to protect consumers in
this space because the FTC does not have authority over common carrier
activities. The FTC brought several types of cases against BIAS
providers prior to 2015.\1\ Now that the reclassification has been
reversed, we can bring those types of cases again.\2\ If a company
makes claims about blocking that are materially misleading, or if the
practice causes substantial consumer injury that is not reasonably
avoidable and not outweighed by benefits to consumers or competition,
the FTC can bring an enforcement action under Section 5. In addition,
the FTC has experience enforcing the antitrust laws to prevent unfair
methods of competition for the benefit of consumers in many different
markets. As part of its Hearings on Competition and Consumer Protection
in the 21st Century, the agency will hold public hearings on March 20,
2019 to continue to explore how the FTC can use its enforcement
authority most effectively in BIAS markets. If the FTC identifies,
through these hearings or otherwise, that it does not have sufficient
authority or resources to protect consumers or address competition
issues in BIAS markets, the agency will report this to Congress.
---------------------------------------------------------------------------
\1\ See, e.g., FTC v. TracFone Wireless, Inc., No. 3:15-cv-00392-
EMC (N.D. Cal. Feb. 20, 2015), https://www.ftc.gov/enforcement/cases-
proceedings/132-3176/straight-talk-wireless-tracfone-wireless-inc; FTC
v. AT&T Mobility, LLC, No. 3:14-CV-04785-EMC (N.D. Cal. Oct. 28, 2014),
https://www.ftc.gov/enforcement/cases-proceedings/122-3253/att-
mobility-llc-mobile-data-service; In re America Online, Inc., No. C-
4105 (Jan. 28, 2004), https://www.ftc.gov/enforcement/cases-
proceedings/002-3000/america-online-inc-compuserve-interactive-
services-incin; In re Juno Online Servs., Inc., No. C-4016 (June 25,
2001), https://www.ftc.gov/enforcement/cases-proceedings/002-3061/juno-
online-services-inc.
\2\ FTC v. AT&T Mobility LLC, 883 F.3d 848, 863-64 (9th Cir. 2018)
(en banc) (concluding that ``the FTC may regulate common carriers' non-
common-carriage activities'').
Question 15. You have said that blocking, throttling, and paid
prioritization could be deemed unfair practice(s) under the right
circumstances. What would be ``the right circumstances'' that would
have to occur for the FTC to pursue net neutrality enforcement?
Answer. As the Commission noted in its Policy Statement on
Unfairness,\3\ and as codified in 15 U.S.C. Sec. 5(n), to be unfair, an
act or practice must cause or be likely to cause substantial injury.
Such injury ``must be substantial; it must not be outweighed by any
countervailing benefit to consumers or competition that the practice
produces; and it must be an injury that consumers themselves could not
reasonably have avoided.'' \4\
---------------------------------------------------------------------------
\3\ See FTC Policy Statement on Unfairness, appended to Int'l
Harvester Co., 104 F.T.C. 949, 1070 (1984).
\4\ Id.
---------------------------------------------------------------------------
Pursuant to this authority, the Commission sued AT&T Mobility LLC,
alleging that the company deceptively promised consumers unlimited data
but then reduced speeds, in some instances by nearly 90 percent,
without telling consumers. We also alleged that the company unfairly
locked consumers into long-term contracts based on promises of
unlimited service and charged early termination fees if the consumers
canceled their plans.\5\
---------------------------------------------------------------------------
\5\ FTC v. AT&T Mobility LLC, No. 3:14-cv-04785-EMC (N.D. Cal. Oct.
28, 2014), https://www.ftc.gov/enforcement/cases-proceedings/122-3253/
att-mobility-llc-mobile-data-service.
Question 16. What specific resources and expertise does the FTC
have to address technical issues of discrimination of Internet traffic
by ISPs? Has the FTC hired technical experts to investigate violations
of net neutrality?
Answer. FTC staff includes technologists with generalized expertise
who regularly work with investigation and case teams to analyze a wide
range of technical data, including in matters relating to network
traffic analysis. The Commission also regularly hires independent
consulting and testifying experts to provide more specialized expertise
on a dedicated and ongoing basis. In addition, the Commission consults
with staff at other agencies, including the FCC, as needed, regarding
technical issues.
Copycat Military Websites
Last month, I led a group of nine Senators in writing the FTC,
asking the Commission to release the full list of schools that
purchased user information from copycat military websites. These
websites, with names like Army.com and EnlistArmy.com, mimicked
official military enlistment websites and deceived prospective recruits
into thinking they would be contacted by an official ``military
representative.'' To truly stop such unscrupulous companies from taking
root again, it is critical that the institutions that knowingly
purchased these ill-gotten leads are also held to account.
Question 17. Do you agree that such post-secondary schools should
be held liable for deceptive third-party marketing conducted on their
behalf? Will you commit to pursuing such cases to root out fraud at the
source?
Answer. No individual or entity, including post-secondary schools,
should be able to avoid complying with the law by outsourcing deceptive
marketing to third parties. In fact, the Commission has pursued several
law enforcement actions to root out such conduct. In June 2018, the
Commission obtained an order against Credit Bureau Center, a credit
monitoring company, which held the company liable for deceptive third-
party marketing conducted on its behalf.\6\ The Commission has also
pursued law enforcement actions against affiliate marketing networks
for the deceptive conduct of their third-party marketing affiliates.
The FTC recognizes the importance of pursuing all actors in the
marketing ecosystem that fail to comply with the law.
---------------------------------------------------------------------------
\6\ FTC v. Credit Bureau Center, LLC, No. 1:17-cv-194 (N.D. Ill.
June 26, 2018), https://www.ftc.gov/enforcement/cases-proceedings/162-
3120/credit-bureau-center-llc-formerly-known-myscore-llc.
---------------------------------------------------------------------------
The Commission will continue to monitor the marketplace for unfair
or deceptive conduct on the part of post-secondary schools that benefit
from the deceptive practices of third parties and will actively
investigate wherever warranted.
SoFi Penalties
Last month, the FTC proposed a settlement with SoFi--the online
student loan refinancer that had greatly exaggerated in advertisements
how much student loan borrowers would save when they refinance through
the company. Unfortunately, the FTC was not able to require SoFi to pay
any kind of penalty for its misconduct. As you noted in your testimony,
this is one of the significant flaws in FTC's Section 5 authority.
However, the CFPB or State Attorneys General could have sought
meaningful penalties for SoFi's misconduct under existing law.
Question 18. Why didn't you work with State AGs to ensure SoFi
would be subject to civil penalty for its misconduct? How will you make
sure there is cooperation with State AGs in the future--in order to
more effectively deter bad actors from violating the law?
Answer. The FTC regularly consults and coordinates with our Federal
and state law enforcement partners when bringing actions to stop
deception and other unlawful practices in the marketplace.\7\ We will
continue to work with our partners, where appropriate, to use our
respective tools to most effectively protect consumers.
---------------------------------------------------------------------------
\7\ See, e.g., Press Release, FTC, Partners Conduct First
Compliance Sweep under Newly Amended Used Car Rule (July 12, 2018),
https://www.ftc.gov/news-events/press-releases/2018/07/ftc-partners-
conduct-first-compliance-sweep-under-newly-amended; Press Release, FTC,
BBB, and Law Enforcement Partners Announce Results of Operation Main
Street (June 18, 2018), https://www.ftc.gov/news-events/press-releases/
2018/06/ftc-bbb-law-enforcement-partners-announce-results-operation-
main; Press Release, FTC, State Law Enforcement Partners Announce
Nationwide Crackdown on Student Loan Debt Relief Scams (Oct. 13, 2017),
https://www.ftc.gov/news-events/press-releases/2017/10/ftc-state-law-
enforcement-partners-announce-nationwide-crackdown.
---------------------------------------------------------------------------
We believe our action against SoFi secures appropriately strong and
timely relief to protect consumers from the unlawful conduct in this
case--by ensuring that SoFi stops making deceptive savings claims
regarding its loans and other credit products. If SoFi violates the
FTC's order in this matter, the FTC could seek significant civil
penalties against it. Further, when announcing this action, the FTC
sent warning letters to other student loan advertisers who were making
savings claims.
FTC Investigation of Algorithms
Section 6(b) of the FTC Act gives the agency broad investigatory
and information-gathering powers. For example, in the 1970s the FTC
used its Section 6(b) authority to require companies to submit product-
line specific information, enabling the agency to assess the state of
competition across markets.
The FTC has released reports on big data and the harms biased
algorithms can cause to disadvantaged communities. These reports drew
attention to the potential loss of economic opportunity and diminished
participation in our society. Yet, information on how these algorithms
work, and on the inputs that go into them, remains opaque.
Question 19. Where the FTC consider using its Section 6(b)
investigative power to help us understand how these algorithms and
black-box A.I. systems work--the biases that shape them, and how those
can affect trade, opportunity, and the market?
Answer. I agree that algorithms and artificial intelligence are
important topics of study. In 2017, the FTC and Department of Justice
submitted a joint paper on algorithms and collusion to the Organization
for Economic Cooperation and Development as part of the OECD's broader
look at the role of competition policy and the digital age.\8\ More
recently, we examined the competition and consumer protection
implications of algorithms, artificial intelligence, and predictive
analytics as part of the Commission's Hearings on Competition and
Consumer Protection in the 21st Century.\9\ The two-day hearing
featured technologists, scientists, academics, and industry leaders (as
well as economists and lawyers), who gathered to educate us and the
broader competition and consumer protection community about how these
technologies work, how they are used in the marketplace, and their
policy implications. The Commission also invited public comments on
this topic.
---------------------------------------------------------------------------
\8\ Note to the OECD by the United States on Algorithms and
Collusion, DAF/COMP/WD(2017)41 (May 26, 2017), https://www.ftc.gov/
system/files/attachments/us-submissions-oecd-other-international-
competition-fora/algorithms.pdf.
\9\ FTC, Hearings on Competition and Consumer Protection in the
21st Century, https://www.ftc.gov/policy/hearings-competition-consumer-
protection; FTC Workshop, FTC Hearing #7: Competition and Consumer
Protection in the 21st Century (Nov. 13-14, 2018), https://www.ftc.gov/
news-events/events-calendar/ftc-hearing-7-competition-consumer-
protection-21st-century.
---------------------------------------------------------------------------
I will keep you apprised of any initiatives that come out of our
hearings project. I also appreciate your interest in the Commission
conducting a study of algorithms and artificial intelligence under
Section 6(b) of the FTC Act. I intend to conduct 6(b) studies in the
technology area, though the subjects of these studies are still being
considered.
FTC Consent Decree on Unrepaired Recalls
Most consumers probably do not know that, while new car dealers are
prohibited from selling vehicles with open recalls, used car dealers
are not. A recent FTC consent decree, which I strenuously disagreed
with and is currently being scrutinized in the courts, allows the sale
of used cars with unrepaired recalls. According to the consent decree,
car dealers can advertise that cars with unrepaired safety recalls like
a defective Takata airbag are ``safe'' or have passed a ``rigorous
inspection''--as long as they have a disclosure that the vehicle may be
subject to an unrepaired recall and directs consumers on how they can
determine the vehicle has an open recall.
Question 20. In your opinion, is a car with an open, unrepaired
recall, a ``safe'' car? Why would the FTC allow unsafe cars to be
advertised as ``safe'' and ``repaired for safety,'' with or without a
vague, contradictory and confusing disclaimer?
Answer. I believe that all auto recalls pose safety risks to
consumers, and that unrepaired recalls should be fixed.
Our orders do not allow unsafe cars to be advertised as ``safe.''
For example, if a car dealer claims that a specific car with a risk of
exploding airbags is ``safe,'' it would violate our orders, whether or
not they made the required disclosures. Specifically, Part I of the
orders prohibits safety-related claims unless there is a clear and
conspicuous disclosure about recalls and the claim is not otherwise
misleading.
Before our orders were issued, car dealers were selling used
vehicles subject to open recalls (a practice currently permitted under
Federal product safety law), while widely making inspection claims that
we alleged were deceptive. Our actions create a new floor of legal
protection for consumers. Now, if the respondents in our actions make
any claims suggesting a vehicle has been inspected for safety issues,
they must clearly and conspicuously disclose that their vehicles may be
subject to open recalls and how consumers can determine the recall
status of a particular car. Importantly, the orders define ``clear and
conspicuous'' to prohibit exactly the sort of confusing or
contradictory disclosures you mention. These disclosures must be
``easily understandable by ordinary consumers'' and cannot be
``contradicted or mitigated by, or inconsistent with, anything else in
the communication.''
Tesla's Deceptive ``Autopilot'' Advertisements
Two consumer groups--the Center for Auto Safety and Consumer
Watchdog--have petitioned the FTC to investigate Tesla's potentially
deceptive advertising of its ``Autopilot'' system. As you may know,
there have been at least two deaths and additional injuries in the
United States linked to Tesla Autopilot. Consumer advocates have
criticized that Tesla's deceptive and misleading use of term
``Autopilot'' for its assisted-driving system falsely conveys to
drivers that their vehicles are self-driving.
Question 21. What is the FTC doing to investigate these concerns?
Answer. As you noted, the Center for Auto Safety and Consumer
Watchdog have asked the FTC to investigate the marketing of the Tesla
Autopilot driving system. As is our normal procedure when we get such
requests, we have spoken with the parties involved to better understand
the issues. However, whether or not we have opened a law enforcement
investigation is non-public, and we can neither confirm nor deny the
existence of any such investigation.
Contact Lens Rule
In November 2016, the Federal Trade Commission issued a Notice of
Proposed Rulemaking proposing amendments to the Contact Lens Rule aimed
at promoting competition and consumer choice in the marketplace for
prescription contact lenses.
Question 22. When does the Commission intend to finalize this
rulemaking?
Answer. The Commission initially published a Federal Register
notice generally requesting comments on the Rule in September 2015.
Based on review of the 660 comments received, the Commission published
a Notice of Proposed Rulemaking (NPRM) in December 2016, requesting
comment on proposed Rule amendments. The NPRM proposed to amend the
rule to require prescribers to obtain a signed acknowledgment after
releasing a contact lens prescription to a patient, and maintain it for
three years. The purpose of the proposed amendment was to enhance both
compliance and our ability to enforce the rule (by providing a record
that the prescription was given out). We received over 4,100 additional
comments in response to this NPRM.
The Commission held a workshop on March 7, 2018 to collect
additional information on various Rule-related issues, including the
proposed amendments. The public comment period associated with the
workshop closed on April 6, 2018. We received and reviewed
approximately 3,500 additional comments.
We collected additional information during the workshop and in
public comments, and are considering alternatives to increase
prescriber compliance with the Rule without imposing unnecessary
burdens on prescribers. In addition, based on the comments received, we
are considering additional modifications to the Rule. The FTC staff
intends to submit a recommendation to the Commission in the coming
months. If the Commission decides that additional public input would be
beneficial, the Commission would allow an appropriate period of time
for public input. The length of the comment period would depend on the
complexity of the modifications under consideration, but most likely it
would be 30-60 days; the original NPRM had a 60-day comment period, and
we accepted comments for about 30 days after the workshop. The timeline
for then completing the rulemaking and issuing the final rule would
depend on the number and complexity of the comments received.
Questions on Non-Compete Clauses
I am concerned about the growth of non-compete clauses, which block
employees from switching jobs to another employer in the same sector
for a certain period of time. These clauses weaken workers' bargaining
power once they are in the job, because workers often cannot credibly
threaten to leave if their employer forces refuses to give them a raise
or imposes poor working conditions. According to the Economic Policy
Institute, roughly 30 million workers--including one in six workers
without a college degree--are now covered by non-compete clauses.
The consensus in favor of addressing non-compete clauses is
growing. For example, just this past December, an interagency report
indicated that non-compete clauses can be harmful in certain contexts,
such as the healthcare industry. Yet, the FTC has not yet undertaken
forceful action. In September, Commissioner Chopra suggested that the
FTC use its rulemaking authority to ``remove any ambiguity as to when
non-compete agreements are permissible or not.''
Question 23. Do you agree with the proposal that the FTC use its
rulemaking authority to address non-compete clauses? I invite you to
explain your reasoning regarding your stance.
Answer. I am still considering whether the FTC should use its
rulemaking authority to address non-compete employment agreements or
whether other approaches might be better. I am particularly interested
in sectors of the economy where employee training requirements are not
significant. Non-competes in those instances are less likely to be
justified by efficiencies and are more likely to be anticompetitive on
balance.
Questions on Local Merger Enforcement
Even though big national mergers typically garner the most media
attention, smaller mergers can often raise monopoly concerns on the
local level. This can be true in the healthcare industry, for example.
In November, Commissioner Simons told me: ``Some local mergers may be
too small to require Hart-Scott-Rodino premerger notification, but may
still have anticompetitive effects.''
Question 24. Would you agree with me that Hart-Scott-Rodino
premerger notifications help antitrust enforcers catch concerning
mergers?
Answer. Yes, I agree that the premerger notification requirements
of the Hart-Scott-Rodino Premerger Notification Act help antitrust
enforcers identify anticompetitive mergers before they are consummated,
preventing consumer harm. Once a merger is consummated and the firms'
operations are integrated, it can be very difficult, if not impossible,
to ``unscramble the eggs'' and restore the acquired firm to its former
status as an independent competitor.
Question 25. What sort of anticompetitive effects might be raised
by local mergers even when those mergers are too small to require Hart-
Scott-Rodino premerger notification?
Answer. Anticompetitive mergers harm consumers through higher
prices and by reducing quality, choices, and innovation, or by
thwarting competitors' entry into a market.\10\ The arena of
competition affected by a merger may be geographically bounded (e.g.,
confined to a small or local area) if geography limits some customers'
willingness or ability to substitute to some products or services, or
some suppliers' willingness or ability to serve some customers.\11\
---------------------------------------------------------------------------
\10\ U.S. Dep't of Justice & Fed. Trade Comm'n Horizontal Merger
Guidelines Sec. 1 (2010), https://www.ftc.gov/public-statements/2010/
08/horizontal-merger-guidelines-united-states-department-justice-
federal (``A merger enhances market power if it is likely to encourage
one or more firms to raise price, reduce output, diminish innovation,
or otherwise harm customers as a result of diminished competitive
constraints or incentives.'').
\11\ Id. at Sec. 4.2. In antitrust analysis, a relevant market
identifies a set of products or services and a geographic area of
competition in which to analyze the potential effects of a proposed
transaction. The purpose of market definition is to identify options
available to consumers. See id. at Sec. 4 (describing market definition
in antitrust analysis).
---------------------------------------------------------------------------
The FTC often examines local geographic markets when reviewing
mergers in retail markets, such as supermarkets, pharmacies, retail gas
or diesel fuel stations, or funeral homes, or in service markets, such
as health care. For example, in a recent Federal court action to enjoin
the proposed merger of two rival physician services providers, the FTC
and the State of North Dakota defined the relevant geographic market as
the Bismarck-Mandan, North Dakota, Metropolitan Statistical Area--a
four-county area that includes the cities of Bismarck and Mandan and
smaller communities within the surrounding 40 to 50 mile radius.\12\
The types of anticompetitive effects that may occur in local markets
are the same as those that may occur in larger geographic markets:
higher prices, lower levels of service, reduced innovation, and fewer
choices.
---------------------------------------------------------------------------
\12\ FTC v. Sanford Health, No. 1:17-cv-0133 (D.N.D. Dec. 13,
2017), https://www.ftc.gov/enforcement/cases-proceedings/171-0019/
sanford-health-ftc-state-north-dakota-v. The U.S. District Court for
the District of North Dakota granted the FTC and State of North
Dakota's preliminary injunction motion on December 13, 2017. The
parties have appealed and the case is now pending before the Eighth
Circuit.
Question 26. What action would you recommend either the FTC or
Congress take in order to assist Federal and state antitrust enforcers
in catching local mergers that raise anticompetitive concerns?
Answer. I have no opinion as to whether Congress should take
action. Identifying anticompetitive mergers remains one of the top
priorities of the agency's competition mission. The vast majority of
mergers the FTC investigates are reported and examined at the premerger
stage. The FTC does, however, devote significant attention to
identifying unreported, often consummated, mergers that could harm
consumers. With respect to both mergers that do not meet the premerger
notification requirements and potentially anticompetitive conduct, the
FTC relies on the trade press and other news articles, consumer and
competitor complaints, hearings, economic studies, and other means to
identify harmful practices that threaten competition. The FTC also
routinely partners with state Attorneys General in its enforcement
efforts; state Attorneys General routinely join the FTC as co-
plaintiffs in the FTC's Federal court litigations, such as in the North
Dakota physician services merger litigation discussed above.
Question on Horizontal Shareholding
Recent research has raised questions about whether horizontal
shareholding harms competition in our economy. I would like to
understand your view on this ongoing research.
Question 27. Do you believe that horizontal shareholding raises
anticompetitive concerns?
Answer. The short answer is that I do not yet know enough to draw
sound, reliable conclusions on this point. The research on this topic
is still at a relatively early stage, and the studies that have been
completed so far have yielded conflicting results. At present, this
remains a very unsettled issue.\13\
---------------------------------------------------------------------------
\13\ See Note to the OECD by the United States on Common Ownership
by Institutional Investors and Its Impact on Competition at � 1, DAF/
COMP/WD(2017)86 (Nov. 28, 2017), https://www.ftc.gov/system/files/
attachments/us-submissions-oecd-other-international-competition-fora/
common_ownership_united_states.pdf (explaining that ``[g]iven the
ongoing academic research and debate, and its early stage of
development, the U.S. antitrust agencies are not prepared at this time
to make any changes to their policies or practices with respect to
common ownership by institutional investors.'').
---------------------------------------------------------------------------
There is little doubt that active investment (i.e., investment that
seeks to control a company, obtain board seats and the like) in
competitors can create the kinds of competition problems that the
antitrust laws are designed to address. The antitrust agencies have
long policed improper relationships between corporate competitors, even
when these relationships fall short of a full combination or merger.
For example, Section 8 of the Clayton Act effectively prohibits so-
called ``interlocking directorates'' in which an officer or director of
one firm serves as an officer or director of a competitor. But it is an
open question whether the same kinds of problems created by active
investments may also manifest from investments by institutional
investors in competing companies.
The theory put forward, purportedly supported by early research, is
that large institutional investors' shareholdings in competing firms in
the same industry may blunt the competitive vitality of rival firms
and, consequently, lead to higher prices and other anticompetitive
effects. For example, if a company's shareholders have equity interests
in a rival, that company may be less likely to engage in a price war or
other forms of aggressive competition that could reduce its rival's
profits, because the rival's profits are ultimately returned to the
company's shareholders through their interests in the rival. Proponents
of this theory argue that the risk of upsetting common investors may
make it easier for firms to maintain stable market conditions or
potentially even increase prices, compared to market conditions that
might prevail without common ownership by large, institutional
investors.
Critics of this theory have cited methodological problems with the
original research, as well as various structural issues that would make
it difficult or even impossible for institutional investors in the real
world to play the envisioned disciplining role. Critics also point out
that any remedy to address these concerns would likely increase the
cost of retail investment, and thereby cause harm to ordinary
investors.
To date, there is no reliable consensus as to which side in this
debate has the stronger argument, and the limited research suggests
this question will remain unsettled until additional empirical work is
completed in this area. Given the formative nature of the academic
debate, I cannot definitively take a position on this issue. Additional
study is required and, as I mention below, the Commission is currently
helping to facilitate such work.
Question 28. Do you believe that our antitrust laws can be used to
address the anticompetitive concerns raised by horizontal shareholding?
Answer. As noted above, I am still evaluating the viability of this
concern. Therefore, I believe the use of the agency's enforcement
powers in this area would be premature. That said, antitrust doctrine
is flexible, allowing us to address even novel harms in the economy. If
the Commission were to identify a meritorious case against common
ownership by a single institutional investor, I believe we could bring
such a case, even though we have not previously litigated that type of
case. The Commission's ability to take future action in this area
would, of course, be circumscribed by prior case law, due process
considerations, and legal standards. The Commission would be unlikely
to take enforcement action in this area without sufficient confidence
that it can demonstrate to the courts both that the underlying theory
of harm is robust, and that a specific set of passive investments has
had actual anticompetitive effects in the real world.
Question 29. What, if anything, are you doing to address any
potential harms of horizontal shareholding?
Answer. In December 2018, the Commission held a full-day public
hearing that was largely devoted to exploring the merits of the common
ownership issue in greater detail.\14\ At this event, which was part of
our Hearings on Competition and Consumer Protection in the 21st
Century, respected academics and industry experts on both sides of this
issue shared their expertise. The Commission also invited public
comments on this topic.
---------------------------------------------------------------------------
\14\ FTC Workshop, FTC Hearing # 8: Competition and Consumer
Protection in the 21st Century (Dec. 6, 2018), https://www.ftc.gov/
news-events/events-calendar/ftc-hearing-8-competition-consumer-
protection-21st-century.
---------------------------------------------------------------------------
We are still accepting public comments on this issue. Once the
comment period ends, we intend to carefully evaluate all of the public
submissions and the workshop testimony with a view towards better
refining our understanding of the merits of this concern. Hearings like
this one serve to bring together experts with different views, allowing
them to hear and respond to criticisms of their positions, which we
have found to be useful in fostering future academic work in areas of
continuing interest to the agency.
______
Response to Written Questions Submitted by Hon. Maggie Hassan
to Hon. Joseph J. Simons
Question 1. This is an issue that is particularly important and
concerning to me, and it is one that my colleagues and I have contacted
the FTC about before.
Answer. It is vitally important that we support our military
veterans and their families, and I am honored to have worked on
legislation improving veterans' access to workforce training,
education, and health care, many of which have become law. We are
committed to giving our veterans access to the tools they need to
improve their education and employment opportunities.
Unfortunately, certain companies and academic institutions have
shamefully and brazenly engaged in unscrupulous and often illegal
``lead-generating'' practices where schools pay companies, such as
Sunkey Publishing, Fanmail, and Victory Media, to steer prospective
student-veterans to them by claiming the schools are ``military-
friendly'' or falsely representing the schools as affiliated with or
endorsed by the Department of Defense.
My colleagues and I have sent letters urging the FTC to investigate
these harmful, deceptive, and unfair marketing practices by military-
branded websites that target veterans, service members, and their
families, and I applaud the FTC for taking action against some of these
schools and companies.
Knowing the names of offenders would be important for prospective
student-veterans as they determine which schools or career training
institutions they would like to attend.
In your response to one of our letters, you cite Federal statute
and regulations as prohibiting the release of the names of the schools
that participated in lead-generating schemes. Your letter notes that
the FTC may vote to initiate a process to release the names of the
schools.
Given the importance of this information to student-veterans, and
with the understanding that no one wants to hinder ongoing
investigations, does the FTC intend to hold a vote to release the names
of the involved schools? Why or why not?
Answer. Thank you for recognizing the Commission's work in
combating deception against military consumers and military recruits.
As mentioned in my response to the October 9, 2018 letter from you and
several of your colleagues inquiring about schools that used deceptive
lead generators to market their programs, the FTC shares your concerns
about ensuring that those who serve or who want to serve are not
deceived in making decisions about their educational futures.
In my response to your letter, I explained that the information you
requested is non-public material because we obtained it during the
course of a law enforcement investigation. The Commission can provide
you with information to contact the party that submitted the
information to us. If you have determined that contacting the submitter
directly is not a viable course of action, I can further consider
whether the Commission should hold a vote on the release of information
about the identity of lead purchasers. Several factors would play into
such consideration, including whether the release of the information
could prejudice ongoing or future law enforcement efforts. Furthermore,
the FTC generally does not release information pertaining to
individuals and entities that have not been adjudged to have violated
the law; a key question to address in determining whether to depart
from that practice in this instance is whether release of the
information would benefit consumers or, conversely, cause confusion in
the marketplace.
Question 2. Brewers and non-alcoholic beverage makers are large
consumers of aluminum. The price index for the storage and
transportation costs of the aluminum they purchase, the ``Midwest
Premium,'' has increased dramatically since President Trump's tariffs
were implemented.
Do you believe that the end-users of metal would meet the
definition of ``consumer'' for FTC purposes? If so, could the FTC
investigate the sharp increase in the Midwest Premium? If not, do you
believe the Department of Justice, or another Federal agency is more
appropriate to investigate? Finally, if another agency commences an
investigation, can the FTC provide expertise and support for that
investigation?
Answer. Depending on the facts, end-users of aluminum could be
harmed by a violation of the antitrust laws even though they are
businesses rather than individuals. For example, in an FTC action to
enjoin the merger of the second-and third-largest U.S. glass container
manufacturers, the FTC alleged the transaction would likely harm the
customers who use glass containers: brewers and distillers.\15\
---------------------------------------------------------------------------
\15\ In re Ardagh Group and Saint-Gobain Containers, Dkt. No. D-
9356 (Mar. 24, 2014), https://www.ftc.gov/enforcement/cases-
proceedings/131-0087/ardagh-group-sa-saint-gobain-containers-inc-
compagnie-de.
---------------------------------------------------------------------------
If the Commission finds or is presented with evidence that a firm
within our jurisdiction is engaging in conduct that harms competition
and may violate the antitrust laws, we will review that information for
potential law enforcement action. As you know, the FTC shares
jurisdiction over the enforcement of the antitrust laws with the
Department of Justice. The agencies use a ``clearance'' process to
ensure that only one agency investigates and, if necessary, challenges
any given transaction. Assignment to one agency or the other takes
place after preliminary review of a transaction, based principally on
each agency's relative expertise in the markets relevant to the
proposed transaction. For many years, the Department of Justice has
pursued antitrust enforcement in aluminum; the Department also works
closely with the Commodities Futures Trading Commission in this area.
Thus, the FTC would likely refer any evidence of anticompetitive
conduct involving Midwest Premium aluminum pricing to our sister agency
and, if requested, would coordinate with the Department of Justice on
any ensuing investigation.
______
Response to Written Questions Submitted by Hon. Tom Udall to
Hon. Joseph J, Simons
Privacy
Question 1. Do you support strong civil penalties for consumer
privacy violations?
Answer. Yes. Under the FTC's current authority, we cannot seek
civil penalties for initial privacy violations of Section 5 of the FTC
Act. I believe we need the ability to seek civil penalties for initial
violations in order to more effectively deter unlawful conduct. These
penalties would of course be subject to the statutory limitations in
Section 5(n) of the FTC Act, including ability to pay, degree of
culpability, and ability to continue to do business.
Question 2. The California Consumer Protection Act goes into effect
in January 2020. As Congress considers pre-emption of that state law,
what additional authority should we give the FTC to ensure that
consumer privacy adequately is protected?
Answer. I support the enactment of Federal privacy legislation that
would be enforced by the FTC and contain at least three components.
First, as I noted above, any such legislation should give the
Commission the ability to seek civil penalties for initial privacy
violations. Second, it should give the Commission the ability to
conduct APA rulemaking in order to make sure any legislation keeps pace
with technological developments. Third, it should give the Commission
jurisdiction over nonprofits and common carriers. Beyond these general
parameters, I note that the process of enacting Federal privacy
legislation will involve difficult tradeoffs that are appropriately
left to Congress. No matter the specific privacy or data security laws
Congress enacts, the Commission commits to using its extensive
expertise and experience to enforce them vigorously and
enthusiastically.
Question 3. A recent New York Times analysis found that both the
Apple App Store and the Google Play Store have apps in their respective
children's or family sections that potentially violate COPPA.\16\ What
specific role should platform owners play to ensure COPPA compliance on
their platforms?
---------------------------------------------------------------------------
\16\ Valentino-DeVries, J., Singer, N., Krolick, A., Keller, M. H.,
How Game Apps That Captivate Kids Have Been Collecting Their Data, N.Y.
Times, Sept. 12, 2018, https://www.nytimes.com/interactive/2018/09/12/
technology/kids-apps-data-privacy-google-twitter.html.
---------------------------------------------------------------------------
Answer. In 2012, the Commission revised the COPPA Rule to cover not
just websites, app developers, and other online services but also third
parties collecting personal information from users of those sites or
services. At that time, the Commission made clear that it did not
intend to make platforms responsible merely for offering consumers
access to someone else's child-directed content. Rather, platforms
would be liable under COPPA only if they had actual knowledge that they
were collecting personal information from a child-directed app. At the
same time, platforms are in a unique position to set and enforce rules
for apps that seek placement in the platform's store, and to drive good
practices. We encourage platforms to pursue best practices in this
regard, beyond those required by COPPA. For example, platforms can
serve an important educational function for apps that may not
understand the requirements of COPPA.
Question 4. Compliance for mobile apps may be hard to achieve
against fly-by-night operators overseas who do not care if their apps
violate U.S. law. How can the Vtech Electronics investigation and civil
penalty serve as an example for how the FTC can hold foreign app
developers responsible for violating COPPA?
Answer. In addition to the VTech case you mention, the Commission
has taken action in a number of privacy- or security-related cases
against companies that have a foreign presence.\17\ We rely on the U.S.
SAFE WEB Act Amendments to the FTC Act to address unfair and deceptive
acts or practices involving foreign commerce. Using this authority, the
agency has been able to obtain successful relief for consumers in the
United States against the foreign entities that manufactured the
devices at issue (as well as their U.S. subsidiaries in certain
matters) when they purposefully directed their activities to the United
States by advertising, marketing, distributing, or selling their
products to U.S. consumers.This relief has included a substantial civil
penalties in the VTech and inMobi settlements. More recently, the FTC
took action against Blu, a U.S.-based phone manufacturer that was
allowing its Chinese service provider to access text messages and other
private information, contrary to its representations to consumers.\18\
---------------------------------------------------------------------------
\17\ In re: TRENDnet, Inc., No. C-4426 (Jan. 16, 2014), https://
www.ftc.gov/enforcement/cases-proceedings/122-3090/trendnet-inc-matter;
United States v. InMobi Pte Ltd., No. 3:16-cv-3474 (N.D. Cal. June 22,
2016), https://www.ftc.gov/enforcement/cases-proceedings/152-3203/
inmobi-pte-ltd; In re ASUSTeK Computer Inc., No. C-4587 (July 18,
2016), https://www.ftc.gov/enforcement/cases-proceedings/142-3156/
asustek-computer-inc-matter; In re HTC America Inc., No. C-4406 (July
25, 2013), https://www.ftc.gov/enforcement/cases-proceedings/122-3049/
htc-america-inc-matter.
\18\ In re BLU Prods. and Samuel Ohev-Zion, No. C-4657 (Sept. 6,
2018), https://www.ftc.gov/enforcement/cases-proceedings/172-3025/blu-
products-samuel-ohev-zion-matter.
---------------------------------------------------------------------------
Due to some of the practical challenges the Commission faces in
bringing enforcement actions against foreign companies, the Commission
has also used other means to address illegal conduct affecting U.S.
consumers. For example, a few years ago, Commission staff sent a
warning letter to a Chinese company, Baby Bus, about COPPA violations
relating to the collection of children's personal information through
its apps. The Commission copied the three U.S.-based app platforms on
this communication. The company quickly responded and addressed the
concerns.
In determining how to address illegal conduct by foreign companies,
we generally consider a number of factors. These include the nature and
breadth of harm or potential harm to U.S. consumers from the foreign
company's practices; the legal rules relating to service, evidence
collection, and enforceability in the jurisdiction where the target is
based; practical issues, such as whether the company has incentives to
enter into a settlement with the FTC and remediate its conduct such as
a large base of U.S. customers and supplier/distributor relationships
in the United States; and resource issues such as the added time and
costs of proceeding against a foreign entity. We also, in appropriate
cases, seek cooperation from foreign counterparts who may be able to
provide us with relevant information or be able to better address the
conduct at issue.
Question 5. The COPPA safe harbor organizations must submit an
annual report to the Federal Trade Commission, Can you share the
reports from the last 5 years?
Answer. The FTC-approved safe harbor organizations do submit annual
reports to the FTC each year. Unfortunately, we are not able to
disclose these reports because they contain confidential proprietary
information, which is exempt from disclosure by FOIA and Section 6(f)
of the FTC Act.
Concussions
Question 6. As you all are aware, I continue to bring attention to
issue of helmet safety and marketing practices--particularly equipment
that children use for sports. While there has been increased testing
and awareness of traumatic brain injury caused by sports, I remain
concerned that companies are mischaracterizing their equipment's
ability to prevent or lessen concussions or other head injuries. Have
FTC staff been able to continue their good work monitoring the helmet
and other sports equipment in the marketplace to ensure that helmets
and other gear is not being marketed in a deceptive manner?
Answer. Following its investigation into football helmet
manufacturers and settlement against Brain-Pad, Inc.,\19\ a mouthguard
manufacturer, FTC staff have continued to monitor the marketplace for
claims related to head injuries. When appropriate, staff have sent
warning letters, civil investigative demands, and voluntary requests
for information to marketers of athletic equipment.
---------------------------------------------------------------------------
\19\ In re Brain-Pad, Inc. and Joseph Manzo, No. C-4375 (Nov. 5,
2012), https://www.ftc.gov/enforcement/cases-proceedings/122-3073/
brain-pad-inc
Question 7. Have staff from the FTC been briefed by the National
Football League or other entities that are conducting research on
helmet design and safety?
Answer. FTC staff have not been briefed by the National Football
League or other entities conducting research on helmet design and
safety, although we are following research and development in the area.
______
Response to Written Questions Submitted by Hon. Catherine Cortez Masto
to Hon. Joseph J. Simons
Pet Leasing
I appreciate the Commission's attention to my request with six of
my colleagues for the FTC to investigate the practice of pet leasing
that is leading some consumers into confusing or deceptive contractual
obligations that cause them to have an issue with their beloved pet and
negatively impact their financial status, such as credit scores, for
far into the future. This is an issue that is a little under the radar
but needs strong oversight and attention under your deceptive practices
mandate if there are concerning financial practices being discovered.
Question. Can I get a further commitment from you all to keep my
office informed of actions and determinations you all may make
pertaining to this concerning issue and the Humane Society and Animal
Legal Defense Fund's formal petition to the Commission?
Answer. The FTC is committed to protecting consumers from unfair or
deceptive acts or practices, including any such practices carried out
by merchants or third-party leasing and financing companies. Since our
response to your letter last November, FTC staff have met with the
Humane Society and Animal Legal Defense Fund to discuss their joint
formal petition to the Commission. The FTC will continue to keep your
office informed of public actions the Commission takes concerning pet
leasing or the Humane Society and Animal Legal Defense Fund's petition
to the Commission.
Data Minimization vs Big Data
A topic that has come up a lot during our discussions on privacy is
data minimization. This is a concept that I have been considering on as
I work on developing a comprehensive data privacy bill. As you're
aware, this is the idea that businesses should only collect, process,
and store the minimum amount of data that is necessary to carry out the
purposes for which is was collected. There are obvious advantages to
this as it minimizes the risk of data breaches and other privacy harms.
At the same time, big data analytics are going to be crucial for the
future and play an important role in smart cities, artificial
intelligence, and other important technologies that fuel economic
growth. I think it is important to find a balance between minimization
and ensuring that data, especially de-identified data, is available for
these applications.
Question. Can you describe how you view this balance and how we in
Congress can ensure that people's data is not abused but can still be
put to use in positive ways?
Answer. Your question neatly captures the dilemma. Businesses can
apply ``big data'' analysis tools to gain insights from large data sets
that help the business to innovate--for example, to improve an existing
product. This analysis can provide new consumer benefits, such as the
development of new features. On the other hand, consumers' data may be
used for unexpected purposes in ways that are unwelcome.\20\ Long-term
retention of consumer information--such as sensitive financial
information--also presents a data security issue.\21\
---------------------------------------------------------------------------
\20\ See, e.g., Press Release, FTC Charges Deceptive Privacy
Practices in Google's Rollout of Its Buzz Social Network (Mar. 30,
2011), https://www.ftc.gov/news-events/press-releases/2011/03/ftc-
charges-deceptive-privacy-practices-googles-rollout-its-buzz) (alleging
that Google deceptively repurposed information it had obtained from
users of its Gmail e-mail service to set up the Buzz social networking
service, leading to public disclosure of users' e-mail contacts).
\21\ See, e.g., In re Ceridian Corp., No. C-4325 (June 8, 2011),
https://www.ftc.gov/enforcement/cases-proceedings/102-3160/ceridian-
corporation-matter) (final order resolving charges that the company
created unnecessary risks by storing information such as individuals'
e-mail address, telephone number, Social Security number, date of
birth, and direct deposit account number indefinitely on its network
without a business need).
---------------------------------------------------------------------------
The FTC issued a report on the subject of the benefits and risks of
big data that contains guidance for companies that use big data
analytics.\22\ In November 2018, the Commission also hosted a workshop
on the intersections between big data, privacy, and competition.\23\ We
are happy to work with your staff to develop legislation on how to
balance the benefits and risks of big data.
---------------------------------------------------------------------------
\22\ See FTC Report, Big Data: A Tool for Inclusion or Exclusion?
Understanding the Issues (Jan. 2016), https://www.ftc.gov/system/files/
documents/reports/big-data-tool-inclusion-or-exclusion-understanding-
issues/160106big-data-rpt.pdf.
\23\ See FTC Workshop, FTC Hearing #6: Competition and Consumer
Protection in the 21st Century (Nov. 6-8, 2018), https://www.ftc.gov/
news-events/events-calendar/ftc-hearing-6-competition-consumer-
protection-21st-century.
---------------------------------------------------------------------------
FTC Resource Needs--Staffing Specifics
To get a sense of the challenge additional authority or
requirements on your commission may be, can you tell us how many full
time technologists do you have on staff at the FTC?
Question 1. More broadly, how many staff does the FTC have working
on data privacy?
Question 2. Do you have the resources you need to effectively
protect privacy in the digital age?
Question 3. If not, what additional resources would be helpful?
Answer. We have about 5 full time staff whose positions are
classified as technologists. Beyond these specific full-time employees,
we have a number of investigators and lawyers who have developed
significant in-house technical expertise through their enforcement and
policy work in the areas of big data, cybersecurity, the online
advertising ecosystem, Internet of Things, artificial intelligence, and
related fields. When the FTC needs more complex and richer information
about a specific industry or technology, we supplement our internal
technological proficiency by hiring outside technical experts to help
us develop and litigate cases. We also keep abreast of technological
developments by hosting an annual event called PrivacyCon, in which we
call on academics to present original research on privacy and security
issues. If provided additional funding, we would hire additional
technologists and other staff to enhance our privacy and data security
enforcement efforts.
Answer to Question 1. As reflected in the Commission's annual
budget request, the Division of Privacy and Identity Protection has
approximately 40 staff tasked with protecting consumers' privacy and
security. Additionally, staff from other Divisions and regional offices
also work on data privacy issues.\24\
---------------------------------------------------------------------------
\24\ See, e.g., Press Release, LifeLock to Pay $100 Million to
Consumers to Settle FTC Charges it Violated 2010 Order (Dec. 17, 2015),
https://www.ftc.gov/news-events/press-releases/2015/12/lifelock-pay-
100-million-consumers-settle-ftc-charges-it-violated ($100 million
settlement for order violation obtained by the Division of
Enforcement); Press Release, Online Talent Search Company Settles FTC
Allegations it Collected Children's Information Without Consent and
Misled Consumers (Feb. 5, 2018), https://www.ftc.gov/news-events/press-
releases/2018/02/online-talent-search-company-settles-allegations-it-
collected (settlement for COPPA violations obtained by Midwest Region
staff); FTC, Website: Cybersecurity for Small Businesses (website
created by the Division of Consumer and Business Education), https://
www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity.
---------------------------------------------------------------------------
Answer to Questions 2 and 3. The Commission works hard to
effectively employ whatever resources Congress gives us. While we use
our existing resources efficiently, we believe that the agency could
use additional resources. Some areas in which we could use additional
resources include the hiring of additional technologists and the hiring
of additional staff to monitor and enforce compliance with privacy and
data security orders. Furthermore, if Congress were to give the FTC
additional rulemaking and enforcement tools in the privacy area, we
would need more resources to handle those tasks while continuing the
agency's existing enforcement, policy, and education work. Whatever
resources Congress gives us, we will put to good use.
General Privacy Recommendations
Question 1. While privacy was a significant topic of the oversight
hearing, as we look to develop a bill, can you specifically lay out
some of the top priorities you individually would like to see included
and what do you think gets overlooked in the conversations policymakers
have with allowing for future innovations and yet raising the bar for
protecting consumers?
Answer. In its written testimony, the Commission urged Congress to
consider enacting privacy legislation that would be enforced by the
FTC. The testimony recognized that, while the agency remains committed
to vigorously enforcing existing privacy-related statutes, Congress may
be able to craft Federal legislation that would more seamlessly address
consumers' legitimate concerns regarding the collection, use, and
sharing of their data and provide greater clarity to businesses while
retaining the flexibility required to foster competition and
innovation. As far as top priorities for such legislation: first,
Congress should give the Commission authority to deter violations by
fining companies for initial violations, as it has for violations of
other statutes. Second, Congress should ensure that all types of
companies across the economy are held accountable for protecting
consumers' privacy and security. As one example, the Commission has
long urged the repeal of the FTC Act's provision that places limits on
the agency's ability to go after law violations by common carriers and
by non-profits. Third, Congress should consider giving the FTC targeted
APA rulemaking authority so that the FTC can enact rules to keep up
with technology developments. An excellent example of this approach
appears in statutes such as CAN-SPAM and COPPA.
Question 2. Can you also outline the optimal role you see for our
state Attorneys General in this privacy enforcement process?
Answer. I see the state Attorneys General as important partners in
protecting consumers. For a number of statutes, such as COPPA, Congress
enacted legislation that enables Attorneys General to enforce the law
in addition to the Commission. We applaud this model. A number of state
AGs have brought actions to enforce COPPA, for example, which benefits
consumers because there are multiple cops on the beat. And when state
Attorneys General bring these actions, they are enforcing the same
legal standard that other states and the Commission are enforcing, so
the same protections apply consistently nationwide.
Updated Aspects of Banking or Health Care Data Security
Given the incredibly innovative technologies being developed, from
apps that are commonly used in various banking transactions, to
wearables that by design are tracking personally sensitive health care
related metrics by the second, there is a lot of data being collected,
stored and utilized.
And many of these technologies are providing incredibly helpful in
cases like telemedicine to help residents of rural communities. Within
your testimony, you stated quote ``The Commission also must continue to
prioritize, examine, and address privacy and data security with a fresh
perspective.''
Question 1. So do you think there is a need for a broader
conversation about how our current banking and health care information
protection statutes like HIPAA, for example, and regulators like the
FTC serve in aiding the different enforcement agencies ensure these
laws are moving ahead with the times?
Answer. Laws and regulators certainly need to keep up with the
times. The series of hearings the Commission has been holding on a wide
range of issues are one part of the Commission's process to do just
that. Laws regarding financial privacy, in particular, have been
changing rapidly at the state level, with the adoption of new laws by
states such as New York and South Carolina with respect to financial
institutions and insurance companies, respectively. The Commission has
been following these developments closely.
Question 2. Are there any specific examples or thoughts you have on
what kind of further considerations need to be given to these kinds of
technologies given the increased personal nature of the type of data
that is being collected, stored and utilized?
Answer. With respect to financial and health privacy specifically,
it is important that privacy and security obligations apply regardless
of the type of entity that is collecting the data. For both financial
and health privacy, that is not currently the case. Companies covered
by HIPAA, such as health plans and certain medical providers, have
specific obligations with respect to health information they collect;
meanwhile, other entities that collect the same types of information
(e.g., data brokers, health apps, health information websites) may not
face the same obligations. Similarly, financial institutions have
obligations under the Gramm-Leach-Bliley (GLB) Act to protect
information such as account numbers and SSNs, but other entities
collecting the same types of information do not.
Question 3. Is it time for a reconsideration or expansion of
safeguards at all stages of transmission of consumer's banking
information?
Answer. While the Commission does not have jurisdiction over banks
and does not have the expertise to comment on banking information
specifically, I do believe it is time for a reexamination of safeguards
for financial institutions generally. The FTC has jurisdiction over a
wide range of non-bank financial institutions such as tax preparers,
mortgage brokers, payday lenders, credit bureaus, and debt collectors.
The FTC enforces the GLB Safeguards Rule, which applies to these
institutions. As part of its periodic review of its rules and guides,
the Commission is currently reviewing its GLB Safeguards Rule, which
requires financial institutions to take reasonable measures to secure
consumers' data. More broadly, in urging Congress to consider enacting
privacy legislation that would be enforced by the FTC, the Commission
expects that the legislative process would involve a fresh new look at
the current regulatory landscape, and would consider harmonizing and
updating that landscape where needed. We agree that financial
information, in particular, should be maintained securely throughout
the information lifecycle.
Question 4. What regulatory structures and rules under the Gramm-
Leach-Bliley Act could apply to other entities which collect and hold
sensitive information?
Answer. The Commission's GLB Safeguards Rule requires financial
institutions to develop, implement, and maintain a comprehensive,
written information security program, and, as noted above, is currently
under review. One of the strengths of the Rule is its flexible,
process-based approach, which requires the institution to implement
administrative, technical, and physical safeguards appropriate to the
size and complexity of the financial institution, the nature and scope
of its activities, and the sensitivity of the customer information at
issue. The Rule also requires each financial institution, among other
things, to keep its security program up-to-date--for example, by
adjusting the program to address new types of threats. This process of
continual updating is essential. We believe a similar, process-based
approach would be appropriate for a wide range of companies. To respond
to companies' desire for more specific guidance about which security
measures to adopt, the Rule's process-based, results-oriented approach
can be combined with more specific technology-neutral requirements.
Question 5. From your perspective, should entities such as
financial institutions be on the list of those to be informed of any
compromised personally identifiable information when associated
accounts are involved?
Answer. Previous legislation that would require data breach
notification has required that companies notify the nationwide credit
reporting companies, possibly because these are large, well-known
entities that would be expected to develop processes to handle such
notifications. Although consumers would presumably notify their bank,
for example, if a company were to inform them that their bank account
information has been exposed in a breach, direct notification of
financial institutions could enable the institution to take additional
measures to monitor breached accounts for fraud, even if the consumer
does not take action.
First and Third Party Entities
There has been a lot of calls for a privacy bill that evens the
playing field and is technologically neutral. This is important, but it
is also important to think about how consumers interact with different
entities. For example, many small and medium sized businesses contract
with secondary firms that process data on their behalf. The consumer
has no relationship with these entities, and so many of the
requirements like transparency and control are more difficult to meet.
Question. How do we address this problem while ensuring a bill
maintains an even playing field and does not favor any one business
model?
Answer. One of consumers' main privacy concerns is the sharing of
their data--particularly the sale of their data--with third parties
with whom, often, the consumer has no direct relationship. At the same
time, large entities that collect vast amounts of data from consumers
may be able to share information widely within their organizations,
without sharing with ``third parties,'' while smaller competitors
cannot. The implications on competition of different privacy regimes is
one of the issues that the Commission has been examining in its ongoing
series of hearings. One option to protect privacy in a way that does
not disadvantage smaller players would be to impose requirements based
on factors other than whether the entity is a ``third party''--for
example, by restricting the use of certain information for particular
purposes by both first parties and third parties. We would be pleased
to work with your staff further on this issue.
Privacy Risky Communities/Groups
Question 1. Do you think that certain communities or groups are any
more or less vulnerable to privacy risks and harms?
Answer. Yes. Part of the discussion around big data and AI, for
example, concerns the potential for bias, such as perpetuating
historical discrimination, even unintentionally, through the use of
biased data. In a 2016 report, Big Data: A Tool for Inclusion or
Exclusion? Understanding the Issues, the Commission staff reported on a
workshop relating to the risks and benefits of big data. The report
recognized that big data analysis can bring significant consumer
benefits, but also may cause harm relating to disparate treatment. For
example, the report noted that potential inaccuracies and biases in
data analysis might lead to detrimental effects for low-income and
underserved populations. The Commission has worked to address issues
particularly affecting certain communities or groups through a number
of means, including a series of seminars and other events around the
country and through consumer education.\25\
---------------------------------------------------------------------------
\25\ See, e.g., Common Ground Conferences and Roundtables Calendar,
https://www.con
sumer.gov/content/common-ground-conferences-and-roundtables-calendar;
Consumer Information--Fraud Affects Every Community, https://
www.consumer.ftc.gov/features/every-community.
Question 2. Should privacy law and regulations account for such
unique or disparate harms, and if so, how?
Answer. Certainly, harmful discriminatory treatment based on an
individual's race, age, gender, religion, national origin, sexual
orientation, and other prohibited factors should not be lawful.
Existing laws, such as the Fair Credit Reporting Act and the Equal
Credit Opportunity Act, offer important protections against unlawful
discrimination. As noted above, much of the discussion around
discriminatory treatment in the privacy area relates to the possibility
that the use of algorithms will perpetuate past discrimination, even
unintentionally.\26\ Panelists at the Commission's November 2018
hearing on competition and consumer protection issues associated with
the use of algorithms, artificial intelligence, and predictive
analytics delved into these complicated issues.\27\ We are happy to
work with you to think through these issues as you craft legislation to
prevent unlawful discrimination.
---------------------------------------------------------------------------
\26\ See, e.g., Elizabeth Weise, Amazon Same-Day Delivery Less
Likely in Black Areas, Report Says, USA Today (Apr. 22, 2016), https://
www.usatoday.com/story/tech/news/2016/04/22/amazon-same-day-delivery-
less-likely-black-areas-report-says/83345684/ (mapping Amazon's al
gorithmically-based same day delivery areas in certain cities, as
originally proposed, with historical segregation in those cities).
\27\ See FTC Workshop, FTC Hearing #7: Competition and Consumer
Protection Issues in the 21st Century (Nov. 13-14), https://
www.ftc.gov/news-events/events-calendar/ftc-hearing-7-competition-
consumer-protection-21st-century.
---------------------------------------------------------------------------
Immediate Civil Penalties Authority
Noting from your FTC testimony, ``Section 5 (of the FTC Act),
however, is not without limitations. For example, Section 5 does not
provide for civil penalties, reducing the Commission's deterrent
capability.''
Question. While I appreciate the long term successes of the FTC in
many respects to investigate data security matters, what are your
thoughts to whether there is enough of a deterrent effect with Section
5 authority when you can't immediately enforce against those who misuse
data with civil penalties right from the start, rather than as the
result of often times flagrant offenses to their already establish
consent decrees?
Answer. In the data security area, I believe that Congress should
enact legislation giving the FTC the authority to seek civil penalties
against first-time violators, which we cannot currently do under the
FTC Act. I support such legislation precisely because I believe that
our existing legal regime does not provide sufficient deterrence.
______
Response to Written Questions Submitted by Hon. John Thune to
Hon. Rohit Chopra
Question 1. Vertical mergers such as the merger between AT&T and
Time Warner have garnered some attention lately. The Federal Trade
Commission (FTC) and the Department of Justice (DOJ) have not updated
vertical merger guidance since 1984. Do you believe that the FTC and
DOJ should issue new guidance on vertical mergers?
Answer. Vertical mergers can threaten competition. For example, as
I noted in my dissenting statement in the Fresenius/NxStage matter,
vertical mergers can make it tougher for a new business to get off the
ground.
Senior officials in the antitrust agencies have openly communicated
that the 1984 guidelines do not provide useful guidance.\1\
---------------------------------------------------------------------------
\1\ See D. Bruce Hoffman, Vertical Merger Enforcement at the FTC,
Prepared Remarks for Delivery at the Credit Suisse 2018 Washington
Perspectives Conference (Jan. 10, 2018), available at http://
www.ftc.gov/system/files/documents/public_statements/1304213/
hoffman_vertical_
merger_speech_final.pdf.
---------------------------------------------------------------------------
It is troubling that the agencies have published guidance that we
do not actually follow. I am very open to the idea of updating these
guidelines.
Question 2. Government lawsuits to stop mergers are litigated using
different procedures depending on which agency, the FTC or DOJ, handles
the case. Do you think Congress should take action to ensure that
agencies follow the same procedures, or do you support another
approach?
Answer. While I appreciate the theoretical concerns that have been
raised, it does not appear that this has much real world impact. There
are broader issues that stem from the FTC and DOJ having concurrent
jurisdiction in merger review that Congress might consider giving a
higher priority for examination. For example, thought should be given
to ways to improve our clearance process.
Question 3. Should Congress amend Section 5(n) of the FTC Act,
which addresses unfair practices, to clarify what constitutes
``substantial injury?'' If so, how?
Answer. Both the courts and the Commission have identified various
types of injury that meet this criterion. If there are additional types
of injury that Congress wishes to codify, I am happy to work with you
to determine how to best achieve those goals.
Question 4. Should the FTC issue more guidance to marketers on the
level of support needed to substantiate their claims? If so, when do
you anticipate that such guidance could be issued?
Answer. Both consumers and marketers that are interested in
complying with the law benefit from FTC guidance. Given case law, the
Commission's Policy Statement on Advertising Substantiation, and other
Commission statements, there is certainly an array of information to
assist marketers with compliance, but I am always open to hearing ways
to improve information to help law-abiding businesses.
Question 5. In June, the 11th Circuit vacated the Commission's data
security order against Lab-MD. What effect, if any, will this have on
the Commission's data security orders going forward?
Answer. Given this decision, as well as feedback from stakeholders
and our recent hearing on data security, we are actively engaged in
discussions on how our orders can provide optimal deterrence under our
existing Section 5 authority.
Question 6. If Federal privacy legislation is passed, what
enforcement tools would you like to be included for the FTC?
Answer. Federal privacy legislation needs enforcement teeth to be
effective. In addition to strong civil penalty authority, it would be
useful for the FTC to have independent litigating authority. Commission
fines must be strong enough to realign market incentives, rather than
representing a cost of doing business. I look forward to working with
Congress to identify additional tools and authorities to make any
legislation effective.
Question 7. During the hearing, I asked the Chairman whether the
FTC would consider using its section 6(b) authority to study consumer
information data flows, specifically sending requests to Google,
Facebook, Amazon, and others in the tech industry to learn what
information they collect from consumers and how that information is
used, shared, and sold. I believe the FTC's section 6(b) authority
could provide some much needed transparency to consumers about the data
practices of large technology companies, and help identify areas that
may require additional attention from lawmakers. What are your views
with respect to the FTC potentially conducting a study pursuant to
section 6(b) of the Federal Trade Commission Act on the data
collection, use, filtering, sharing, and sale practices of large
technology companies such as Google, Facebook, Amazon, and others?
Answer. Yes, the FTC should pursue a 6(b) study about the practices
in the technology sector. This will help advance our competition and
consumer protection mission. The FTC's research function is fundamental
to how we should work to make markets fair and effective.
______
Response to Written Questions Submitted by Hon. Jerry Moran to
Hon. Rohit Chopra
Question 1. Section 5(a) of the FTC Act, which prohibits ``unfair
or deceptive acts or practices in or affecting commerce'' is the legal
basis for a body of consumer protection law that covers data privacy
and security practices. The FTC has brought hundreds of cases to date
to protect the privacy and security of consumer information held by
companies of all sizes under this authority. The FTC staff recently
submitted comments to the National Telecommunications and Information
Administration (NTIA) that clearly indicate the FTC staff's view that
the FTC would be the appropriate agency to enforce a new comprehensive
privacy legislative framework. Do you agree with the staff's view?
Answer. It is clear that data is playing an ever-increasing role in
shaping all markets. From banking to real estate to travel to health
care, every industry is relying on more and more data. Federal
legislation should avoid problems of regulatory arbitrage that can
impede Federal enforcement. Even if the FTC has enforcement authority
over a new law, it will be critical to ensure that this supplements,
and does not supplant, the role of state law enforcement.
Question 2. As Congress evaluates opportunities to create
meaningful Federal legislation to appropriately ensure privacy of
consumers' data, there have been suggestions to increase the FTC's
authorities to enforce in this space. Will you commit to working with
this Committee in measuring what resources, if any, will be needed to
allow the agency to enforce any additional authorities that may or may
not be provided in Federal legislation?
Answer. Yes.
Question 3. Sharing responsibilities with the DOJ's Antitrust
Division, the FTC enforces antitrust law in a variety of sectors as
described by your testimony. While the vast majority of premerger
filings submitted to enforcement agencies do not raise competition
concerns, the FTC challenged 45 mergers since the beginning of 2017,
and of those, the FTC only voted to initiate litigation to block five
transactions. Would you please describe the resource needs of the
agency associated with hiring qualified outside experts to support its
litigation efforts? Please explain how developments in the high-
technology sector are accounted for in the FTC's decision-making
process related to antitrust enforcement.
Answer. Expert spending is costly. Compared to other statutes we
enforce, our antitrust laws lack clear presumptions and rules, making
litigation lengthy and resource-intensive. Given the state of the law,
it is necessary to ensure adequate resources for litigation.
To be seen as an effective and credible enforcer, we must have
enough qualified experts to collect and analyze data on business
practices in the technology sector.
Question 4. Earlier this year, I introduced legislation called the
Senior Scams Prevention Act with Senator Bob Casey to combat continued
and increasingly complex attempts to defraud one of the Nation's most
vulnerable populations, our senior community. This bill seeks to ensure
retailers, financial institutions and wire transfer companies have the
resources to train employees to help stop financial frauds and scams on
seniors. Would you agree that awareness and education, guided by ``best
practices'' established by industry and government partners, is a
valuable tool in preventing consumer harms against our Nation's
seniors?
Answer. Older Americans are disproportionately affected by fraud,
and any effort to enlist industry and government in protecting them
from the worst abuses is commendable. Educational initiatives can
complement aggressive enforcement of those who defraud older American
consumers.
Question 5. In its comments submitted to NTIA on ``Developing the
Administration's Approach to Consumer Privacy,'' the FTC discussed the
various cases that it has taken up to address privacy-related harms to
consumers, and it specifically noted four categories of harms:
financial injury, physical injury, reputational injury, and unwanted
intrusion. Could you please briefly describe each category while noting
any FTC enforcement considerations specific to that type of harm?
Answer. The FTC staff comment identified financial injury, physical
harm, reputational injury, and unwanted intrusion as four categories of
privacy harms that FTC enforcement actions have acted to address.
Financial injury is the injury that an act or practice causes to a
consumer's financial position. The NTIA comment notes that financial
injury manifests in a variety of ways, including through fraudulent
charges, delayed benefits, expended time, opportunity costs, fraud, and
identity theft. Consumers may also suffer financial injury when they
purchase a product sold through deceptive representations. Physical
injuries include risks to individuals' health or safety, including the
risk of stalking or harassment. Reputational injury involves disclosure
of damaging private facts about an individual. And unwanted intrusion
includes both activities that intrude on the sanctity of people's homes
or intimate lives and commercial intrusions.
Through its enforcement of particular statutes or rules, like the
Fair Debt Collections Practices Act, Telemarketing Sales Rule, and
COPPA, the FTC vindicates particular legislative and regulatory
judgments meant to prevent harms such as these.
This effort to categorize privacy harms should not be seen as
creating an exclusive list or harms, nor should it be read to exclude
from FTC scrutiny activities that may not directly implicate these
types of harm. For example, the FTC Act prohibits companies from making
certain misrepresentations in connection with privacy and data
security. To the extent that a company acts in a manner that is
deceptive under the law, the FTC must be able to take appropriate
action.
Question 6. In the FTC's recent comments in NTIA's privacy
proceeding, the FTC said that its ``guiding principles'' are based on
``balancing risk of harm with the benefits of innovation and
competition.'' Would you describe what this means, how you strike this
balance, and how it is applied in practice under your Section 5
authority in the FTC Act?
Answer. The FTC's staff comment reflects the fact that many of the
FTC's enforcement efforts related to privacy and data security have
proceeded under the FTC's Section 5 unfairness authority. Section 5(n)
of the FTC Act requires that the FTC weigh the actual or likely
substantial injury of an act or practice against countervailing
benefits to consumers or competition. The FTC must be sure that it is
not over-or under-estimating either side of the balance. Of course,
Section 5's deception standard does not require this balancing
exercise.
Question 7. The FTC's comments pertaining to ``control'' in NTIA's
privacy proceeding stated, ``Choice also may be unnecessary when
companies collect and disclose de-identified data, which can power data
analytics and research, while minimizing privacy concerns.'' How would
the FTC suggest Federal regulation account for de-identified data, if
at all?
Answer. While companies may sometimes claim that data has been
``de-identified,'' in some cases these data can be easily ``re-
identified.'' We would be happy to work with you should you choose to
specifically legislate on this issue.
Question 8. Your testimony indicated that continued technological
developments allow illegal robocallers to conceal their identities in
``spoofing'' caller IDs while exponentially increasing robocall volumes
through automated dialing systems. These evolving technological changes
mean that the critical law enforcement efforts of the FTC cannot be the
only solution, and your testimony described the additional steps the
FTC is taking to develop innovative solutions to these issues. Would
you please describe the process and outcomes of the four public
challenges that the FTC held from 2013 to 2015? Are there plans to
incentivize innovators to combat robocalls in the future?
Answer. The FTC's process for its robocall challenges included
public announcements, committees with independent judges, and, in some
cases, cash prizes awarded under the America COMPETES Reauthorization
Act.\2\ To maximize publicity, the FTC announced each of its four
challenges in connection with public events. The FTC announced the
first robocall challenge at the FTC's 2012 Robocall Summit. In 2014,
the FTC conducted its second challenge, ``Zapping Rachel'' at DEF CON
22. The FTC conducted its third challenge, ``DetectaRobo,'' in June
2015 in conjunction with the National Day of Civic Hacking. The final
phase of the FTC's fourth public robocall challenge took place at DEF
CON 23. When the FTC held its first public challenge, there were few,
if any, call blocking or call labeling solutions available for
consumers. Today, two FTC challenge winners, NomoRobo and Robokilller,
offer call blocking applications, and there are hundreds of mobile apps
offering call blocking and call labeling solutions for cell phones.
Many home telephone service providers also now offer call blocking and
call labeling solutions. The FTC will not hesitate to initiate
additional innovation contests if it identifies further challenges that
could meaningfully benefit consumers by reducing the harm caused by
illegal robocalls.
---------------------------------------------------------------------------
\2\ See ``Details About the FTC's Robocall Initiatives'' at https:/
/www.consumer.ftc.gov/features/feature-0025-robocalls
---------------------------------------------------------------------------
In addition to developing call blocking and call labeling
technology, the telecom industry has also developed call verification
technology, called STIR/SHAKEN, to help consumers know whether a call
is using a spoofed Caller ID number and assist call analytics companies
in implementing call blocking and call labeling products. If widely
implemented and made available to consumers, the STIR/SHAKEN protocol
should minimize unwanted calls. Certain industry members have begun to
roll out this technology and it is in beta testing mode. We will keep a
close eye on this industry initiative and continue to encourage its
implementation.
Question 9. Would you please describe the FTC's coordination
efforts with state, federal, and international partners to combat
illegal robocalls?
Answer. The FTC frequently coordinates its efforts with its state,
federal, and international partners. The FTC often brings robocall
enforcement actions with states as co-plaintiffs. For example, in the
FTC's case against Dish Network, litigated for the FTC by the
Department of Justice, the FTC brought the case jointly with
California, Illinois, North Carolina, and Ohio. Collectively, the
states and the FTC obtained a historic $280 million trial verdict.\3\
---------------------------------------------------------------------------
\3\ Press Release, FTC and DOJ Case Results in Historic Decision
Awarding $280 Million in Civil Penalties Against Dish Network and
Strong Injunctive Relief for Do Not Call Violations (June 6, 2017),
https://www.ftc.gov/news-events/press-releases/2017/06/ftc-doj-case-
results-historic-decision-awarding-280-million-civil. The case is on
appeal before the Seventh Circuit Court of Appeals.
---------------------------------------------------------------------------
The FTC also coordinates outreach and education with the FCC. In
2018, the agencies co-hosted two robocall events--a policy forum that
discussed technological and law enforcement solutions to the robocall
problem \4\ and a public expo that allowed companies offering call
blocking and call labeling services to showcase their products for the
public.\5\ Additionally, the FTC and FCC hold quarterly calls, speak
regularly on an informal basis, and coordinate on a monthly basis with
our state partners through the National Association of Attorneys
General. The FTC also engages with international partners through
participation in international law enforcement groups such as the
International Consumer Protection Enforcement Network, International
Mass Marketing Fraud Working Group, and the Unsolicited Communications
Network (formerly known as the London Action Plan).
---------------------------------------------------------------------------
\4\ Press Release, FTC and FCC to Host Joint Policy Forum and
Consumer Expo to Fight the Scourge of Illegal Robocalls (Mar. 22,
2018), https://www.ftc.gov/news-events/press-releases/2018/03/ftc-fcc-
host-joint-policy-forum-illegal-robocalls.
\5\ Press Release, FTC and FCC to Co-Host Expo on April 23
Featuring Technologies to Block Illegal Robocalls (Apr. 19, 2018),
https://www.ftc.gov/news-events/press-releases/2018/04/ftc-fcc-co-host-
expo-april-23-featuring-technologies-block-0.
Question 10. Your testimony described the limitations of the FTC's
current data security enforcement authority provided by Section 5 of
the FTC Act including: lacking civil penalty authority, lacking
authority over non-profits and common carrier activity, and missing
broad APA rulemaking authority. Please describe each of these
limitations and how adjusted FTC authority to address these items would
improve the protection of consumers from data security risks.
Answer. As a general matter, the FTC Act does not provide the
Commission with the authority to seek civil penalties from first-time
violators of Section 5. Providing the FTC with expanded civil penalty
authority would assist the FTC in its efforts to deter illegal conduct.
Without civil penalties, companies with unlawful privacy and security
practices get a free bite at the apple. Strong civil penalties and
clear rules of the road are critical to deter lax privacy and security
practices.
The FTC Act excludes or exempts non-profits and common carriers
from the FTC's jurisdiction, but non-profits and common carriers rely
on consumer data just as other persons subject to the FTC's
jurisdiction do. Broadened FTC authority that also covers non-profits
and common carriers will eliminate opportunities for arbitrage and help
ensure that persons collecting, storing, using, disposing of, or
transporting consumer data do so in accordance with consistent rules.
The FTC Act provides the FTC with authority to issue rules that
define with specificity acts or practices in or affecting commerce that
are unfair or deceptive. Through this authority, the FTC could issue
rules pertaining to data privacy and security. Unfortunately, this
rulemaking must be conducted in accordance with the Magnuson-Moss
Warranty Act, which adds time-consuming requirements to the rulemaking
process that go well-beyond the requirements of the Administrative
Procedure Act. Granting the FTC the authority to issue data security
rules in accordance with the Administrative Procedure Act would allow
the Commission to issue timely and appropriate rules that keep pace
with technological development and seek civil penalties if companies
violate them.
______
Response to Written Questions Submitted by Hon. Richard Blumenthal to
Hon. Rohit Chopra
Privacy Rules
We know that Americans care about privacy--that they eagerly want
these rights. We need baseline rules. Companies should not store
sensitive information indefinitely and use that data for purposes that
people never intended. Federal rules must set meaningful obligations on
those that handle our data. We must enable consumers to trust and
control their personal data.
Question 8. Do you support providing state AGs with the power to
enforce Federal privacy protections and would you commit to working
with state AGs?
Answer. Yes. There is precedent for state attorney general
enforcement of Federal privacy law. For example, state attorneys
general have the authority to take action under the Children's Online
Privacy Protection Act. However, this should not necessarily be a
substitute for state attorneys general enforcing their own state laws
protecting citizen data.
Question 9. Why is it important that the FTC have rulemaking
authority when it comes to privacy? Where best would rulemaking be
applied?
Answer. If privacy rules cannot evolve with changing technology,
this will threaten fair competition and fair treatment of consumers.
For example, the last major privacy legislation, COPPA, was in
1998. If we did not have rulemaking authority, we would not have been
able to make critical updates as the landscape evolved to mobile apps.
Additionally, rulemaking means that the public will weigh in and help
shape how it works. I believe in Joy's Law--``no matter who you are,
most of the smartest people work for someone else,''--ccoined by Sun
Microsystems co-founder Bill Joy. We need the input of the best
researchers, engineers, entrepreneurs and the critically, the
populations most at risk in privacy lapses.
Question 10. Do you believe elevating the Office of Technology
Research and Investigation to the Bureau level would meaningfully help
the FTC in addressing new technological developments across its
mandates?
Answer. The line between ``consumer protection'' and
``competition'' is very blurry in today's digital economy. Just as our
lawyers and economists make substantial contributions to our mission,
the FTC would benefit from additional employees with professionalized
technical skills and capabilities. Elevating the staff from the Office
of Technology Research and Investigation into a new Bureau of
Technology would be one potential step in helping us rise to meet the
challenge of how markets and business models work today.
Board Accountability
Question 12. What is the FTC doing to investigate and hold
accountable individual board members and executives who knowingly
assist their companies in committing fraud? What more should the FTC be
doing in this regard?
Answer. The FTC should focus on holding individual board members
and executives accountable when they break the law. While individuals
are typically pursued in smaller matters, I believe we should sharpen
our focus on individuals in all investigations, regardless of the size
of the firm. This is especially true for firms subject to an existing
Commission order.
FTC Investigation of Algorithms
Section 6(b) of the FTC Act gives the agency broad investigatory
and information-gathering powers. For example, in the 1970s the FTC
used its Section 6(b) authority to require companies to submit product-
line specific information, enabling the agency to assess the state of
competition across markets.
The FTC has released reports on big data and the harms biased
algorithms can cause to disadvantaged communities. These reports drew
attention to the potential loss of economic opportunity and diminished
participation in our society. Yet, information on how these algorithms
work, and on the inputs that go into them, remains opaque.
Question 19. Where the FTC consider using its Section 6(b)
investigative power to help us understand how these algorithms and
black-box A.I. systems work--the biases that shape them, and how those
can affect trade, opportunity, and the market?
Answer. Black-box algorithms increasingly make decisions about our
lives. This can raise serious concerns about fairness and civil rights.
The FTC should consider a wide range of potential studies to better
understand how markets, technology, and business models work today.
FTC Consent Decree on Unrepaired Recalls
Most consumers probably do not know that, while new car dealers are
prohibited from selling vehicles with open recalls, used car dealers
are not. A recent FTC consent decree, which I strenuously disagreed
with and is currently being scrutinized in the courts, allows the sale
of used cars with unrepaired recalls. According to the consent decree,
car dealers can advertise that cars with unrepaired safety recalls like
a defective Takata airbag are ``safe'' or have passed a ``rigorous
inspection''--as long as they have a disclosure that the vehicle may be
subject to an unrepaired recall and directs consumers on how they can
determine the vehicle has an open recall.
Question 20. In your opinion, is a car with an open, unrepaired
recall, a ``safe'' car? Why would the FTC allow unsafe cars to be
advertised as ``safe'' and ``repaired for safety,'' with or without a
vague, contradictory and confusing disclaimer?
Answer. It is extremely concerning that American drivers are
unknowingly purchasing used cars with open recalls. While we have
pursued enforcement cases relating to deceptive advertising in the
past, I am concerned that these actions without the threat of civil
penalties do not do enough to deter this sort of behavior, which puts
people on the road at risk. We should utilize the rulemaking authority
granted to us in 2010 pursuant to Section 1029 of the Dodd-Frank Act to
ensure that we can seek civil penalties on an auto dealer's first
offense.
Question on Non-Compete Clauses
I am concerned about the growth of non-compete clauses, which block
employees from switching jobs to another employer in the same sector
for a certain period of time. These clauses weaken workers' bargaining
power once they are in the job, because workers often cannot credibly
threaten to leave if their employer forces refuses to give them a raise
or imposes poor working conditions. According to the Economic Policy
Institute, roughly 30 million workers--including one in six workers
without a college degree--are now covered by non-compete clauses.
The consensus in favor of addressing non-compete clauses is
growing. For example, just this past December, an interagency report
indicated that non-compete clauses can be harmful in certain contexts,
such as the healthcare industry. Yet, the FTC has not yet undertaken
forceful action. In September, Commissioner Chopra suggested that the
FTC use its rulemaking authority to ``remove any ambiguity as to when
non-compete agreements are permissible or not.''
Question 23. Do you agree with the proposal that the FTC use its
rulemaking authority to address non-compete clauses? I invite you to
explain your reasoning regarding your stance.
Answer. The prevalence of non-compete clauses are a significant
concern. Firms may be using these clauses to suppress wages and impede
a competitive labor market. I support examining the use of all tools,
including rulemaking, to address concerns of anticompetitive conduct
with respect to non-compete clauses and other terms and conditions in
worker and independent contractor agreements.
Question on Local Merger Enforcement
Even though big national mergers typically garner the most media
attention, smaller mergers can often raise monopoly concerns on the
local level. This can be true in the healthcare industry, for example.
In November, Commissioner Simons told me: ``Some local mergers may be
too small to require Hart-Scott-Rodino premerger notification, but may
still have anticompetitive effects.''
Question 24. Would you agree with me that Hart-Scott-Rodino
premerger notifications help antitrust enforcers catch concerning
mergers?
Answer. Yes.
Question 25. What sort of anticompetitive effects might be raised
by local mergers even when those mergers are too small to require Hart-
Scott-Rodino premerger notification?
Answer. Hospitals and Main Street retail are some of the
foundations of a local economy. Mergers like these that are not subject
to the requirements under the HSR Act can be just as anticompetitive as
mergers that are. They can lead to higher prices and less access to
necessities like food and health care.
Question 26. What action would you recommend either the FTC or
Congress take in order to assist Federal and state antitrust enforcers
in catching local mergers that raise anticompetitive concerns?
Answer. This is an important issue for local economies across the
country. We should closely examine whether our reporting regime
adequately captures transactions that lead to potentially
anticompetitive effects. I look forward to working with you and other
interested offices on this issue.
Question on Horizontal Shareholding
Recent research has raised questions about whether horizontal
shareholding harms competition in our economy. I would like to
understand your view on this ongoing research.
Question 27. Do you believe that horizontal shareholding raises
anticompetitive concerns?
Answer. This is a new area of concern that we need to learn more
about. There is an emerging literature about this topic that focuses on
passive investment vehicles. I am also interested in how holdings by
private pools of capital, such as private equity and hedge funds, could
raise a special set of anticompetitive concerns.
Question 28. Do you believe that our antitrust laws can be used to
address the anticompetitive concerns raised by horizontal shareholding?
Answer. I do not know if our laws are sufficient to address
potential problems. Our 21st Century Hearings on Competition and
Consumer Protection are covering this issue. I plan to study the record
on this issue closely to assess any anticompetitive concerns.
Question 29. What, if anything, are you doing to address any
potential harms of horizontal shareholding?
Answer. I am still gathering information to determine the
appropriate course of action.
______
Response to Written Questions Submitted by Hon. Catherine Cortez Masto
to Hon. Rohit Chopra
Pet Leasing
I appreciate the Commission's attention to my request with six of
my colleagues for the FTC to investigate the practice of pet leasing
that is leading some consumers into confusing or deceptive contractual
obligations that cause them to have an issue with their beloved pet and
negatively impact their financial status, such as credit scores, for
far into the future. This is an issue that is a little under the radar
but needs strong oversight and attention under your deceptive practices
mandate if there are concerning financial practices being discovered.
Question. Can I get a further commitment from you all to keep my
office informed of actions and determinations you all may make
pertaining to this concerning issue and the Humane Society and Animal
Legal Defense Fund's formal petition to the Commission?
Answer. Consistent with the FTC's Rules of Practice, we are happy
to provide your office with updates on this topic.
Bureau of Technology
Former Commissioner Terrell McSweeny has suggested creating a
Bureau of Technology at the FTC.
Question 1. Does the Commission have sufficient resources and
staffing to protect consumer privacy in the digital age?
Answer. Given the challenges faced in the digital marketplace, more
resources would help advance the goal of protecting consumer privacy
and competition.
Question 2. Do support the establishment of a Bureau of Technology?
Answer. Just as our lawyers and economists make substantial
contributions to our mission, the FTC would benefit from additional
employees with professionalized technical skills and capabilities.
Establishing a new Bureau of Technology would be one important step in
helping us rise to meet the challenge of how markets and business
models work today.
Robocalls
Obviously protecting consumers from fraud is a fundamental tenet of
the FTC. And I applaud your work in both the education and enforcement
sectors of protecting consumers. But one area we all are still
struggling to stay ahead of the curve on is robocalls. That's why I
have legislation, the Deter Obnoxious, Nefarious, and Outrageous
Telephone Calls, or DO NOT Call Act with four of my Senate colleagues.
It would increase the deterrent against illegal robocalls by imposing a
potential criminal penalty rather than just civil fines. While these
tools would be more for the Federal Communications Commission, we are
obviously interested in fighting this problem on all fronts.
Question 1. Would you agree that in addition to finding more
effective technological tools to fight this problem, that this kind of
enhanced deterrent needs to receive serious consideration in Congress
to help provide regulators the tools to hold bad actors accountable for
this persistent nuisance and scurrilous action by scammers?
Answer. Yes, more tools to hold bad actors accountable would be
helpful.
Question 2. Are there additional actions Congress should be
considering related to this specific challenge?
Answer. Congress should consider repealing the common carrier
exemption in the FTC Act. In addition, Congress may need to weigh
whether criminal penalties are appropriate for the worst abusers of
robocalling.
Data Minimization vs Big Data
A topic that has come up a lot during our discussions on privacy is
data minimization. This is a concept that I have been considering on as
I work on developing a comprehensive data privacy bill. As you're
aware, this is the idea that businesses should only collect, process,
and store the minimum amount of data that is necessary to carry out the
purposes for which is was collected. There are obvious advantages to
this as it minimizes the risk of data breaches and other privacy harms.
At the same time, big data analytics are going to be crucial for the
future and play an important role in smart cities, artificial
intelligence, and other important technologies that fuel economic
growth. I think it is important to find a balance between minimization
and ensuring that data, especially de-identified data, is available for
these applications.
Question. Can you describe how you view this balance and how we in
Congress can ensure that people's data is not abused but can still be
put to use in positive ways?
Answer. Data minimization and big data are complementary. Some
assume that ``big data'' means that more is simply better, but firms
collecting massive amounts of data face practical, computational, and
architectural constraints.
We need to ensure that when firms accumulate massive amounts of
data, they do not engage exclusionary conduct and other anticompetitive
practices. This is also important in merger review, where data is a
critical asset. We will also need to take steps to ensure that there
are mechanisms to ensure that big data does not lead to discrimination
or reinforce biases.
General Privacy Recommendations
Question 1. While privacy was a significant topic of the oversight
hearing, as we look to develop a bill, can you specifically lay out
some of the top priorities you individually would like to see included
and what do you think gets overlooked in the conversations policymakers
have with allowing for future innovations and yet raising the bar for
protecting consumers?
Answer. Technology moves quickly. The best thing we can do is make
sure that this movement is happening within a competitive market that
ensures autonomy, choice, and individual rights. We need to take aim at
all of the structural incentives and business models that can distort
competition and infringe on personal privacy.
For example, we need to address ``terms of service'' that include
one-sided terms that lead to a race to the bottom. Also overlooked is
the role of data in mergers and acquisitions. We need to look carefully
at whether firms are combining data to erode privacy and exclude
competition. We also need to examine whether there are conflicts of
interest in certain types of business models that harm both users and
competitors.
Question 2. Can you also outline the optimal role you see for our
state Attorneys General in this privacy enforcement process?
Answer. State Attorneys General play a critical law enforcement
role and are often times in a better position to quickly identify and
respond to problems that impact citizens of their states than Federal
law enforcement is. Any privacy enforcement regime should recognize and
account for this reality and enable states to act as necessary to
protect their citizens. In addition to enforcing their own state law
protecting citizen data, I support state attorney general enforcement
authority of Federal privacy protections.
Data Privacy--Binding Contracts?
We live with this time information inundation where people can't
really read privacy policies and fairly agree to their content. But, we
all know that basically no one reads privacy policies--and indeed, no
reasonable person should read privacy policies, because according to
research done at Carnegie Mellon, it would take 76 work days to read
all of the privacy policies on encounters in a year. Companies take
advantage of the fact that no one reads privacy policies to bury terms
in those policies that no rational consumer would agree to (such as
Grindr selling its users HIV status to third parties).
Question. Should these terms of service be binding contracts?
Answer. No. ``Terms of service'' include one-sided terms that are
contributing to a race to the bottom. Congress will need to ensure that
terms of service are not used to strip away rights and erode
competition.
Privacy Risky Communities/Groups
Question 1. Do you think that certain communities or groups are any
more or less vulnerable to privacy risks and harms?
Answer. Yes. For example, communities of color have been subject to
``digital redlining'' where a company uses surveillance to build a
profile that infers race, and then restricts the opportunities that
they can see based on that profile. Privacy isn't an abstract concept
for people whose personal information is used to restrict, for example,
housing or job opportunities.
Question 2. Should privacy law and regulations account for such
unique or disparate harms, and if so, how?
Answer. It is critical that Americans are able to vindicate their
civil rights. Privacy law and regulations should affirmatively address
protecting civil rights. We need to take a hard look at how behavioral
advertising might infringe on our civil rights. We also need to make
sure that algorithms do not operate in the shadows that are
discriminatory by design.
Immediate Civil Penalties Authority
Noting from your FTC testimony, ``Section 5 (of the FTC Act),
however, is not without limitations. For example, Section 5 does not
provide for civil penalties, reducing the Commission's deterrent
capability.''
Question. While I appreciate the long term successes of the FTC in
many respects to investigate data security matters, what are your
thoughts to whether there is enough of a deterrent effect with Section
5 authority when you can't immediately enforce against those who misuse
data with civil penalties right from the start, rather than as the
result of often times flagrant offenses to their already establish
consent decrees?
Answer. Without civil penalties, companies with unlawful security
practices get a free bite at the apple. Strong civil penalties and
clear rules of the road are critical to deter lax security practices.
______
Response to Written Question Submitted by Hon. Maggie Hassan to
Hon. Rohit Chopra
Question 3. The heroin, fentanyl, and opioid crisis is the most
pressing public health and safety challenge facing both my home state
of New Hampshire and our country, and it is taking a massive toll on
our communities, our workforce, and our economy.
This crisis affects people from all walks of life in every corner
of my state and the entire country, and it requires an ``all-hands-on-
deck'' response, including from agencies that may not traditionally be
focused on these issues.
Would you please describe the FTC's efforts to regulate
unscrupulous treatment programs? More specifically, are you able to
discuss illegal lead generation and what the FTC is doing to combat
this practice that harms those who have taken the first step towards
confronting substance use disorder?
Answer. Across the country, opioid addiction is tearing apart the
lives of individuals, their families, and their communities. It is
critical that the FTC do everything in its power to tackle this
problem. As I noted in a letter to the House Energy and Commerce
Committee, I am particularly concerned about lead generators and body
brokers who collude with treatment centers to target addiction
sufferers. Rather than helping these sufferers, these entities gouge
them, their families, and their insurance companies. Last year, the
Opioid Addiction Recovery Fraud Prevention Act granted the FTC new
authority for combatting those who seek to profit from this epidemic,
and is essential that we exercise this authority with vigor.
______
Response to Written Question Submitted by Hon. Amy Klobuchar to
Hon. Rohit Chopra
Question. The Federal Trade Commission's budget has remained flat
for the past several years despite increasing demands on your agency's
resources, including a significant rise in merger filings.
If additional resources were made available to the Federal
Trade Commission, how would you deploy those resources to
advance the agency's consumer protection and competition
missions?
Answer. The Commission oversees vast sectors of the economy with a
staff significantly smaller than what it was a generation ago. We are
in particular need of additional technologists who can analyze emerging
antitrust and consumer protection challenges, and attorneys prepared to
take firms to court when they break the law.
______
Response to Written Questions Submitted by Hon. Tom Udall to
Hon. Rohit Chopra
Privacy
Question 1. Do you support strong civil penalties for consumer
privacy violations?
Answer. Yes. Absent real penalties, there will be no deterrence for
bad actors.
Question 2. The California Consumer Protection Act goes into effect
in January 2020. As Congress considers pre-emption of that state law,
what additional authority should we give the FTC to ensure that
consumer privacy adequately is protected?
Answer. Any Federal privacy law should create more competition,
give users meaningful rights, and come with real consequences for
violators. At the same time, I am concerned that broad preemption of
state laws would do more harm than good. We look forward to working
with you closely as these efforts progress.
Question 3. A recent New York Times analysis found that both the
Apple App Store and the Google Play Store have apps in their respective
children's or family sections that potentially violate COPPA.\1\ What
specific role should platform owners play to ensure COPPA compliance on
their platforms?
---------------------------------------------------------------------------
\1\ Valentino-DeVries, J., Singer, N., Krolick, A., Keller, M. H.,
``How Game Apps That Captivate Kids Have Been Collecting Their Data.''
The New York Times. 2018, September 12. https://www.nytimes.com/
interactive/2018/09/12/technology/kids-apps-data-privacy-google-
twitter.html
---------------------------------------------------------------------------
Answer. The 2012 revisions to the COPPA rule make platforms liable
if they have actual knowledge of collecting personal information from a
child-directed app. We will need to keep a close eye on platforms to
ensure that they are not purposely turning a blind eye to violations of
COPPA. We will also need to continue reviewing the COPPA rules on a
regular basis, given the influence of the major tech platform
companies.
Question 4. Compliance for mobile apps may be hard to achieve
against fly-by-night operators overseas who do not care if their apps
violate U.S. law. How can the Vtech Electronics investigation and civil
penalty serve as an example for how the FTC can hold foreign app
developers responsible for violating COPPA?
Answer. The FTC will need to keep a close eye on foreign operators
collecting information on American users. I support continued efforts
to monitor and hold violators accountable.
Question 5. The COPPA safe harbor organizations must submit an
annual report to the Federal Trade Commission, Can you share the
reports from the last 5 years?
Answer. Given that the Commission voted to designate these
organizations, I support the sharing of performance data submitted by
COPPA safe harbor organizations, subject to law and regulation
governing confidentiality. I have reviewed these reports and am
concerned that these organizations are not engaging in fulsome
monitoring and collection of consumer complaints.
______
Response to Written Questions Submitted by Hon. John Thune to
Hon. Noah Joshua Phillips
Question 1. Vertical mergers such as the merger between AT&T and
Time Warner have garnered some attention lately. The FTC and DOJ have
not updated vertical merger guidance since 1984. Do you believe that
the FTC and DOJ should issue new guidance on vertical mergers?
Answer. Antitrust officials, practitioners, and scholars recognize
that, in many respects, the 1984 Non-Horizontal Merger Guidelines \1\
reflect neither current practice nor scholarship on vertical merger
enforcement.\2\ New guidelines should be based on modern caselaw, the
practical experience of recent merger challenges and investigations,
and insights from both theoretical and empirical scholarship.
---------------------------------------------------------------------------
\1\ U.S. Department of Justice, Non-Horizontal Merger Guidelines
(1984), https://www.justice
.gov/sites/default/files/atr/legacy/2006/05/18/2614.pdf.
\2\ See, e.g., Aldrin Brown, US DOJ Seeks to Issue New Vertical
Merger Guidelines `Within the Next Year,' Antitrust Chief Says, PARR
(Oct. 30, 2018) (quoting Assistant Attorney General Makan Delrahim as
stating that these guidelines are ``not used'' and do not ``[r]eflect
new evidence or case law''); Bruce Hoffman, Vertical Merger Enforcement
at the FTC, Remarks at Credit Suisse 2018 Washington Perspectives
Conference (Jan. 10, 2018), https://www.ftc.gov/public-statements/2018/
01/vertical-merger-enforcement-ftc.
---------------------------------------------------------------------------
Over the years, the agencies have provided substantial insight on
vertical merger analysis through speeches and other policy work,\3\ and
through rigorous case selection.\4\ I am open to drafting new
guidelines, provided they reflect guidance from the courts, experience
from agencies, and the weight of scholarship on the question.
---------------------------------------------------------------------------
\3\ See, e.g., Bruce Hoffman, Vertical Merger Enforcement at the
FTC, Remarks at Credit Suisse 2018 Washington Perspectives Conference
(Jan. 10, 2018), https://www.ftc.gov/public-state
ments/2018/01/vertical-merger-enforcement-ftc (explaining the FTC's
current analysis of proposed vertical mergers and highlighting the
extent to which that analysis has moved beyond the 1984 Non-Horizontal
Merger Guidelines).
\4\ For example, the Commission recently challenged several
vertical mergers, including one between Northrop Grumman, a leading
provider of missile systems to the Department of Defense, and Orbital
ATK, a key supplier of solid rocket motors. Northrop Grumman, No. C-
4652 (F.T.C. 2018), https://www.ftc.gov/enforcement/cases-proceedings/
181-0005-c-4652/northrop-grumman
-orbital-atk. See also Sycamore Partners II, L.P., No. C-4667 (F.T.C.
2019), https://www.ftc.gov/enforcement/cases-proceedings/181-0180/
sycamore-partners-ii-lp-staples-inc-essendant-inc-matter (consent
agreement resolving charges that a merger between Staples, the world's
largest retailer of office products and related services, and
Essendant, a wholesale distributor of office products, was likely to
harm competition in the market for office supply products sold to
small- and mid-sized businesses); Fresenius Medical Care AG & Co. KGaA,
No. C-4671 (F.T.C. 2019), https://www.ftc.gov/enforcement/cases-
proceedings/171-0227/fresenius-medical-care-nxstage-medical-matter.
Question 2. Government lawsuits to stop mergers are litigated using
different procedures depending on which agency, the FTC or DOJ, handles
the case. Do you think Congress should take action to ensure that
agencies follow the same procedures or do you support another approach?
Answer. There is no good reason for different standards for
preliminary injunctive relief between the two antitrust enforcement
agencies, and Congress adopting carefully crafted legislation to align
standards could be beneficial. As a practical matter, courts typically
interpret the standard to be applied when the FTC files for a
preliminary injunction in pre-merger cases to be the same as for such
DOJ filings. Making it clear via statute that the two standards are the
same would, however, eliminate: (1) any potential for different
standards to be erroneously adopted; and (2) the criticism that
companies may face different standards depending on the happenstance of
which agency reviews its transaction.
With respect to the FTC's administrative litigation path, there are
several additional considerations. The FTC has utilized administrative
litigation to help develop antitrust doctrine in important ways--
including in complex and critical areas like healthcare. The
Commission's reworking of its approach to hospital mergers is perhaps
the most striking example of the FTC's successful use of administrative
litigation to advance antitrust enforcement.\5\ In contemplating
legislation regarding the FTC's use of administrative litigation,
Congress should consider whether and to what extent it desires the
Commission to continue using administrative litigation--as opposed to
Federal court litigation--to develop antitrust doctrine.
---------------------------------------------------------------------------
\5\ See, e.g., Edith Ramirez, Chairwoman, Fed. Trade Comm'n,
Retrospectives at the FTC: Promoting an Antitrust Agenda, Remarks at
ABA Retrospective Analysis of Agency Determinations in Merger
Transactions Symposium (June 28, 2013), https://www.ftc.gov/public-
statements/2013/06/retrospectives-ftc-promoting-antitrust-agenda; S.
2102: the Standard Merger & Acquisition Review Through Equal Rules Act
of 2015 Before the Subcomm. on Antitrust, Competition Policy & Consumer
Rights of the S. Comm. on the Judiciary, 114th Cong. 4 (2015)
(statement of Jonathan M. Jacobson, Partner, Wilson Sonsini Goodrich &
Rosati, PC), https://www.judi
ciary.senate.gov/imo/media/doc/10-07-15%20Jacobson%20Testimony.pdf.
---------------------------------------------------------------------------
Congress should also consider whether and to what extent
administrative litigation may make the ultimate resolution of cases
more efficient. Whether a case is litigated in Federal court or
administratively may make a difference, particularly for unconsummated
mergers. Merging parties remain unable to close their transaction for a
significant period of time, for example when they are subject to review
by multiple authorities. The FTC can commence an administrative action
while other reviews are pending and delay an injunction action in
Federal court until other review processes are completed and the merger
is imminent. In the recent Tronox case, the FTC filed its case in
December 2017 and litigated it administratively while the parties
waited for foreign approvals.\6\ In the summer of 2018, once those
approvals were granted and the parties would have been able to close
their transaction, the FTC filed suit in Federal court, seeking a
preliminary injunction. The pre-existing administrative record allowed
the parties to avoid a substantial discovery period in the Federal
proceeding, enabled the district court judge to expedite its hearing
and to issue a ruling in September 2018. However, the administrative
litigation remains pending before the Commission. In other recent
merger cases where the Commission has sought a preliminary injunction
in Federal court from the beginning, Federal courts were able to issue
rulings on the preliminary injunctions--which typically effectively end
any litigation and obviate the need for any administrative trial--
within six months.\7\
---------------------------------------------------------------------------
\6\ Tronox Ltd., No. 9377 (F.T.C. 2018), https://www.ftc.gov/
enforcement/cases-proceedings/171-0085/tronoxcristal-usa.
\7\ See, e.g., Sysco Corporation, No. 9364 (F.T.C. 2015), https://
www.ftc.gov/enforcement/cases-proceedings/141-0067/syscousf-holdingus-
foods-matter; Staples, Inc., No. 9367 (F.T.C. 2016), https://
www.ftc.gov/enforcement/cases-proceedings/151-0065/staplesoffice-depot-
matter.
---------------------------------------------------------------------------
That said, the Commission's use of administrative litigation for
merger review has met with criticism. Some express concern that the FTC
has ``two bites at the apple'' when it comes to mergers: the Commission
can seek a preliminary injunction in Federal court, and if it loses,
can continue to a full administrative trial before an ALJ (an option
the DOJ does not have).\8\ The Commission has not continued to litigate
a merger case after losing a preliminary injunction motion in Federal
court for over twenty years, and modern policy is to stop litigating
after such a loss. I agree with that policy. That said, the policy
could be changed by the Commission, while it would not be able to
unilaterally deviate from legislation adopting this policy.
---------------------------------------------------------------------------
\8\ See, e.g., Antitrust Modernization Commission, Report and
Recommendations, ch. II.A (2007), https://govinfo.library.unt.edu/amc/
report_recommendation/amc_final_report.pdf.
---------------------------------------------------------------------------
There also is a concern that, in administrative litigation, the
Commission essentially serves as a check on itself--it votes to issue a
complaint, and then is the factfinder and decision-maker as to the
ultimate merits of that complaint before parties have any opportunity
to go to Federal court.\9\ The FTC ultimately finds liability (on one
or more counts) in administrative litigation an overwhelming percent of
the time, often overruling the Administrative Law Judge (who renders an
initial decision, following an administrative trial) to do so.\10\ This
has led some to question the administrative process and the use of the
ALJ.
---------------------------------------------------------------------------
\9\ See Mark Leddy, Christopher Cook, James Abell & Georgina
Eclair-Heath, Transatlantic Merger Control: The Courts and the
Agencies, 43 Cornell Int'l L.J. 25, 53 (2010) (``[T]he FTC's recent
proposals [ ] raise concerns about prosecutorial bias and lack of
effective judicial oversight.''); Maureen K. Ohlhausen, Administrative
Litigation at the FTC: Effective Tool for Developing the Law or Rubber
Stamp?, 12(4) J. Competition L. & Econ. 1 (2016) (describing and
analyzing the concerns); David A. Balto, The FTC at a Crossroads: Can
It Be Both Prosecutor and Judge?, 28 Legal Backgrounder 1, 1 (2013);
Report of the American Bar Association Section of Antitrust Law Special
Committee to Study the Role of the Federal Trade Commission, 58
Antitrust L.J. 43, 118 (1989) (``No thoughtful observer is entirely
comfortable with the FTC's (or other agencies') combining of prosecutor
and adjudicatory functions. Whenever the same people who issued a
complaint later decide whether it should be dismissed, concern about at
least the appearance of fairness is inevitable.'').
\10\ See, e.g., A. Douglas Melamed, Comments on Public Workshop
Concerning the Prohibition of Unfair Methods of Competition In Section
5 of the Federal Trade Commission Act 14 (Oct. 14, 2008), https://
www.ftc.gov/policy/public-comments/comment-537633-00004 (``Over that
25-year period [from 1983-2007], respondents did not win a single
[Sherman Act] case [before the ALJ]. The staff won 16 cases and lost
none. That record now covers the 26-year period from 1983 to 2008. [�]
Notably, respondents had greater difficulty winning before the
Commission than before the ALJs. Respondents actually won four of the
sixteen cases before the ALJ.'' (emphasis in original)); Joshua Wright,
Supreme Court Should Tell FTC To Listen To Economists, Not Competitors
On Antitrust, Forbes (Mar. 14, 2016), https://www.forbes.com/sites/
danielfisher/2016/03/14/supreme-court-should-tell-ftc-on-antitrust/
#76b9fd647c16 (``[T]he FTC has ruled for itself in 100 percent of its
cases over the past three decades--though it is reversed more often
than the decisions of Federal court judges.'')
---------------------------------------------------------------------------
In considering whether to take action to align the approaches of
the two Federal antitrust agencies, Congress should keep in mind these
benefits and potential drawbacks.
Question 3. Should Congress amend Section 5(n) of the FTC Act,
which addresses unfair practices, to clarify what constitutes
``substantial injury?'' If so, how?
Answer. I do not have a view at this time as to whether Congress
should clarify the definition of ``substantial injury'' under Section
5(n). Historically, the Commission has interpreted substantial injury
to include financial,\11\ physical,\12\ reputational,\13\ or unwanted
intrusions.\14\
---------------------------------------------------------------------------
\11\ Financial injury can manifest in a variety of ways: fraudulent
charges, delayed benefits, expended time, opportunity costs, fraud, and
identity theft, among other things. See, e.g., Complaint, TaxSlayer,
LLC, No. C-4626 (F.T.C. Oct. 20, 2017), https://www.ftc.gov/
enforcement/cases-proceedings/162-3063/taxslayer (alleging delayed
benefits, expended time, and risk of identity theft).
\12\ Physical injuries include risks to individuals' health or
safety, including the risks of stalking and harassment. See, e.g.,
Complaint, FTC v. Accusearch, Inc., No. 06-CV-0105 (D. Wyo. April 27,
2006), https://www.ftc.gov/enforcement/cases-proceedings/052-3126/
accusearch-inc-dba-abikacom-jay-patel (alleging that telephone records
pretexting endangered consumers' health and safety).
\13\ Reputational injury involves disclosure of private facts about
an individual, which damages the individual's reputation. Tort law
recognizes reputational injury. The FTC has brought cases involving
this type of injury, for example, in a case involving public disclosure
of individuals' Prozac use and public disclosure of individuals'
membership on an infidelity-promoting website. Eli Lilly And Company,
No. C-4047 (F.T.C. May 8, 2002), https://www.ftc.gov/enforcement/cases-
proceedings/012-3214/eli-lilly-company-matter; FTC v. Ruby Corp. et
al., No. 1:16-cv-02438 (D.D.C. Dec. 14, 2016), https://www.ftc.gov/
enforcement/cases-proceedings/152-3284/ashley-madison.
\14\ Finally, unwanted intrusions involve two categories. The first
includes activities that intrude on the sanctity of people's homes and
their intimate lives. The FTC's cases involving a revenge porn website,
an adult-dating website, and companies spying on people through
remotely-activated webcams fall into this category. The second category
involves unwanted commercial intrusions, such as telemarketing, spam,
and harassing debt collection calls.
---------------------------------------------------------------------------
Some have raised questions as to the scope of injury appropriately
covered by Section 5(n), including whether (and how) 5(n) should be
applied to intangible injuries.\15\ In response to some of these
questions, on December 12, 2017, the FTC hosted a workshop in
Washington, DC to discuss ``informational injuries'', which are
injuries--both market-based and non-market \16\--that consumers may
suffer from privacy and security incidents, such as data breaches or
unauthorized disclosure of data. The workshop asked participants to
discuss and develop analytical frameworks to help guide future
application of the ``substantial injury'' prong in cases involving
informational injury.
---------------------------------------------------------------------------
\15\ See, e.g., Oversight of the Federal Trade Commission; Hearing
Before the S. Comm. on Commerce, Science, and Transportation, 114th
Cong. 74 (2016) (written question submitted by Sen. Thune, Chairman, S.
Comm. on Commerce, Science, and Transportation) (asking about the use
of the FTC's unfairness doctrine to address intangible and non-economic
harms, including whether ``there a predictable limiting factor on the
types of harm that will result in FTC enforcement actions''), https://
www.govinfo.gov/content/pkg/CHRG-114shrg25376/pdf/CHRG-
114shrg25376.pdf; LabMD, Inc. v. FTC, 678 F. App'x 816, 820 (11th Cir.
2016) (noting that ``it is not clear that a reasonable interpretation
of Sec. 45(n) includes intangible harms like those that the FTC found
in this case.''); Concurring Statement of Acting Chairman Maureen K.
Ohlhausen in the Matter of Vizio, Inc. at 1, FTC v. VIZIO, Inc., No.
2:17-cv-00758 (D.N.J. 2017) (noting ``the need for the FTC to examine
more rigorously what [type of harm] constitutes `substantial injury' in
the context of information about consumers.''), https://www.ftc.gov/
public-statements/2017/02/concurring-statement-acting-chairman-maureen-
k-ohlhausen-matter-vizio-inc.
\16\ ``Market-based'' injuries can be objectively measured--for
example, credit card fraud and medical identity theft affect consumers'
finances in a directly measurable way. Alternatively, a ``non-market''
injury, such the embarrassment that comes from a breach of sensitive
health information, cannot be objectively measured using available
tools because there is no functioning market for it.
---------------------------------------------------------------------------
This work targets issues that Congress is now considering
addressing through privacy legislation. I believe the discussion about
the scope of Section 5(n) is relevant to that consideration.
Question 4. Should the FTC issue more guidance to marketers on the
level of support needed to substantiate their claims? If so, when do
you anticipate that such guidance could be issued?
Answer. The FTC has issued extensive guidance over the years to
help marketers in determining the level of support needed to
substantiate claims. The Commission first articulated the relevant
factors used to determine the level of evidence required to
substantiate objective performance claims in Pfizer, Inc., 81 F.T.C. 23
(1972). Those factors included the type of claim, type of product, the
consequences of a false claim, the benefits of a truthful claim, the
cost of developing substantiation for the claim, and the amount of
substantiation experts in the field believe is reasonable. The
Commission and the courts have reaffirmed this standard many times
since 1972.\17\ In addition, the FTC also has provided extensive
guidance through Guides and staff guidance documents.\18\ In addition,
FTC staff provide additional guidance through speeches and
presentations to industry trade groups and industry attorneys.
---------------------------------------------------------------------------
\17\ See, e.g., Thompson Med. Co., 104 F.T.C. 648, 813 (1984),
aff'd, 791 F.2d 189 (D.C. Cir. 1986); Daniel Chapter One, 2009 WL
5160000, at *25-26 (F.T.C. 2009), aff'd, 405 Fed. Appx. 505 (D.C. Cir.
2010) (unpublished opinion), available at 2011-1 Trade Cas. (CCH) �
77,443 (D.C. Cir. 2010); POM Wonderful, LLC, 155 F.T.C. 1, 55-60
(2013), aff'd, 777 F.3d 478 (D.C. Cir. 2015), cert. denied, 136 S. Ct.
1839, 194 L. Ed. 2d 839 (2016); FTC Policy Statement Regarding
Substantiation, 104 F.T.C. 839, 840 (1984) (appended to Thompson Med.
Co., 104 F.T.C. 648 (1984)).
\18\ See Guides for the Use of Environmental Marketing Claims, 16
C.F.R. Sec. 260.2 (2019), https://www.ecfr.gov/cgi-bin/text-
idx?SID=bd96b2cdcd01f7620d43e50a9d1d8cec&mc=true&
node=se16.1.260_12&rgn=div8; FTC, Dietary Supplements: An Advertising
Guide for Industry, https://www.ftc.gov/tips-advice/business-center/
guidance/dietary-supplements-advertising-guide-industry.
---------------------------------------------------------------------------
The Commission's precedent and other guidance sets forth flexible
principles that can be applied to multiple products and claims. It does
not attempt to answer every question about substantiation, given the
virtually limitless range of advertising claims, products, and services
to which it could be applied. Instead, it seeks to strike the right
balance between being specific enough to be helpful but not so granular
that it would overlook some important factor that might arise under
given circumstances and thereby actually chill useful speech.
Question 5. In June, the 11th Circuit vacated the Commission's data
security order against Lab-MD. What effect, if any, will this have on
the Commission's data security orders going forward?
Answer. The U.S. Court of Appeals for the Eleventh Circuit
determined that the mandated data security provision of the
Commission's LabMD Order was insufficiently specific. That ruling
effectively mandates that our data security orders be more
prescriptive, which is not necessarily good from a policy perspective.
The flexible approach we had applied, which both the Commission and
defendants generally preferred, permitted firms to base their data
security compliance on the particular risks and needs of individual
firms. Congress should consider whether to address the ruling of the
Eleventh Circuit through a statutory fix.
The Court having issued its order, however, we are now working to
craft order language in data security cases that is consistent with the
Eleventh Circuit's opinion.
Question 6. If Federal privacy legislation is passed, what
enforcement tools would you like to be included for Federal Trade
Commission?
Answer. The question of tools is a secondary one, which cannot and
should not be considered in the abstract. Answering the question
necessarily requires preliminary determinations first as to what harms
Congress wishes to address and, second, what liability standards it
adopts to address those harms. Civil penalties, for instance, are
better tailored to conduct that is clearly-defined--for example,
violations of specific rules set forth in FTC consent orders or
regulations like COPPA. Otherwise, the prospect of paying them may
chill innovation and other conduct that benefits consumers. The FTC has
rulemaking authority today.\19\ It differs from APA rulemaking in
several respects, following restraints imposed upon the Commission by
Congress after attempts by the agency to ban certain types of
advertising to children. Rulemaking authority raises important issues
of delegation and democratic accountability. Congress, not an
administrative agency, is the best place to make policy with a profound
impact on a substantial portion of the economy. Congress should
consider that the flexibility that rulemaking permits also allows for
changes in rules over time, which--regardless of the underlying
policy--can be terrifically difficult for businesses attempting to
adapt.
---------------------------------------------------------------------------
\19\ 15 U.S.C. Sec. 57a.
---------------------------------------------------------------------------
Today, the FTC cannot take action against telecommunications common
carriers and non-profits. I support removing those jurisdictional
limitations.
Question 7. During the hearing, I asked the Chairman whether the
FTC would consider using its section 6(b) authority to study consumer
information data flows, specifically sending requests to Google,
Facebook, Amazon, and others in the tech industry to learn what
information they collect from consumers and how that information is
used, shared, and sold. I believe the FTC's section 6(b) authority
could provide some much needed transparency to consumers about the data
practices of large technology companies, and help identify areas that
may require additional attention from lawmakers. What are your views
with respect to the FTC potentially conducting a study pursuant to
section 6(b) of the Federal Trade Commission Act on the data
collection, use, filtering, sharing, and sale practices of large
technology companies such as Google, Facebook, Amazon, and others?
Answer. The Commission's 6(b) authority enables it to conduct
economic studies that do not have a specific law enforcement purpose,
but rather are for the purpose of obtaining information about ``the
organization, business, conduct, practices, management, and relation to
other corporations, partnerships, and individuals'' of the entities to
whom the inquiry is addressed. As with subpoenas and CIDs, the
recipient of a 6(b) order may file a petition to limit or quash, and
the Commission may seek a court order requiring compliance.\20\
---------------------------------------------------------------------------
\20\ In addition, the Commission may commence suit in Federal court
under Section 10 of the FTC Act, 15 U.S.C. Sec. 50, against any party
who fails to comply with a 6(b) order after receiving a notice of
default from the Commission. After expiration of a thirty-day grace
period, the defaulting party is liable for a penalty for each day of
noncompliance.
---------------------------------------------------------------------------
The FTC has used its 6(b) authority to study and answer discrete
questions regarding industry practices, such as to gather information
regarding the marketing practices of major alcoholic beverage
advertisers to study whether voluntary industry guidelines for reducing
advertising and marketing to underage audiences had been effective.\21\
Another example is the Commission's July 2002 report, Generic Drug
Entry Prior to Patent Expiration,\22\ which was the product of a 6(b)
study, and the results of which the Commission was able to publish
publicly pursuant to 15 U.S.C. Sec. 46(f).
---------------------------------------------------------------------------
\21\ FTC Press Release, FTC Orders Alcoholic Beverage Manufacturers
to Provide Data for Agency's Fourth Major Study on Alcohol Advertising
(April 12, 2012), https://www.ftc.gov/news-events/press-releases/2012/
04/ftc-orders-alcoholic-beverage-manufacturers-provide-data-agencys
\22\ FTC, Generic Drug Entry Prior to Patent Expiration: An FTC
Study (July 2002), https://www.ftc.gov/sites/default/files/documents/
reports/generic-drug-entry-prior-patent-expiration-ftc-study/
genericdrugstudy_0.pdf.
---------------------------------------------------------------------------
For any 6(b) study of the wide-ranging tech sector to be effective,
it should focus on areas where there is reason to suspect wrongdoing is
occurring or where the Commission believes it lacks adequate
understanding of the conduct, practice, or management in question.
Casting too broad a net could easily incur costs in excess of the
information's incremental benefit, as occurred with the Commission's
Line of Business program, which was designed to compel annual reporting
of financial and statistical data by hundreds of manufacturing firms
but was discontinued after being plagued by recurring non-compliance
and costly legal battles.\23\ Congress (to the extent it seeks to
direct such studies) and the Commission should develop clear and
concise goals for such studies, to ensure that we have a concrete goal
to work towards and to avoid, as much as possible, lengthy and
expensive disputes over the scope or burden of such orders.
---------------------------------------------------------------------------
\23\ B.J. Linder & Allan H. Savage, The Line of Business Program:
The FTC's New Tool, 21 Cal. Mgmt. Rev. 57 (1979).
---------------------------------------------------------------------------
______
Response to Written Questions Submitted by Hon. Jerry Moran to
Hon. Noah Joshua Phillips
Question 1. Set to expire on September 30, 2020, the U.S. SAFE WEB
Act allows for increased cooperation with foreign law enforcement
authorities through confidential information sharing and the provision
of investigative assistance. Specifically, the law authorizes the FTC
to provide assistance to foreign law enforcement agencies to support
their investigations and enforcement actions. Your testimony requested
that Congress reauthorize this authority while eliminating the sunset
provision. Would you please explain how U.S. SAFE WEB Act will impact
U.S. consumers?
Answer. Our economy is increasingly globalized, digitized, and
connected. These changes generate incredible opportunity, but also pose
new problems for American consumers, such as traditional scams that now
thrive online and new, Internet-enabled, frauds. They also raise law
enforcement challenges, like the enhanced ability of scammers to act
anonymously or move ill-gotten gains outside our jurisdiction; and
roadblocks to international law enforcement cooperation.
Congress has been an essential ally in this fight. In 2006, it
passed the U.S. SAFE WEB Act. SAFE WEB allows the FTC to share evidence
with and provide investigative assistance to foreign authorities in
cases involving issues including spam, spyware, privacy violations and
data breach. It also confirms our authority to challenge foreign-based
frauds that harm U.S. consumers or involve material conduct in the
United States.
Using SAFE WEB, the FTC has worked with authorities abroad to stop
illegal conduct and secure millions in judgements from fraudsters,
sometimes even criminal convictions. The FTC uses SAFE WEB authority in
important international privacy cases. We collaborated with Canadian
and Australian privacy authorities on the massive data breach of the
Toronto-based, adult dating website AshleyMadison.com,\24\ and we
worked again with Canadian authorities on the FTC's first children's
privacy and security case involving connected toys, a settlement with
electronic toy manufacturer VTech Electronics \25\ under the Children's
Online Privacy Protection Act.
---------------------------------------------------------------------------
\24\ FTC Press Release, Operators of AshleyMadison.com Settle FTC,
State Charges Resulting From 2015 Data Breach that Exposed 36 Million
Users' Profile Information (Dec. 14, 2016), https://www.ftc.gov/news-
events/press-releases/2016/12/operators-ashleymadisoncom-settle-ftc-
state-charges-resulting.
\25\ FTC Press Release, Electronic Toy Maker VTech Settles FTC
Allegations That it Violated Children's Privacy Law and the FTC Act
(Jan. 8, 2018), https://www.ftc.gov/news-events/press-releases/2018/01/
electronic-toy-maker-vtech-settles-ftc-allegations-it-violated.
---------------------------------------------------------------------------
In total, the FTC has responded to more than 130 SAFE WEB
information-sharing requests from 30 foreign enforcement agencies. We
have issued more than 115 civil investigative demands in more than 50
investigations on behalf of foreign agencies, civil and criminal. The
FTC has collected millions of dollars in restitution for injured
consumers, both foreign and domestic.
SAFE WEB helps protect Americans by policing and instilling
confidence in the digital economy, but it sunsets in 2020. I believe
that American consumers will be best served if Congress reauthorizes
this authority and eliminates the sunset provision.
Question 2. Section 5(a) of the FTC Act, which prohibits ``unfair
or deceptive acts or practices in or affecting commerce'' is the legal
basis for a body of consumer protection law that covers data privacy
and security practices. The FTC has brought hundreds of cases to date
to protect the privacy and security of consumer information held by
companies of all sizes under this authority. The FTC staff recently
submitted comments to the National Telecommunications and Information
Administration (NTIA) that clearly indicate the FTC staff's view that
the FTC would be the appropriate agency to enforce a new comprehensive
privacy legislative framework. Do you agree with the staff's view?
Answer. Absolutely. The FTC has developed a substantial body of
expertise on privacy issues over decades by bringing hundreds of cases,
hosting approximately 70 workshops, and conducting numerous policy
initiatives. The FTC is committed to using all of its expertise, its
existing tools under the FTC Act, and whatever additional authority
Congress gives us, to protect consumer privacy while at the same time
promoting innovation and competition in the marketplace.
Question 3. As Congress evaluates opportunities to create
meaningful Federal legislation to appropriately ensure privacy of
consumers' data, there have been suggestions to increase the FTC's
authorities to enforce in this space. Will you commit to working with
this Committee in measuring what resources, if any, will be needed to
allow the agency to enforce any additional authorities that may or may
not be provided in Federal legislation?
Answer. Yes. The FTC has developed substantial expertise in the
area of data privacy and security and we are committed to working with
Congress to help determine whether and what additional resources may be
appropriate, commiserate with any new authorities.
Question 4. Sharing responsibilities with the DOJ's Antitrust
Division, the FTC enforces antitrust law in a variety of sectors as
described by your testimony. While the vast majority of premerger
filings submitted to enforcement agencies do not raise competition
concerns, the FTC challenged 45 mergers since the beginning of 2017,
and of those, the FTC only voted to initiate litigation to block five
transactions. Would you please describe the resource needs of the
agency associated with hiring qualified outside experts to support its
litigation efforts? Please explain how developments in the high-
technology sector are accounted for in the FTC's decision-making
process related to antitrust enforcement.
Answer. As a threshold matter, it is well-recognized that the vast
majority of premerger filings do not raise competitive concerns, and so
the percentage of reviewed versus challenged mergers is not the result
of a resource problem. Nor does a low incidence of full-phase
investigations or merger challenges, relative to the total number of
filings, indicate lax merger enforcement or the deterioration of
competition. The ultimate antitrust question is whether a merger is
likely to harm competition and consumers, and the FTC challenges far
fewer mergers than it reviews because most simply do not raise
competitive issues. That said, I appreciate your attention to the
agency's resource needs. As we mentioned in our November 27 testimony,
the FTC works very hard to accomplish as much as possible with the
resources we have. We are tasked with the important dual goals of
protecting consumers and promoting competition, both which are of
increasing importance in the changing economy. Resource constraints
remain a significant challenge. Evolving technologies and intellectual
property issues, among others, continue to increase the complexity of
antitrust investigations and litigation. That complexity, coupled with
the rising costs of critical expert witnesses and increases in
caseload, sometimes leads to financial and personnel resource
limitations. In the past, we have requested additional resources for
experts, information technology, and more full-time employees in
support of our mission to protect consumers and promote competition. We
also have heard the need for additional paralegals to help support our
staff attorneys; paralegals can provide very valuable services and
allow attorneys to devote more time to substantive issues, but they are
a rare commodity at the Commission today. These all continue to be
critical areas of need for our agency. If we receive additional
resources, we plan to apply them to these areas.
Qualified experts are a critical resource in all of the FTC's
competition cases heading toward litigation. For example, expert
witness services are critical to merger cases, as they help the FTC
satisfy key burdens such as defining product and geographic markets and
estimating the likely harms (and countering defendants' estimation of
any alleged procompetitive benefits).
Expert witness costs are highly dependent on the number, scope,
duration, and disposition of our Federal and administrative court
challenges--increasing (often significantly) as these factors increase.
To limit these costs, the FTC has continued to identify and implement a
variety of strategies, including using internal personnel from its
Bureau of Economics as expert witnesses whenever practical. The
opportunities to use internal experts as testifying experts are
limited, however, by several factors, including staff availability,
testifying experience, and the specialized expertise required for
specific matters.
As with other critical areas under our jurisdiction, the FTC
closely follows activity and developments in the high-technology
sector. Given the important role that technology companies play in the
modern American economy, the Commission has prioritized understanding
the competition and consumer protection issues that can arise in this
space.
The fundamental principles of antitrust do not differ when applied
to high-technology industries, including those in which patents or
other intellectual property are highly significant. The issues,
however, can be more complex and require different expertise, which may
necessitate the hiring of outside experts or consultants to help us
develop and litigate our cases. The FTC strives to adapt to the dynamic
markets we protect by leveraging the research, advocacy, and education
tools at our disposal. For example, last fall, the Commission launched
its Hearings on Competition and Consumer Protection in the 21st Century
to understand better both the advancements in technology and the new
business models they support, and how to target enforcement efforts in
these evolving spaces.\26\
---------------------------------------------------------------------------
\26\ FTC, Hearings on Competition and Consumer Protection in the
21st Century, https://www.ftc.gov/policy/hearings-competition-consumer-
protection. Recent hearings included a two-day workshop on the
potential for collusive, exclusionary, and predatory conduct in
multisided, technology-based platform industries. FTC, FTC Hearing on
Competition and Consumer Protection in the 21st Century #3: Multi-Sided
Platforms, Labor Markets, and Potential Competition (Oct. 15-17, 2018),
https://www.ftc.gov/news-events/events-calendar/2018/10/ftc-hearing-3-
competition-consumer-protection-21st-century. Similarly, in early
November, the Commission held a two-day workshop on the antitrust
frameworks for evaluating acquisitions of nascent competitors in the
technology and digital marketplace, and the antitrust analysis of
mergers and conduct where data is a key asset or product. FTC, FTC
Hearing on Competition and Consumer Protection in the 21st Century #6:
Privacy, Big Data, and Competition (Nov. 6-8, 2018), https://
www.ftc.gov/news-events/events-calendar/ftc-hearing-6-competition-
consumer-protection-21st-century. Also in November, the Commission held
a two-day workshop on the competition and consumer protection issues
associated with algorithms, artificial intelligence, and predictive
analysis in business decisions and conduct. FTC, FTC Hearing on
Competition and Consumer Protection in the 21st Century #7: The
Competition and Consumer Protection Issues of Algorithms, Artificial
Intelligence, and Predictive Analytics (Nov. 13-14, 2018), https://
www.ftc.gov/news-events/events-calendar/ftc-hearing-7-competition-
consumer-protection-21st-century.
Question 5. Earlier this year, I introduced legislation called the
Senior Scams Prevention Act with Senator Bob Casey to combat continued
and increasingly complex attempts to defraud one of the Nation's most
vulnerable populations, our senior community. This bill seeks to ensure
retailers, financial institutions and wire transfer companies have the
resources to train employees to help stop financial frauds and scams on
seniors. Would you agree that awareness and education, guided by ``best
practices'' established by industry and government partners, is a
valuable tool in preventing consumer harms against our Nation's
seniors?
Answer. I agree that awareness and education are essential to
protect our Nation's seniors. Indeed, protecting older Americans has
long been a top priority, and it is increasingly important as that
population grows. To this end, we engage in research, education, and
enforcement actions focused on educating and protecting older
Americans, including our Pass It On campaign,\27\ to help both protect
seniors and prosecute wrongdoers.
---------------------------------------------------------------------------
\27\ FTC, Consumer Information--Pass it on, https://
www.consumer.ftc.gov/features/feature-0030-pass-it-on (providing
consumer information on identity theft, imposter scams, charity fraud,
and other topics).
---------------------------------------------------------------------------
More generally, our anti-fraud activities are at the core of our
law enforcement efforts, protecting not just seniors but a broad range
of vulnerable consumer populations, including minorities and veterans.
That includes efforts to stop fraudulent business opportunity schemes,
police unsubstantiated health claims, and shut down sham charities that
prey on unsuspecting consumers and target their hard-earned savings.
The Commission must and will keep a focus on these efforts, which
protect consumers from immediate and tangible harms. We are ready and
willing to work with additional partners--from government, civil
society, academia, and industry--to identify and prevent harms to older
consumers, as well as other vulnerable consumers.
Question 6. In its comments submitted to NTIA on ``Developing the
Administration's Approach to Consumer Privacy,'' the FTC discussed the
various cases that it has taken up to address privacy-related harms to
consumers, and it specifically noted four categories of harms:
financial injury, physical injury, reputational injury, and unwanted
intrusion. Could you please briefly describe each category while noting
any FTC enforcement considerations specific to that type of harm?
Answer. Certainly. Financial injury can manifest in a variety of
ways: fraudulent charges, delayed benefits, expended time, opportunity
costs, fraud, and identity theft, among other things.\28\ Physical
injuries include risks to individuals' health or safety, including the
risks of stalking and harassment.\29\ Reputational injury involves
disclosure of private facts about an individual, which damages the
individual's reputation. Tort law recognizes reputational injury.\30\
The FTC has brought cases involving this type of injury, for example,
in a case involving public disclosure of individuals' Prozac use \31\
and public disclosure of individuals' membership on an infidelity-
promoting website.\32\ Finally, unwanted intrusions involve two
categories. The first includes activities that intrude on the sanctity
of people's homes and their intimate lives. The FTC's cases involving a
revenge porn website,\33\ an adult-dating website,\34\ and companies
spying on people in their bedrooms through remotely-activated webcams
fall into this category.\35\ The second category involves unwanted
commercial intrusions, such as telemarketing, spam, and harassing debt
collection calls. In terms of enforcement considerations, as noted
above, the FTC is very mindful of ensuring that it addresses these
harms, while not impeding the benefits of data collection and use
practices.
---------------------------------------------------------------------------
\28\ See, e.g., Complaint, TaxSlayer, LLC, No. C-4626 (F.T.C. Oct.
20, 2017), https://www.ftc.gov/enforcement/cases-proceedings/162-3063/
taxslayer (alleging delayed benefits, expended time, and risk of
identity theft).
\29\ See, e.g., Complaint, FTC v. Accusearch, Inc., No. 06-CV-0105
(D. Wyo. April 27, 2006), https://www.ftc.gov/enforcement/cases-
proceedings/052-3126/accusearch-inc-dba-abikacom-jay-patel (alleging
that telephone records pretexting endangered consumers' health and
safety).
\30\ Under the tort of public disclosure of private facts (or
publicity given to private life), a plaintiff may recover where the
defendant's conduct is highly offensive to a reasonable person.
Restatement (Second) of Torts Sec. 652D (1977).
\31\ Eli Lilly and Co., No. C-4047 (F.T.C. 2002), https://
www.ftc.gov/enforcement/cases-proceedings/012-3214/eli-lilly-company-
matter.
\32\ FTC v. Ruby Corp., et al., No. 1:16-cv-02438 (D.D.C. 2016),
https://www.ftc.gov/enforcement/cases-proceedings/152-3284/ashley-
madison.
\33\ FTC v. EMP Media, Inc., et al., No. 2:18-cv-00035 (D. Nev.
2018), https://www.ftc.gov/enforcement/cases-proceedings/162-3052/emp-
media-inc-myexcom.
\34\ FTC v. Ruby Corp., et al., No. 1:16-cv-02438 (D.D.C. 2016),
https://www.ftc.gov/enforcement/cases-proceedings/152-3284/ashley-
madison.
\35\ See FTC Press Release, FTC Halts Computer Spying (Sept. 25,
2012), https://www.ftc.gov/news-events/press-releases/2012/09/ftc-
halts-computer-spying; see also Aaron's, Inc., No. C-4442 (F.T.C. Mar.
10, 2014), https://www.ftc.gov/enforcement/cases-proceedings/122-3256/
aarons-inc-matter.
---------------------------------------------------------------------------
I note additionally that the definition of ``substantial injury''
under Section 5(n) has been interpreted by the Commission in the past
to reach these types of harms. ``Privacy'' harms often involve largely
non-economic harms, potentially including harms not presently
cognizable under the FTC Act. In considering privacy legislation, I
urge Congress to study and understand the harms it wishes to address
and craft remedies appropriate to them.
Question 7. In the FTC's recent comments in NTIA's privacy
proceeding, the FTC said that its ``guiding principles'' are based on
``balancing risk of harm with the benefits of innovation and
competition.'' Would you describe what this means, how you strike this
balance, and how it is applied in practice under your Section 5
authority in the FTC Act?
Answer. In its comments to NTIA, the Commission wrote that it
``supports a balanced approach to privacy that weighs the risks of data
misuse with the benefits of data to innovation and competition'',
noting that striking that balance is ``essential to protecting
consumers and promoting competition and innovation.'' \36\ Recognizing
the kinds of harms we have pursued in privacy enforcement matters--
financial, physical, and reputational injury, and unwanted intrusions--
we also recognized the many benefits and innovations that the sharing
of data have achieved for American consumers. The Commission went on to
warn that ``privacy standards that give short shrift to the benefits of
data-driven practices may negatively affect innovation and
competition'' and that ``regulation can unreasonably impede market
entry or expansion by existing companies.''
---------------------------------------------------------------------------
\36\ Federal Trade Commission Staff, Comment to the National
Telecommunications and Information Administration on Developing the
Administration's Approach to Consumer Privacy (Nov. 9, 2018), https://
www.ftc.gov/policy/advocacy/advocacy-filings/2018/11/ftc-staff-comment-
ntia-developing-administrations-approach.
---------------------------------------------------------------------------
All of this means that, in thinking about regulation or law
enforcement with respect to privacy, we must keep in mind that we are
talking about one of the most dynamic aspects of the global economy,
one where the U.S. is a leader in innovation and job growth. We should
be clear about the harms we wish to stop, and weigh those against the
benefits.
In unfairness cases, Section 5(n) of the FTC Act requires us to
strike this balance. It does not allow the FTC to bring a case alleging
unfairness ``unless the act or practice causes or is likely to cause
substantial injury to consumers, which is not reasonably avoidable by
consumers themselves and not outweighed by benefits to consumers or to
competition.'' Thus, for example, in our data security complaints and
orders, we often plead the specific harms that consumers are likely to
suffer from a company's data security failures. We do not assert that
companies need to spend unlimited amounts of money to address these
harms; in many of our cases, we specifically allege that the company
could have fixed the security vulnerabilities at low or no cost.
As with any law enforcement agency, we should and do exercise our
discretion when deciding whether to pursue matters and how to resolve
them. In so doing, we should keep our guiding principles in mind and
focus on deterring real and significant harms to consumers, providing
the right incentives to the marketplace to take reasonable steps that
will limit both consumer harm and liability, and avoiding the creation
of a culture of uncertainty and fear that would impede consumer-
friendly innovation.
Question 8. The FTC's comments pertaining to ``control'' in NTIA's
privacy proceeding stated, ``Choice also may be unnecessary when
companies collect and disclose de-identified data, which can power data
analytics and research, while minimizing privacy concerns.'' How would
the FTC suggest Federal regulation account for de-identified data, if
at all?
Answer. In our NTIA comment, we reference different types of
privacy-related harms: financial, physical, reputational, and unwanted
intrusion. All these types of harms are mitigated, or even eliminated,
when data cannot be tracked to a consumer. As such, appropriately de-
identified data does not raise the same risks and should be treated
differently, especially considering the benefits of using such data for
innovative, consumer-friendly purposes.
Question 9. Your testimony indicated that continued technological
developments allow illegal robocallers to conceal their identities in
``spoofing'' caller IDs while exponentially increasing robocall volumes
through automated dialing systems. These evolving technological changes
mean that the critical law enforcement efforts of the FTC cannot be the
only solution, and your testimony described the additional steps the
FTC is taking to develop innovative solutions to these issues. Would
you please describe the process and outcomes of the four public
challenges that the FTC held from 2013 to 2015? Are there plans to
incentivize innovators to combat robocalls in the future?
Answer. The FTC's process for its robocall challenges included
public announcements, committees with independent judges, and, in some
cases, cash prizes awarded under the America COMPETES Reauthorization
Act.\37\ To maximize publicity, the FTC announced each of its four
challenges in connection with public events. The FTC announced the
first robocall challenge at the FTC's 2012 Robocall Summit. In 2014,
the FTC conducted its second challenge, ``Zapping Rachel'' at DEF CON
22. The FTC conducted its third challenge, ``DetectaRobo,'' in June
2015 in conjunction with the National Day of Civic Hacking. The final
phase of the FTC's fourth public robocall challenge took place at DEF
CON 23. When the FTC held its first public challenge, there were few,
if any, call blocking or call labeling solutions available for
consumers. Today, two FTC challenge winners, NomoRobo and Robokilller,
offer call blocking applications, and there are hundreds of mobile apps
offering call blocking and call labeling solutions for cell phones.
Many home telephone service providers also now offer call blocking and
call labeling solutions. The FTC will not hesitate to initiate
additional innovation contests if it identifies further challenges that
could meaningfully benefit consumers by reducing the harm caused by
illegal robocalls.
---------------------------------------------------------------------------
\37\ See FTC, Consumer Information--Robocalls, https://
www.consumer.ftc.gov/features/feature-0025-robocalls.
---------------------------------------------------------------------------
In addition to developing call blocking and call labeling
technology, the telecom industry has also developed call verification
technology, called STIR/SHAKEN, to help consumers know whether a call
is using a spoofed Caller ID number and assist call analytics companies
in implementing call blocking and call labeling products. If widely
implemented and made available to consumers, the STIR/SHAKEN protocol
should minimize unwanted calls. Certain industry members have begun to
roll out this technology and it is in beta testing mode. We will keep a
close eye on this industry initiative and continue to encourage its
implementation.
Question 10. Would you please describe the FTC's coordination
efforts with state, federal, and international partners to combat
illegal robocalls?
Answer. Robocalls are a pernicious problem, a fact of which the
average American consumer is reminded several times a day.
The FTC frequently coordinates its efforts with its state, federal,
and international partners. The FTC often brings robocall enforcement
actions with states as co-plaintiffs. For example, in the FTC's case
against Dish Network, litigated for the FTC by the Department of
Justice, the FTC brought the case jointly with California, Illinois,
North Carolina, and Ohio. Collectively, the states and the FTC obtained
a historic $280 million trial verdict.\38\
---------------------------------------------------------------------------
\38\ FTC Press Release, FTC and DOJ Case Results in Historic
Decision Awarding $280 Million in Civil Penalties against Dish Network
and Strong Injunctive Relief for Do Not Call Violations (June 6, 2017),
https://www.ftc.gov/news-events/press-releases/2017/06/ftc-doj-case-
results-historic-decision-awarding-280-million-civil. The case is on
appeal before the Seventh Circuit Court of Appeals.
---------------------------------------------------------------------------
The FTC also coordinates outreach and education with the FCC. In
2018, the agencies co-hosted two robocall events--a policy forum that
discussed technological and law enforcement solutions to the robocall
problem \39\ and a public expo that allowed companies offering call
blocking and call labeling services to showcase their products for the
public.\40\ Additionally, the FTC and FCC hold quarterly calls, speak
regularly on an informal basis, and coordinate on a monthly basis with
our state partners through the National Association of Attorneys
General. The FTC also engages with international partners through
participation in international law enforcement groups such as the
International Consumer Protection Enforcement Network, International
Mass Marketing Fraud Working Group, and the Unsolicited Communications
Network (formerly known as the London Action Plan).
---------------------------------------------------------------------------
\39\ FTC Press Release, FTC and FCC to Host Joint Policy Forum on
Illegal Robocalls (Mar. 22, 2018), https://www.ftc.gov/news-events/
press-releases/2018/03/ftc-fcc-host-joint-policy-forum-illegal-
robocalls.
\40\ FTC Press Release, FTC and FCC to Co-Host Expo on April 23
Featuring Technologies to Block Illegal Robocalls (Apr. 19, 2018),
https://www.ftc.gov/news-events/press-releases/2018/04/ftc-fcc-co-host-
expo-april-23-featuring-technologies-block-0.
Question 11. Your testimony described the limitations of the FTC's
current data security enforcement authority provided by Section 5 of
the FTC Act including: lacking civil penalty authority, lacking
authority over non-profits and common carrier activity, and missing
broad APA rulemaking authority. Please describe each of these
limitations and how adjusted FTC authority to address these items would
improve the protection of consumers from data security risks.
Answer. Congress should consider all these tools in fashioning data
security legislation. For good reason, the FTC Act does not give the
Commission penalty authority for first-time violators. If Congress were
to give the FTC the authority to seek civil penalties for first-time
violators of data security rules specifically (subject to statutory
limitations on the imposition of such penalties, such as ability to
pay), we would have greater ability to deter potentially harmful
conduct. Due to asymmetric information, interdependent systems, and
difficulties in tracing ID theft to a particular firm, there are
reasons to believe that in many circumstances firms may lack sufficient
incentives to adequately invest in data security under current law.\41\
Correctly calibrated civil penalties would cause companies to
internalize the full costs of inadequate data security, fostering
proper incentives to protect consumer data.
---------------------------------------------------------------------------
\41\ See, e.g., Steven Shavell, Foundations of Economic Analysis of
Law 244 (2004) (when victims cannot identify the injurer, injurers will
lack adequate incentives to take care); George Akerlof, The Market for
``Lemons'': Quality Uncertainty and the Market Mechanism, 84 Q.J. Econ.
488 (1970); Howard Kunreuther & Geoffrey Heal, Interdependent Security,
26 J. Risk & Uncertainty 231 (2003).
---------------------------------------------------------------------------
As to APA rulemaking authority, were Congress to enact specific
data security legislation, APA rulemaking authority would allow us more
efficiently to adopt implementing rules. Such authority will ensure
that the FTC can enact rules and amend them as necessary to keep up
with technological developments. However, as I have stated in other
contexts, the difficult judgments as to details and shape of data
security legislation should be made in Congress, not at the agency
level. This will provide for more certainty and consistency, and is the
more appropriate democratic forum.
As to non-profits and common carriers, we are all well aware of the
regular reports of breaches impacting these sectors. Indeed, the need
for security in these sectors is not appreciably different from the
need in many other sectors of the economy already under FTC
jurisdiction. Giving us jurisdiction for data security in these sectors
will create more consistency across the marketplace and allow for more
certainty and clarity.
______
Response to Written Questions Submitted by Hon. Richard Blumenthal to
Hon. Noah Joshua Phillips
Privacy Rules
We know that Americans care about privacy--that they eagerly want
these rights. We need baseline rules. Companies should not store
sensitive information indefinitely and use that data for purposes that
people never intended. Federal rules must set meaningful obligations on
those that handle our data. We must enable consumers to trust and
control their personal data.
Question 8. Do you support providing state AGs with the power to
enforce Federal privacy protections and would you commit to working
with state AGs?
Answer. Attorneys General can be important partners in protecting
consumers, acting as force multipliers for Federal law enforcement. I
think this is a valuable model that Congress should weigh. It should
also consider whether to allow the FTC authority to assert exclusive
jurisdiction when necessary, to ensure consistent and coherent
application of Federal law.
Question 9. Why is it important that the FTC have rulemaking
authority when it comes to privacy? Where best would rulemaking be
applied?
Answer. Rulemaking authority raises important issues of delegation
and democratic accountability. Congress, not an administrative agency,
is the best place to make policy with a profound impact on a
substantial portion of the economy. Congress should consider that the
flexibility that rulemaking permits also allows for changes in rules
over time, which--regardless of the underlying policy--can be
terrifically difficult for businesses attempting to adapt.
Question 10. Do you believe elevating the Office of Technology
Research and Investigation to the Bureau level would meaningfully help
the FTC in addressing new technological developments across its
mandates?
Answer. I do not believe that elevating the Office of Technology
Research and Investigation to the Bureau level would meaningfully help
the FTC.
Board Accountability
Question 12. What is the FTC doing to investigate and hold
accountable individual board members and executives who knowingly
assist their companies in committing fraud? What more should the FTC be
doing in this regard?
Answer. The FTC always considers the potential liability of
individual officers and others who knowingly assist fraud. Where we
find the appropriate facts, we name such people as defendants.
FTC Investigation of Algorithms
Section 6(b) of the FTC Act gives the agency broad investigatory
and information-gathering powers. For example, in the 1970s the FTC
used its Section 6(b) authority to require companies to submit product-
line specific information, enabling the agency to assess the state of
competition across markets.
The FTC has released reports on big data and the harms biased
algorithms can cause to disadvantaged communities. These reports drew
attention to the potential loss of economic opportunity and diminished
participation in our society. Yet, information on how these algorithms
work, and on the inputs that go into them, remains opaque.
Question 19. Where the FTC consider using its Section 6(b)
investigative power to help us understand how these algorithms and
black-box A.I. systems work--the biases that shape them, and how those
can affect trade, opportunity, and the market?
Answer. Advancements in algorithm design, A.I. systems, and data
analytics have played and continue to play a crucial role in spurring
innovation that can deliver significant benefits to our society and
drive our Nation's economic growth. Given their significance, I agree
that algorithms and artificial intelligence are important topics of
study. In 2017, the FTC and Department of Justice submitted a joint
paper on algorithms and collusion to the Organization for Economic
Cooperation and Development as part of the OECD's broader look at the
role of competition policy and the digital age.\1\ More recently, we
examined the competition and consumer protection implications of
algorithms, artificial intelligence, and predictive analytics as part
of the Commission's Hearings on Competition and Consumer Protection in
the 21st Century.\2\ The two-day hearing featured a distinguished group
of technologists, scientists, public servants, academics, and industry
leaders (as well as economists and lawyers), who gathered to educate us
and the broader competition and consumer protection community about how
these technologies work, how they are used in the marketplace, and
their policy implications. The Commission also invited public
commentary on this topic.
---------------------------------------------------------------------------
\1\ Note by the United States on Algorithms and Collusion, OECD
Doc. DAF/COMP/WD(2017)41 (May 26, 2017), https://www.ftc.gov/policy/
reports/us-submissions-oecd-2010-present#oecd.
\2\ FTC, Hearings on Competition and Consumer Protection in the
21st Century, https://www.ftc.gov/policy/hearings-competition-consumer-
protection; FTC, FTC Hearing on Competition and Consumer Protection in
the 21st Century #7: The Competition and Consumer Protection Issues of
Algorithms, Artificial Intelligence, and Predictive Analytics (Nov. 13-
14, 2018), https://www.ftc.gov/news-events/events-calendar/ftc-hearing-
7-competition-consumer-protection-21st-century.
---------------------------------------------------------------------------
The Commission will keep you apprised of any initiatives that come
out of our hearings project. I also appreciate your interest in the
Commission conducting a study of algorithms and artificial intelligence
under Section 6(b) of the FTC Act. It is my understanding that the
agency intends to conduct 6(b) studies in the technology area, though
the subjects of these studies are still being considered.
FTC Consent Decree on Unrepaired Recalls
Most consumers probably do not know that, while new car dealers are
prohibited from selling vehicles with open recalls, used car dealers
are not. A recent FTC consent decree, which I strenuously disagreed
with and is currently being scrutinized in the courts, allows the sale
of used cars with unrepaired recalls. According to the consent decree,
car dealers can advertise that cars with unrepaired safety recalls like
a defective Takata airbag are ``safe'' or have passed a ``rigorous
inspection''--as long as they have a disclosure that the vehicle may be
subject to an unrepaired recall and directs consumers on how they can
determine the vehicle has an open recall.
Question 20. In your opinion, is a car with an open, unrepaired
recall, a ``safe'' car? Why would the FTC allow unsafe cars to be
advertised as ``safe'' and ``repaired for safety,'' with or without a
vague, contradictory and confusing disclaimer?
Answer. We share your concerns regarding the safety issues raised
by recalls in the used automobile marketplace. As you note, while
Federal auto safety law requires that all new cars sold be free from
recalls, it does not prohibit auto dealers from selling used cars with
open recalls.
However, the FTC Act enables the Commission to stop auto dealers
selling such cars from engaging in misleading advertising practices
that mask the existence of open recalls. In an effort to stop such
claims, in 2016 and 2017, the Commission brought actions against
General Motors Company, CarMax, Inc., and four other large used car
dealerships. In these actions, the Commission alleged that these
companies' advertising claims violated the FTC Act by touting the
rigorousness of their used car inspections while failing to clearly
disclose the existence of unrepaired safety recalls in some cars.\3\
---------------------------------------------------------------------------
\3\ FTC Press Release, GM, Jim Koons Management, and Lithia Motors
Inc. Settle FTC Actions Charging That Their Used Car Inspection Program
Ads Failed to Adequately Disclose Unrepaired Safety Recalls (Jan. 28,
2016), https://www.ftc.gov/news-events/press-releases/2016/01/gm-jim-
koons-management-lithia-motors-inc-settle-ftc-actions; FTC Press
Release, CarMax and Two Other Dealers Settle FTC Charges That They
Touted Inspections While Failing to Disclose Some of the Cars Were
Subject to Unrepaired Safety Recalls (Dec. 16, 2016), https://
www.ftc.gov/news-events/press-releases/2016/12/carmax-two-other-
dealers-settle-ftc-charges-they-touted.
---------------------------------------------------------------------------
Our orders stop this deceptive conduct and provide important
additional protections for consumers. First, they prohibit each company
from making any safety-related claim about its vehicles unless the
vehicles are recall-free, or, alternatively, the company discloses
clearly and conspicuously \4\ and in close proximity to the
representation both that the vehicles may be subject to open recalls
and how consumers can determine the recall status of a particular car.
This means that, if any car on the companies' lots is subject to an
open recall, every time the companies make these types of inspection
claims, they must prominently disclose this important information on
recalls. Further, the orders required each company to warn consumers
who already purchased one of its used cars that the vehicle may have an
open recall.
---------------------------------------------------------------------------
\4\ Importantly, the orders define ``clearly and conspicuously'' in
detail to mean, among other things, that disclosures must be
``difficult to miss (i.e., easily noticeable) and easily understandable
by ordinary consumers,'' and to require that ``[a] visual disclosure,
by its size, contrast, location, the length of time it appears, and
other characteristics, must stand out from any accompanying text or
other visual elements so that it is easily noticed, read, and
understood.'' E.g., General Motors LLC, No. C-4596, 2016 WL 7383980, at
*4, (F.T.C. 2016).
---------------------------------------------------------------------------
Without our actions, these car sellers could not only continue to
sell used vehicles subject to open recalls (a practice currently
permitted under Federal product safety law), but could also make
misleading inspection claims masking this fact--without in any way
disclosing the possibility of recalls. Under the Commission's orders,
consumers will instead receive important information about open recalls
whenever respondents make these kinds of claims.\5\
---------------------------------------------------------------------------
\5\ Beyond this sweep of cases, in October 2018, the FTC secured
orders in the Passport Toyota matter against a group of dealerships,
and their principals, for mailing more than 21,000 fake ``urgent''
recall notices to consumers. We alleged that the vast majority of the
vehicles covered by the notices did not have open recalls, but that the
dealers instead used these fake recall notices to increase business at
the dealerships' service departments. Complaint, FTC v. Passport
Imports, Inc., No. 8:18-cv-03118 (D. Md. Oct. 10, 2018), https://
www.ftc.gov/enforcement/cases-proceedings/162-3193/passport-imports-
inc-passport-toyota.
---------------------------------------------------------------------------
Question on Non-Compete Clauses
I am concerned about the growth of non-compete clauses, which block
employees from switching jobs to another employer in the same sector
for a certain period of time. These clauses weaken workers' bargaining
power once they are in the job, because workers often cannot credibly
threaten to leave if their employer forces refuses to give them a raise
or imposes poor working conditions. According to the Economic Policy
Institute, roughly 30 million workers--including one in six workers
without a college degree--are now covered by non-compete clauses.
The consensus in favor of addressing non-compete clauses is
growing. For example, just this past December, an interagency report
indicated that non-compete clauses can be harmful in certain contexts,
such as the healthcare industry. Yet, the FTC has not yet undertaken
forceful action. In September, Commissioner Chopra suggested that the
FTC use its rulemaking authority to ``remove any ambiguity as to when
non-compete agreements are permissible or not.''
Question 23. Do you agree with the proposal that the FTC use its
rulemaking authority to address non-compete clauses? I invite you to
explain your reasoning regarding your stance.
Answer. Recent research shows that non-compete clauses may be far
more prevalent in the modern economy than enforcers realized. The
validity and enforceability of these clauses is not always clear--some
states have strict limitations against enforcing such clauses and it is
uncertain today whether employees covered by such clauses always
understand their legal position.
I fear the increase in various labor restrictions may be combining
to stifle worker mobility, and with it potentially wages and
opportunities, as well. Non-compete clauses, no-poach agreements (which
also appear to have proliferated in some spaces), and occupational
licensing requirements (which have dramatically increased in scope in
recent decades) all and together affect workers' ability to find and
obtain desirable jobs. Many of the insights regarding the prevalence of
non-competes clauses and no-poach agreements have come to light only
recently, and the Commission has been closely following these
developments and working to understand better the scope and effects of
such clauses, to add to its long-established work on occupational
licensing. It is not clear that non-compete clauses present antitrust
issues, except in narrow circumstances; but as the agency tasked with
protecting consumers and competition, the FTC is working to understand
how such clauses may impact markets, alone or in combination with other
restrictive clauses.
A rulemaking is probably premature at this stage, as these issues
deserve careful study and a clear understanding of both how such terms
may impact labor flow and how best to tailor any rules or enforcement
efforts to achieve better outcomes. Several states have begun efforts
to curb the use of non-competes, and senators have been working on
bills that would help limit such practices nationwide. I look forward
to working with members on this critical question.
Question on Local Merger Enforcement
Even though big national mergers typically garner the most media
attention, smaller mergers can often raise monopoly concerns on the
local level. This can be true in the healthcare industry, for example.
In November, Commissioner Simons told me: ``Some local mergers may be
too small to require Hart-Scott-Rodino premerger notification, but may
still have anticompetitive effects.''
Question 24. Would you agree with me that Hart-Scott-Rodino
premerger notifications help antitrust enforcers catch concerning
mergers?
Answer. Yes, I agree that the premerger notification requirements
of the Hart-Scott-Rodino Premerger Notification Act (HSR) help
antitrust enforcers identify anticompetitive mergers before they are
consummated, preventing consumer harm. Once a merger is consummated and
the firms' operations are integrated, it can be very difficult, if not
impossible, to ``unscramble the eggs'' and restore the acquired firm to
its former status as an independent competitor.
It is important, however, to ensure that the HSR filing
requirements are tailored properly. The FTC typically issues requests
for additional documents and evidence for only a very small percentage
of filings it receives--with wide, bipartisan agreement that most
mergers do not pose competitive problems--and ultimately enters into
consent decrees or seeks to block even fewer mergers. In other words,
HSR filing requirements today cast a very large net to catch a very
few--albeit very important--fish. Given the vast expansion of antitrust
regimes around the globe in recent years, the U.S. should endeavor to
be a leader in setting meaningful and appropriate premerger filing
requirements, and to avoid setting a standard that would allow other
jurisdictions to say they are following the U.S. in using antitrust
regimes as a method of increasing government revenues.
Question 25. What sort of anticompetitive effects might be raised
by local mergers even when those mergers are too small to require Hart-
Scott-Rodino premerger notification?
Answer. Anticompetitive mergers can harm consumers in several ways,
including by increasing prices and reducing output, or by lowering
quality or services, hampering innovation, or diminishing new entry or
expansion.\6\ These harmful effects can manifest in local as well as
more geographically-expansive mergers. Although the harms local mergers
present are, by definition, restricted to a smaller geographic area,
their effects can still be pernicious.\7\
---------------------------------------------------------------------------
\6\ U.S. Department of Justice & Federal Trade Commission,
Horizontal Merger Guidelines Sec. 1 (2010), https://www.ftc.gov/public-
statements/2010/08/horizontal-merger-guidelines-united-states-
department-justice-federal (``A merger enhances market power if it is
likely to encourage one or more firms to raise price, reduce output,
diminish innovation, or otherwise harm customers as a result of
diminished competitive constraints or incentives.'').
\7\ Id. at Sec. 4.2. In antitrust analysis, a relevant market
identifies a set of products or services and a geographic area of
competition in which to analyze the potential effects of a proposed
transaction. The purpose of market definition is to identify options
available to consumers. See id. at Sec. 4 (describing market definition
in antitrust analysis).
---------------------------------------------------------------------------
The FTC often examines local geographic markets in the course of
its merger review, both when assessing the effects that mergers of
national companies might have in local areas and when examining local
mergers. For instance, the FTC typically considers local geographic
markets in retail markets, such as supermarkets, pharmacies, retail gas
or diesel fuel stations, or funeral homes, and in service markets, such
as health care. In a recent Federal court action seeking to enjoin the
proposed merger of two rival physician services providers, the FTC and
State of North Dakota defined the relevant geographic market as the
Bismarck-Mandan, North Dakota, Metropolitan Statistical Area--a four-
county area that includes the cities of Bismarck and Mandan and smaller
communities within the surrounding 40 to 50 mile radius.\8\
---------------------------------------------------------------------------
\8\ FTC v. Sanford Health, No. 1:17-cv-0133 (D.N.D. 2017), https://
www.ftc.gov/enforcement/cases-proceedings/171-0019/sanford-health-ftc-
state-north-dakota-v. The U.S. District Court for the District of North
Dakota granted the FTC and State of North Dakota's preliminary
injunction motion on December 13, 2017. The parties have appealed and
the case is now pending before the Eighth Circuit.
Question 26. What action would you recommend either the FTC or
Congress take in order to assist Federal and state antitrust enforcers
in catching local mergers that raise anticompetitive concerns?
Answer. While I have no opinion as to whether Congress should take
action, identifying anticompetitive mergers remains one of the FTC's
top competition priorities. Today, the FTC devotes the bulk of its
merger review efforts to transactions that parties report pre-
consummation. However, the FTC also closely monitors M&A activity more
broadly, to identify unreported (often, but not always, consummated)
mergers that could harm consumers. The FTC uses the trade press and
other news articles, consumer and competitor complaints, hearings,
economic studies, and other means to identify such potentially harmful
activity (both merger and other conduct). The FTC also routinely works
with state attorneys general in its enforcement efforts; state
attorneys general routinely join the FTC as co-plaintiffs in Federal
court litigations, such as in the North Dakota physician services
merger litigation discussed above.
Question on Horizontal Shareholding
Recent research has raised questions about whether horizontal
shareholding harms competition in our economy. I would like to
understand your view on this ongoing research.
Question 27. Do you believe that horizontal shareholding raises
anticompetitive concerns?
Answer. See below.
Question 28. Do you believe that our antitrust laws can be used to
address the anticompetitive concerns raised by horizontal shareholding?
Answer. See below.
Question 29. What, if anything, are you doing to address any
potential harms of horizontal shareholding?
Answer. Today, there is insufficient evidence to conclude that
horizontal shareholding presents real competitive concerns. There have
been a few recent and notable papers attempting to analyze the
competitive effects of such holdings, but they do not yet provide a
basis for enforcers attempting to extrapolate whether a larger, more
pernicious phenomenon is at play.\9\
---------------------------------------------------------------------------
\9\ See Note by the United States on Common Ownership by
institutional investors and its impact on competition at � 1, OECD Doc.
DAF/COMP/WD(2017)86 (Nov. 28, 2017), https://www.ftc.gov/policy/
reports/us-submissions-oecd-2010-present#oecd (explaining that
``[g]iven the ongoing academic research and debate, and its early stage
of development, the U.S. antitrust agencies are not prepared at this
time to make any changes to their policies or practices with respect to
common ownership by institutional investors.''); see also Noah Joshua
Phillips, Commissioner, Federal Trade Commission, Opening Remarks at
FTC Hearing on Competition and Consumer Protection in the 21st Century
#8: Corporate Governance, Institutional Investors, and Common Ownership
(Dec. 6, 2018), https://www.ftc.gov/public-statements/2018/12/opening-
remarks-commissioner-noah-joshua-phillips-ftc-hearing-8; Noah Joshua
Phillips, Commissioner, Federal Trade Commission, Prepared Remarks at
the Global Antitrust Economics Conference: Taking Stock: Assessing
Common Ownership, (June 1, 2018), https://www.ftc.gov/public-
statements/2018/06/taking-stock-assessing-common-ownership.
---------------------------------------------------------------------------
The U.S. antitrust agencies define common ownership as ``the
simultaneous ownership of stock in competing companies by a single
investor, where none of the stock holdings is large enough to give the
owner control of any of these companies''.\10\ It is distinct from
``cross ownership'', wherein a company holds an interest in one of its
competitors, and other joint venture or co-partner scenarios, which
have long been a focus of U.S. antitrust law.
---------------------------------------------------------------------------
\10\ Note by the United States on Common Ownership by institutional
investors and its impact on competition at � 1, OECD Doc. DAF/COMP/
WD(2017)86 (Nov. 28, 2017), https://www.ftc.gov/policy/reports/us-
submissions-oecd-2010-present#oecd.
---------------------------------------------------------------------------
The general theory of harmful common shareholdings is that large
institutional investors' common holdings may lead firms to compete less
aggressively--by virtue of the companies' knowledge that more
aggressive competition may not be in the interest of such shareholders,
by active encouragement from such investors, or simply by the failure
of large shareholders to spur competition--and thereby lead to higher
prices or other harmful effects. Proponents of this theory point to
several empirical papers that purport to identify such effects, and
several have proposed wide-ranging remedies that they argue would solve
this alleged problem. In response, critics have identified various
methodological flaws in the original research, which they argue call
into question the results of these papers. They further identify
alleged shortcomings in the harmful common ownership theory, including
the absence of a clear mechanism of harm, the failure to distinguish
between the economic owners and the beneficial owners of the shares at
issue, and the fact that the theory assumes managers behave in ways
diametrically opposed to how theory and real world evidence from
corporate law experience have demonstrated they typically behave.
The FTC has continued to stay abreast of the common ownership
research. In November 2017, the Commission participated in an
Organisation for Economic Co-operation and Development (OECD)
conference devoted to this topic. The Commission also held a full-day
workshop, supplemented by a public comment process, in December 2018
that was largely devoted to exploring the merits of the common
ownership issue.\11\ At the workshop, which was part of our Hearings on
Competition and Consumer Protection in the 21st Century, respected
academics and industry experts on both sides of this issue shared their
expertise with both us and the public.
---------------------------------------------------------------------------
\11\ FTC, FTC Hearing on Competition and Consumer Protection in the
21st Century #8: Corporate Governance, Institutional Investors, and
Common Ownership (Dec. 6, 2018), https://www.ftc.gov/news-events/
events-calendar/ftc-hearing-8-competition-consumer-protection-21st-
century.
---------------------------------------------------------------------------
From what we have seen so far, I do not believe there is sufficient
evidence to warrant policy changes in response to the alleged common
shareholding problem. I have identified a series of questions for
scholars to answer and that I believe would help shed more light on the
issue and whether such changes may be warranted.\12\
---------------------------------------------------------------------------
\12\ Noah Joshua Phillips, Commissioner, Federal Trade Commission,
Opening Remarks at FTC Hearing on Competition and Consumer Protection
in the 21st Century #8: Corporate Governance, Institutional Investors,
and Common Ownership (Dec. 6, 2018), https://www.ftc.gov/public-
statements/2018/12/opening-remarks-commissioner-noah-joshua-phillips-
ftc-hearing-8; Noah Joshua Phillips, Commissioner, Federal Trade
Commission, Prepared Remarks at the Global Antitrust Economics
Conference: Taking Stock: Assessing Common Ownership, (June 1, 2018),
https://www.ftc.gov/public-statements/2018/06/taking-stock-assessing-
common-ownership.
---------------------------------------------------------------------------
The FTC has tools already at our disposal to monitor and discipline
anticompetitive activity, which we will continue to deploy where the
law and evidence provide a basis for doing so. In considering any
policy changes--some proposals for which have been extreme--the
Commission will also bear in mind that many Americans benefit from the
low-cost investment options large institutional investors make
possible.
______
Response to Written Questions Submitted by Hon. Catherine Cortez Masto
to Hon. Noah Joshua Phillips
Pet Leasing
I appreciate the Commission's attention to my request with six of
my colleagues for the FTC to investigate the practice of pet leasing
that is leading some consumers into confusing or deceptive contractual
obligations that cause them to have an issue with their beloved pet and
negatively impact their financial status, such as credit scores, for
far into the future. This is an issue that is a little under the radar
but needs strong oversight and attention under your deceptive practices
mandate if there are concerning financial practices being discovered.
Question. Can I get a further commitment from you all to keep my
office informed of actions and determinations you all may make
pertaining to this concerning issue and the Humane Society and Animal
Legal Defense Fund's formal petition to the Commission?
Answer. The FTC is committed to protecting consumers from unfair or
deceptive acts or practices, including any such practices carried out
by merchants or third party leasing and financing companies. Since our
response to your letter last November, FTC staff has met with the
Humane Society and Animal Legal Defense Fund to discuss their joint
formal petition to the Commission. The FTC will continue to keep your
office informed of public actions the Commission takes concerning pet
leasing or the Humane Society and Animal Legal Defense Fund's petition
to the Commission.
Data Minimization vs Big Data
A topic that has come up a lot during our discussions on privacy is
data minimization. This is a concept that I have been considering on as
I work on developing a comprehensive data privacy bill. As you're
aware, this is the idea that businesses should only collect, process,
and store the minimum amount of data that is necessary to carry out the
purposes for which is was collected. There are obvious advantages to
this as it minimizes the risk of data breaches and other privacy harms.
At the same time, big data analytics are going to be crucial for the
future and play an important role in smart cities, artificial
intelligence, and other important technologies that fuel economic
growth. I think it is important to find a balance between minimization
and ensuring that data, especially de-identified data, is available for
these applications.
Question. Can you describe how you view this balance and how we in
Congress can ensure that people's data is not abused but can still be
put to use in positive ways?
Answer. This is one of the most important questions that we need to
ask when evaluating any future privacy regime. Algorithims, Big Data
and AI are areas of tremendous and important innovation that have the
potential to provide significant benefits for our economy, for
consumers, and for our national welfare.
Your question neatly captures the dilemma. Businesses can apply
``big data'' analysis tools to gain insights from large data sets that
help the business to innovate, for example to improve an existing
product. This analysis can provide new consumer benefits, such as the
development of new features. On the other hand, consumers' data may be
used for unexpected purposes in ways that are unwelcome.\13\ Long-term
retention of consumer information--such as sensitive financial
information--also presents a data security issue.\14\
---------------------------------------------------------------------------
\13\ See, e.g., FTC Press Release, FTC Charges Deceptive Privacy
Practices in Google's Rollout of Its Buzz Social Network (Mar. 30,
2011), https://www.ftc.gov/news-events/press-releases/2011/03/ftc-
charges-deceptive-privacy-practices-googles-rollout-its-buzz) (alleging
that Google deceptively repurposed information it had obtained from
users of its Gmail e-mail service to set up the Buzz social networking
service, leading to public disclosure of users' e-mail contacts).
\14\ See, e.g., Ceridian Corp., No. C-4325 (F.T.C. 2011), https://
www.ftc.gov/enforcement/cases-proceedings/102-3160/ceridian-
corporation-matter) (resolving charges that the company created
unnecessary risks by storing information such as individuals' e-mail
address, telephone number, Social Security number, date of birth, and
direct deposit account number indefinitely on its network without a
business need).
---------------------------------------------------------------------------
The FTC has issued a report on the subject of the benefits and
risks of big data that contains guidance for companies that use big
data analytics.\15\ Last fall, the Commission also hosted a workshop on
the intersections between big data, privacy and competition.\16\ We are
happy to work with your staff to develop legislation on how to balance
the benefits and risks of big data.
---------------------------------------------------------------------------
\15\ See FTC, Big Data: A Tool for Inclusion or Exclusion?
Understanding the Issues (Jan. 2016), https://www.ftc.gov/system/files/
documents/reports/big-data-tool-inclusion-or-exclusion-understanding-
issues/160106big-data-rpt.pdf.
\16\ See FTC, FTC Hearing on Competition and Consumer Protection in
the 21st Century #6: Privacy, Big Data, and Competition(Nov. 6-8,
2018), https://www.ftc.gov/news-events/events-calendar/ftc-hearing-6-
competition-consumer-protection-21st-century.
---------------------------------------------------------------------------
General Privacy Recommendations
Question 1. While privacy was a significant topic of the oversight
hearing, as we look to develop a bill, can you specifically lay out
some of the top priorities you individually would like to see included
and what do you think gets overlooked in the conversations policymakers
have with allowing for future innovations and yet raising the bar for
protecting consumers?
Answer. As an initial matter, in considering whether to develop
comprehensive privacy legislation, I urge Congress to first study,
identify, and understand the harms it wishes to address. Only through
that crucial inquiry can Congress the develop policy and craft remedies
appropriate to the problem it is trying to solve. It is also essential
that Congress carefully and fully weigh the costs and benefits of any
legislation and, in particular, the costs of regulation to innovation
and competition, and the potential entrenchment of incumbents that may
result. Regulation, by its nature, involves tradeoffs; only if we do
our best to understand the tradeoffs can we make coherent and
thoughtful decisions in lawmaking.
In terms of my priorities for any legislation, my number one
priority is data security legislation, to be enforced by the FTC--
though not identical to privacy legislation, nothing will do more for
privacy that improved data security. The Commission has been calling
for data security legislation for years on a bipartisan basis, as it is
necessary to provide both security to consumers and coherence to the
market. I also support civil money penalty authority as part of data
security legislation, to correct flaws in the market that result in an
under-investment in security.\17\ And, in addition, I believe that the
FTC needs legislation that will address the Court's concerns in LabMD
and permit the Commission to once again apply a ``reasonableness''
standard in data security orders, which provides the flexibility that
the market requires.\18\
---------------------------------------------------------------------------
\17\ See, e.g., Steven Shavell, Foundations of Economic Analysis of
Law 244 (2004) (where consumers cannot trace the full harm to the
injurer, injurers will not internalize the full amount of harm).
\18\ LabMD v. FTC, 894 F.3d 1221 (11th Cir. 2018).
---------------------------------------------------------------------------
There are other immediate, consumer protection enforcement needs. I
urge Congress to amend the FTC Act to undo the ViroPharma decision \19\
and make it clear to courts and litigants alike that the Commission's
authority is not limited to ongoing conduct, but rather that the
Commission can pursue enforcement actions and, where appropriate,
monetary relief, even for conduct that has ceased.
---------------------------------------------------------------------------
\19\ FTC v. Shire ViroPharma, Inc., No. 18-1807, 2019 WL 908577 (3d
Cir. 2019).
---------------------------------------------------------------------------
As for broader privacy legislation, in considering whether and what
to do, Congress is not acting in a vacuum. The United States has
already been working with our economic allies on privacy issues for
decades--for instance, in the form of the OECD Privacy Framework and
the APEC Privacy Framework \20\--and these can and should form the
basis for the discussion. Moreover, while any legislation should
maintain the FTC's role as that nation's primary privacy and data
security enforcement agency, I would stress that it is Congress that
should make the difficult and important decisions in the privacy and
data security sphere--while the Commission can issue implementing
regulations, any legislation will necessarily involve value judgements
that should be left to Congress, not unelected Commission officials.
---------------------------------------------------------------------------
\20\ OECD, The OECD Privacy Framework (2013), http://www.oecd.org/
sti/ieconomy/oecd_privacy_framework.pdf.
---------------------------------------------------------------------------
I also believe that, in considering legislation, Congress should
focus on information asymmetry, helping ensure that the market, and
consumers in particular, have more, and more accessible, information on
which to make informed decisions. I also believe there is value in
encouraging companies to engage in internal privacy assessments so that
they better understand their own landscape and can make informed, risk-
based decisions about how they gather, use, and share data.
In terms of FTC-specific authority, as I have said elsewhere, I
support removing common carrier and non-profit exceptions to the FTC's
authority, but I remain cautious on civil penalties outside of the data
security context. Penalties are tools, and whether penalties are
appropriate and effective will ultimately depend on the liability
scheme that Congress sets up in any legislation, and specifically
whether Congress applies a more rules-based approach or a looser
standards-based approach, as well as whether the data demonstrate that
penalties in fact effectively deter the relevant conduct, rather than
chill beneficial conduct.
Question 2. Can you also outline the optimal role you see for our
state Attorneys General in this privacy enforcement process?
Answer. Attorneys General can be important partners in protecting
consumers, acting as force multipliers for Federal law enforcement. I
think this is a valuable model that Congress should weigh. It should
also consider whether to allow the FTC authority to assert exclusive
jurisdiction when necessary, to ensure consistent and coherent
application of Federal law.
Privacy Risky Communities/Groups
Question 1. Do you think that certain communities or groups are any
more or less vulnerable to privacy risks and harms?
Answer. Yes. Congress previously has recognized that certain
communities or groups may be more or less vulnerable to privacy risks
and harms when promulgating the Children's Online Privacy Protection
Act, and certain provisions of Gramm-Leach Bliley and the Health
Insurance Portability and Accountability Act. The Commission also has
worked to address issues particularly affecting certain communities or
groups through a number of means, including law enforcement as well as
a series of seminars and other events around the country and through
consumer education.\21\
---------------------------------------------------------------------------
\21\ See, e.g., FTC, Common Ground Conferences and Roundtables
Calendar, https://www.consumer.gov/content/common-ground-conferences-
and-roundtables-calendar; FTC, Consumer Information--Fraud Affects
Every Community, https://www.consumer.ftc.gov/features/every-community.
Question 2. Should privacy law and regulations account for such
unique or disparate harms, and if so, how?
Answer. Yes. I believe the approach Congress took with COPPA, GLB
and HIPAA is instructive here. Existing laws like the Fair Credit
Reporting Act and the Equal Credit Opportunity Act also provide
important protections against unlawful discrimination. The Commission
is happy to work with you to think through these issues as you craft
legislation.
Immediate Civil Penalties Authority
Noting from your FTC testimony, ``Section 5 (of the FTC Act),
however, is not without limitations. For example, Section 5 does not
provide for civil penalties, reducing the Commission's deterrent
capability.''
Question. While I appreciate the long term successes of the FTC in
many respects to investigate data security matters, what are your
thoughts to whether there is enough of a deterrent effect with Section
5 authority when you can't immediately enforce against those who misuse
data with civil penalties right from the start, rather than as the
result of often times flagrant offenses to their already establish
consent decrees?
Answer. For good reason, the FTC Act does not give the Commission
penalty authority for first-time violators. If Congress were to give us
the authority to seek civil penalties for first-time violators of data
security rules specifically (subject to statutory limitations on the
imposition of such penalties, such as ability to pay), we would have
greater ability to deter potentially harmful conduct. Due to asymmetric
information, interdependent systems, and difficulties in tracing ID
theft to a particular firm, there are reasons to believe that in many
circumstances firms may lack sufficient incentives to adequately invest
in data security under current law.\22\ Correctly calibrated civil
penalties would cause companies to internalize the full costs of
inadequate data security, fostering proper incentives to protect
consumer data.
---------------------------------------------------------------------------
\22\ See, e.g., Steven Shavell, Foundations of Economic Analysis of
Law 244 (2004) (when victims cannot identify the injurer, injurers will
lack adequate incentives to take care); George Akerlof, The Market for
``Lemons'': Quality Uncertainty and the Market Mechanism, 84 Q.J. Econ.
488 (1970); Howard Kunreuther & Geoffrey Heal, Interdependent Security,
26 J. Risk & Uncertainty 231 (2003).
---------------------------------------------------------------------------
However, for privacy more broadly, it must be remembered that
penalties are a tool; and, in my view, the question of tools is a
secondary one, that cannot and should not be considered in the
abstract. That question necessarily requires preliminary determinations
first as to what harms Congress wishes to address and second, what
liability standards it adopts to address those harms. Civil penalties
are better tailored to conduct that is clearly defined--for example,
violations of specific rules set forth in FTC Consent Orders or
regulations like COPPA. Otherwise, the prospect of paying them may
chill innovation and other conduct that benefits consumers.
______
Response to Written Questions Submitted by Hon. Amy Klobuchar to
Hon. Noah Joshua Phillips
Question 1. The FTC is charged with enforcing the Children's Online
Privacy Protection Act (COPPA) and has done so for the last two
decades. Protecting the privacy of children has never been more
important than it is now, but the online privacy of all Americas is
also increasingly at risk.
Both of you have recently commented that we should learn
from the FTC's experience in enforcing COPPA when we consider
our approach to protecting consumer privacy more broadly. What
lessons should we take away from the Commission's experience
enforcing COPPA when considering ways to protect online privacy
and data security for all Americans?
Answer. I believe that our experience with COPPA--in particular,
its enactment and its implementation--can help inform and guide efforts
to protect online privacy and data for all Americans.
The American privacy framework is built upon identifying risks and
then designing a solution that balances competing interests. This
requires evaluating the sensitivity of the information involved and the
potential harms that would result from its collection, use or
disclosure, and then creating a solution that will limit these harms
while still allowing appropriate use of even sensitive information.
With COPPA, rather than trying to protect children's privacy and safety
by enacting draconian legislation that could severely limit children's
experience on the Internet, Congress instead created a comprehensive,
yet flexible, framework to protect both children's privacy and
children's ability to access interactive content on the Internet. And,
importantly, Congress itself made the tough choices in balancing
privacy and the tradeoffs inherent in privacy regulation, most notably,
the age of children to be covered by COPPA.
We can also learn lessons from the implementation of COPPA. In
including the modifier ``taking into consideration available
technology'' in its definition of ``verifiable parental consent'',
Congress gave the FTC the latitude, in drafting the first iteration of
the COPPA Rule, to develop a consent mechanism based upon how the
child's information would be used and with whom it would be shared. In
crafting the Rule, FTC staff recognized that the cost of a
technologically rigorous mechanism could sometimes outweigh its
benefits, especially if there was less risk associated with the
collection and use of the child's information. Importantly, they were
able to engage in this cost-benefit analysis because Congress drafted
the COPPA statute with this consideration in mind. Congress should
study the history of COPPA enforcement and rulemaking in considering
whether and how to proceed on broader privacy legislation.
COPPA is a deliberately paternalistic statute, because it deals
with children; so it is not necessarily a model for broader privacy
legislation. But, despite the fact that COPPA is twenty years old, its
more flexible approach to protecting children's privacy which considers
benefits and harms has been a critical component in its continuing
success and effectiveness.
Question 2. The Federal Trade Commission's budget has remained flat
for the past several years despite increasing demands on your agency's
resources, including a significant rise in merger filings.
If additional resources were made available to the Federal
Trade Commission, how would you deploy those resources to
advance the agency's consumer protection and competition
missions?
Answer. I appreciate your attention to the agency's resource needs.
As we mentioned in our November 27 testimony, the FTC works very hard
to accomplish as much as possible with the resources we have. We are
tasked with the important dual goals of protecting consumers and
promoting competition, both which are of increasing importance in the
changing economy. Resource constraints remain a significant challenge.
Evolving technologies and intellectual property issues, among others,
continue to increase the complexity of antitrust investigations and
litigation. That complexity, coupled with the rising costs of critical
expert witnesses and increases in caseload, sometimes leads to
financial and personnel resource limitations. In the past, we have
requested additional resources for experts, information technology, and
more full-time employees in support of our mission to protect consumers
and promote competition. We also have heard the need for additional
paralegals to help support our staff attorneys; paralegals can provide
very valuable services and allow attorneys to devote more time to
substantive issues, but they are a rare commodity at the Commission
today. These all continue to be critical areas of need for our agency.
If we receive additional resources, we plan to apply them to these
areas.
On the competition side, qualified experts are a key resource in
all of the FTC's cases--both merger and conduct--heading toward
litigation. Expert witness services are critical to these cases, as
they help the FTC satisfy key burdens such as defining product and
geographic markets and estimating the likely harms (and countering
defendants' estimation of any alleged procompetitive benefits). Expert
witness may often prove crucial to litigated cases on the consumer
protection side, as well.
Expert witness costs are highly dependent on the number, scope,
duration, and disposition of our Federal and administrative court
challenges--increasing (often significantly) as these factors increase.
To limit these costs, the FTC has continued to identify and implement a
variety of strategies, including using internal personnel from its
Bureau of Economics as expert witnesses whenever practical. The
opportunities to use internal experts as testifying experts are
limited, however, by several factors, including staff availability,
testifying experience, and the specialized expertise required for
specific matters.
______
Response to Written Questions Submitted by Hon. Tom Udall to
Hon. Noah Joshua Phillips
Privacy
Question 1. Do you support strong civil penalties for consumer
privacy violations?
Answer. Penalties are a tool and, in my view, the question of tools
is a secondary one, which cannot and should not be considered in the
abstract. That question necessarily requires preliminary determinations
first as to what harms Congress wishes to address and second, what
liability standards it adopts to address those harms. Civil penalties
are better tailored to conduct that is clearly-defined--for example,
violations of specific rules set forth in FTC Consent Orders or
regulations like COPPA. Otherwise, the prospect of paying them may
chill innovation and other conduct that benefits consumers.
Question 2. The California Consumer Protection Act goes into effect
in January 2020. As Congress considers pre-emption of that state law,
what additional authority should we give the FTC to ensure that
consumer privacy adequately is protected?
Answer. I support Congress including preemption of the California
Consumer Protection Act, should it take up Federal privacy legislation.
Clarity and consistency in the regulation of technology, rather than a
patchwork of laws, is critical, especially to protecting the ability of
small firms to compete.
In terms of additional authority, the first question we must ask is
about the harms--what privacy harms are we focused on and trying to
solve. Only when we understand that can we make the policy decision
over which tools--new authorities--are necessary and appropriate. That
said, the one authority that we unquestionably should have in any new
privacy law is the authority to enforce that law against common
carriers and non-profits. The current state of the law creates
unprincipled inconsistencies, and we should rectify those to allow for
more clarity and consistency across markets.
Question 3. A recent New York Times analysis found that both the
Apple App Store and the Google Play Store have apps in their respective
children's or family sections that potentially violate COPPA.\23\ What
specific role should platform owners play to ensure COPPA compliance on
their platforms?
---------------------------------------------------------------------------
\23\ Jennifer Valentino-DeVries, Natasha Singer,Aaron Krolik,
Michael H. Keller, How Game Apps That Captivate Kids Have Been
Collecting Their Data, New York Times (Sept. 12, 2018), https://
www.nytimes.com/interactive/2018/09/12/technology/kids-apps-data-
privacy-google-twitter.html.
---------------------------------------------------------------------------
Answer. In 2012, the Commission revised the COPPA Rule to cover not
just websites, app developers, and other online services but also third
parties collecting personal information from users of those sites or
services. At that time, the Commission made clear that it did not
intend to make platforms responsible merely for offering consumers
access to someone else's child-directed content. Rather, they would be
liable under COPPA only if they had actual knowledge that they were
collecting personal information from a child-directed app. At the same
time, platforms are in a unique position to set and enforce rules for
apps that seek placement in the platform's store and to drive good
practices. We encourage platforms to pursue best practices in this
regard, beyond those required by COPPA. For example, platforms can
serve an important educational function for apps that may not
understand the requirements of COPPA.
Question 4. Compliance for mobile apps may be hard to achieve
against fly-by-night operators overseas who do not care if their apps
violate U.S. law. How can the Vtech Electronics investigation and civil
penalty serve as an example for how the FTC can hold foreign app
developers responsible for violating COPPA?
Answer. When Congress takes action and enacts a privacy statute, it
is the FTC's job to faithfully execute congressional will and enforce
that law. This is important in all contexts, but I would argue it is
especially important when protecting the privacy of children. As a
Federal Trade Commissioner, I consider it crucial that we continue to
investigate businesses' practices as they relate to children's privacy,
and that we enforce this law as Congress intended. At the new FTC,
COPPA enforcement ought to be a signature feature of our American
privacy regime.
In addition to the VTech case you mention, the Commission has taken
action in a number of privacy- or security-related cases against
companies that have a foreign presence (see, e.g., TrendNet, inMobi,
ASUS, and HTC).\24\ In some of these cases, for example, a foreign
entity manufactured the devices at issue. In each of these cases, the
FTC obtained successful relief for consumers in the United States,
including a substantial civil penalty in the VTech and inMobi
settlements. More recently, the FTC took action against Blu, a U.S.-
based phone manufacturer that was allowing its Chinese service provider
to access text messages and other private information, contrary to its
representations to consumers.\25\ The Commission has also used other
means to address illegal conduct affecting U.S. consumers. For example,
a few years ago Commission staff sent a warning letter to a Chinese
company, Baby Bus, about COPPA violations relating to the collection of
children's personal information through its apps. The Commission copied
the app platforms on this communication. The company quickly responded
and addressed the concerns.
---------------------------------------------------------------------------
\24\ TRENDnet, Inc., No. C-4426 (F.T.C. 2014), https://www.ftc.gov/
enforcement/cases-proceedings/122-3090/trendnet-inc-matter; United
States v. InMobi Pte Ltd., No. 3:16-cv-3474 (N.D. Cal. 2016), https://
www.ftc.gov/enforcement/cases-proceedings/152-3203/inmobi-pte-ltd;
ASUSTeK Computer Inc., No. C-4587 (F.T.C. 2016), https://www.ftc.gov/
enforcement/cases-proceedings/142-3156/asustek-computer-inc-matter; HTC
America Inc., No. C-4406 (F.T.C. 2013), https://www.ftc.gov/
enforcement/cases-proceedings/122-3049/htc-america-inc-matter.
\25\ BLU Prods., No. C-4657 (F.T.C. 2018), https://www.ftc.gov/
enforcement/cases-proceedings/172-3025/blu-products-samuel-ohev-zion-
matter.
Question 5. The COPPA safe harbor organizations must submit an
annual report to the Federal Trade Commission. Can you share the
reports from the last 5 years?
Answer. Industry self-regulatory organizations and the COPPA safe
harbor programs are critical partners in the FTC's privacy enforcement
efforts. The FTC-approved safe harbor organizations submit annual
reports to the FTC each year. However, organizations claim
confidentiality with respect to the information in their annual
reports.
______
Response to Written Questions Submitted by Hon. John Thune to
Hon. Rebecca Kelly Slaughter
Question 1. Vertical mergers such as the merger between AT&T and
Time Warner have garnered some attention lately. The FTC and DOJ have
not updated vertical merger guidance since 1984. Do you believe that
the FTC and DOJ should issue new guidance on vertical mergers?
Answer. Given the enormous impact that vertical mergers could have
on the economy, markets, and consumers, I think the Commission should
closely scrutinize them, particularly when they involve oligopoly
markets and markets with high barriers to entry.\1\ There is broad
agreement that the 1984 non-horizontal guidelines do not reflect the
Commission's current enforcement practice. Indeed, Commission
investigations and cases have identified a range of competition
concerns arising from vertical mergers, including limiting access to or
raising the costs of key inputs, restricting access to an important
customer, inhibiting entry by new competitors, evading regulations,
facilitating coordination, and anticompetitive information sharing. I
recently urged the Commission to routinely conduct retrospective
examinations of vertical merger enforcement decisions. This would allow
the Commission to see if its predictions about a merger were correct
and facilitate the Commission's ability to take any necessary
enforcement action. The Commission is considering whether the agencies
should issue guidance on vertical merger enforcement and such
retrospectives would be critical to informing such an endeavor.
---------------------------------------------------------------------------
\1\ For my detailed views on vertical mergers, please see my
statement dissenting from In the Matter of Sycamore Partners, Staples,
and Essendant, No. 181-0180 (Jan. 28, 2019), https://www.ftc.gov/
system/files/documents/public_statements/1448321/
181_0180_staples_essendant_
slaughter_statement.pdf.
Question 2. Government lawsuits to stop mergers are litigated using
different procedures depending on which agency, the FTC or DOJ, handles
the case. Do you think Congress should take action to ensure that
agencies follow the same procedures or do you support another approach?
Answer. I do not think Congress should take action to change the
procedures used by the Federal Trade Commission to carry out its merger
enforcement mission. Congress intentionally created the Commission as
an antitrust enforcement entity distinct from the DOJ. Accordingly, the
FTC Act provides the Commission with additional tools to study markets
and enforce the laws that are critical to our mission. Specifically,
the administrative litigation process has been enormously useful in
developing certain aspects of the law regarding mergers, such as
mergers between hospitals. I do not share the concern some have
articulated that the different statutory procedures between the
agencies produce different outcomes; to the contrary, I think it is
widely recognized that, in order to block a transaction, the DOJ and
Commission both must show that a transaction would likely be
anticompetitive.
Question 3. Should Congress amend Section 5(n) of the FTC Act,
which addresses unfair practices, to clarify what constitutes
``substantial injury?'' If so, how?
Answer. The Commission has alleged and Courts have found that
``substantial injury'' can take the form of financial, physical, or
reputational injuries. In addition, the Commission has alleged and
Courts have found that ``substantial injury'' can take the form of an
unwanted intrusion into the sanctity of people's homes and their
intimate lives. As a general matter, there is no need to clarify what
constitutes ``substantial injury'' under Section 5(n) of the FTC Act.
In many areas, however, the FTC also has specific rules that allow
it to target specific law violations and seek monetary penalties
without having to demonstrate or quantify ``substantial injury.'' For
example, while abusive telephone calls are an unfair practice that
cause substantial injury in the form of an unwanted intrusion into
consumers' homes that wastes their time, the Telemarketing Sales Rule
sets out with specificity which practices are abusive and imposes a
penalty for violations. This gives clarity to business and reduces the
Commission's enforcement burden of having to prove that the calls
amounted to ``substantial injury'' in each case. I believe the
Commission would benefit from the authority to issue similar rules in
the areas of privacy and data security, both to give clarity to
business and to reduce the Commission's enforcement burden of having to
prove that each data breach causes ``substantial injury'' to consumers.
Question 4. Should the FTC issue more guidance to marketers on the
level of support needed to substantiate their claims? If so, when do
you anticipate that such guidance could be issued?
Answer. The FTC has issued extensive guidance over the years to
help marketers in determining the level of support needed to
substantiate claims. The Commission first articulated the relevant
factors used to determine the level of evidence required to
substantiate objective performance claims in Pfizer, Inc., 81 F.T.C. 23
(1972). Those factors included the type of claim, type of product, the
consequences of a false claim, the benefits of a truthful claim, the
cost of developing substantiation for the claim, and the amount of
substantiation experts in the field believe is reasonable. The
Commission and the courts have reaffirmed this standard many times
since 1972.\2\ In addition, the FTC also has provided extensive
guidance through Guides and staff guidance documents.\3\ Finally, FTC
staff provide additional guidance through speeches and presentations to
industry trade groups and industry attorneys.
---------------------------------------------------------------------------
\2\ See, e.g., Thompson Med. Co., 104 F.T.C. 648, 813 (1984),
aff'd, 791 F.2d 189 (D.C. Cir. 1986); Daniel Chapter One, 2009 WL
5160000 at *25-26 (F.T.C. 2009), aff'd, 405 Fed. App'x 505 (D.C. Cir.
2010) (unpublished opinion), available at 2011-1 Trade Cas. (CCH) �
77,443 (D.C. Cir. 2010); POM Wonderful, LLC, 155 F.T.C. 1, 55-60
(2013), aff'd, 777 F.3d 478 (D.C. Cir. 2015), cert. denied, 136 S. Ct.
1839, 194 L. Ed. 2d 839 (2016); FTC Policy Statement Regarding
Substantiation, 104 F.T.C. 839, 840 (1984) (appended to Thompson Med.
Co., 104 F.T.C. 648 (1984)).
\3\ See Guides for the Use of Environmental Marketing Claims, 16
C.F.R. Sec. 260.2 (2019), https://www.ecfr.gov/cgi-bin/text-
idx?SID=bd96b2cdcd01f7620d43e50a9d1d8cec&mc=true&node=se16.1
.260_12&rgn=div8; Dietary Supplements: An Advertising Guide for
Industry, https://www
.ftc.gov/tips-advice/business-center/guidance/dietary-supplements-
advertising-guide-industry.
Question 5. In June, the 11th Circuit vacated the Commission's data
security order against Lab-MD. What effect, if any, will this have on
the Commission's data security orders going forward?
Answer. The Eleventh Circuit determined that the mandated data
security provision of the Commission's LabMD Order was insufficiently
specific. The opinion did not have any effect on the FTC's use of
Section 5 to protect consumers from deceptive or unfair data security
practices. The Commission is engaged in an ongoing process to craft
appropriate order language in data security cases, based on the
Eleventh Circuit opinion, feedback we received from our December
hearing on data security, and our own internal discussion of how our
orders can create better deterrence of future misconduct, using our
existing tools.
One of the reasons I support comprehensive data security and
privacy legislation is that such legislation could limit the impact of
competing court opinions by directly empowering the FTC to require
reasonable data security and privacy practices.
Question 6. If Federal privacy legislation is passed, what
enforcement tools would you like to be included for Federal Trade
Commission?
Answer. I support strong comprehensive privacy legislation that
would (1) empower the FTC to seek significant monetary penalties for
privacy violations in the first instance; (2) give the FTC APA
rulemaking authority, to allow us to craft flexible rules that reflect
stakeholder input and can be periodically updated to keep up with
technological developments; and (3) repeal the common carrier and
nonprofit exemptions under the FTC Act to ensure that more of the
entities entrusted with consumer data are held to a consistent
standard. Moreover, I support an increase in resources and personnel to
enable the FTC to use these enforcement tools effectively.
Question 7. During the hearing, I asked the Chairman whether the
FTC would consider using its section 6(b) authority to study consumer
information data flows, specifically sending requests to Google,
Facebook, Amazon, and others in the tech industry to learn what
information they collect from consumers and how that information is
used, shared, and sold. I believe the FTC's section 6(b) authority
could provide some much needed transparency to consumers about the data
practices of large technology companies, and help identify areas that
may require additional attention from lawmakers. What are your views
with respect to the FTC potentially conducting a study pursuant to
section 6(b) of the Federal Trade Commission Act on the data
collection, use, filtering, sharing, and sale practices of large
technology companies such as Google, Facebook, Amazon, and others?
Answer. The Commission's 6(b) investigative authority is a critical
tool that the Commission can use to increase its understanding of
industries and markets in order to inform both our competition and
consumer protection policy and enforcement agendas. There are many
issues in the technology arena that could be the subject of a 6(b)
study, and I would support such an effort.
______
Response to Written Questions Submitted by Hon. Jerry Moran to
Hon. Rebecca Kelly Slaughter
Question 1. Section 5(a) of the FTC Act, which prohibits ``unfair
or deceptive acts or practices in or affecting commerce'' is the legal
basis for a body of consumer protection law that covers data privacy
and security practices. The FTC has brought hundreds of cases to date
to protect the privacy and security of consumer information held by
companies of all sizes under this authority. The FTC staff recently
submitted comments to the National Telecommunications and Information
Administration (NTIA) that clearly indicate the FTC staff's view that
the FTC would be the appropriate agency to enforce a new comprehensive
privacy legislative framework. Do you agree with the staff's view?
Answer. Yes. The FTC has the experience and expertise to enforce
new comprehensive privacy legislation--and the demonstrated dedication
to consumers to do so effectively. The FTC's dual missions demand that
we think critically about the impact of regulations and enforcement on
both consumers and the competitive marketplace, which will be valuable
in executing whatever framework Congress passes.
Question 2. As Congress evaluates opportunities to create
meaningful Federal legislation to appropriately ensure privacy of
consumers' data, there have been suggestions to increase the FTC's
authorities to enforce in this space. Will you commit to working with
this Committee in measuring what resources, if any, will be needed to
allow the agency to enforce any additional authorities that may or may
not be provided in Federal legislation?
Answer. Yes.
Question 3. Sharing responsibilities with the DOJ's Antitrust
Division, the FTC enforces antitrust law in a variety of sectors as
described by your testimony. While the vast majority of premerger
filings submitted to enforcement agencies do not raise competition
concerns, the FTC challenged 45 mergers since the beginning of 2017,
and of those, the FTC only voted to initiate litigation to block five
transactions. Would you please describe the resource needs of the
agency associated with hiring qualified outside experts to support its
litigation efforts? Please explain how developments in the high-
technology sector are accounted for in the FTC's decision-making
process related to antitrust enforcement.
Answer. The Commission is always looking for ways to use existing
resources more efficiently, but additional resources would be put to
good use and help us to do more to further our competition and consumer
protection missions. With respect to our merger enforcement efforts,
economic and other experts are necessary to support investigations and
bring litigation. As larger and larger mergers come before the
Commission and complexity of investigations increase, the cost of
outside experts becomes a greater resource burden. Resource constraints
can require the agency to make difficult tradeoffs between litigating a
case to achieve the optimal result and settling for a good but
imperfect resolution.
Competition in the technology industry must be closely monitored
and the Commission is well equipped to examine fast-moving high-
technology markets. However, I think that creating a Bureau of
Technology would be useful for centralizing technological expertise and
more regularly deploying technologists to assist in both competition
and consumer protection investigations. As you know, there continues to
be some overlap between competition and consumer protection issues and
the Commission should always be mindful of the fact that what we do in
the competition arena could impact our consumer protection mission and
vice versa.
Question 4. Earlier this year, I introduced legislation called the
Senior Scams Prevention Act with Senator Bob Casey to combat continued
and increasingly complex attempts to defraud one of the Nation's most
vulnerable populations, our senior community. This bill seeks to ensure
retailers, financial institutions and wire transfer companies have the
resources to train employees to help stop financial frauds and scams on
seniors. Would you agree that awareness and education, guided by ``best
practices'' established by industry and government partners, is a
valuable tool in preventing consumer harms against our Nation's
seniors?
Answer. Yes, coupled with effective law enforcement, efforts to
empower our senior consumers to recognize and avoid scams are
invaluable. The FTC works closely with multiple federal, state, and
private partners to increase awareness about frauds that target our
seniors, and we have developed our own Pass It On campaign to share
preventative information about frauds and scams with older adults.
Question 5. In its comments submitted to NTIA on ``Developing the
Administration's Approach to Consumer Privacy,'' the FTC discussed the
various cases that it has taken up to address privacy-related harms to
consumers, and it specifically noted four categories of harms:
financial injury, physical injury, reputational injury, and unwanted
intrusion. Could you please briefly describe each category while noting
any FTC enforcement considerations specific to that type of harm?
Answer. Financial injury describes harm that can be quantified,
such as lost money, time, or opportunity. When we talk about physical
injury, that covers harms arising from increased risks to an
individuals' health or safety, including their mental and emotional
health. Reputational injury involves disclosure of private facts about
an individual, which damages the individual's reputation. Finally,
unwanted intrusion into the sanctity of people's homes, communications
and intimate lives also constitute serious harms. Outside of lost
dollars, quantifying appropriate relief to address these serious harms
can present enforcement challenges that would be eased by consumer
privacy legislation that imposed money penalties for privacy
violations.
Question 6. In the FTC's recent comments in NTIA's privacy
proceeding, the FTC said that its ``guiding principles'' are based on
``balancing risk of harm with the benefits of innovation and
competition.'' Would you describe what this means, how you strike this
balance, and how it is applied in practice under your Section 5
authority in the FTC Act?
Answer. When the Commission brings an action sounding in its
unfairness authority under Section 5 of the FTC Act, we can only
challenge an act or practice that ``causes or is likely to cause
substantial injury to consumers, which is not reasonably avoidable by
consumers themselves and not outweighed by benefits to consumers or to
competition.'' The FTC does not, however, need to engage in this
specific inquiry when it proceeds under its deception authority
pursuant to Section 5 of the FTC Act. For example, when a company makes
promises to consumers about how it will collect, store or use consumer
data and breaks those promises, the FTC need not engage in any
balancing inquiry to bring an enforcement action.
Question 7. The FTC's comments pertaining to ``control'' in NTIA's
privacy proceeding stated, ``Choice also may be unnecessary when
companies collect and disclose de-identified data, which can power data
analytics and research, while minimizing privacy concerns.'' How would
the FTC suggest Federal regulation account for de-identified data, if
at all?
Answer. To the extent that Federal regulation would be more
permissive in its treatment of de-identified data, I would urge careful
consideration to ensure that data cannot be re-linked to individuals.
For example, I would point to the formulation used in the EU General
Data Protection Regulation (``GDPR''), which makes clear that
``anonymization'' of personal data refers to de-identified data for
which direct and indirect personal identifiers have been removed and
steps have been taken to ensure that the data can never be re-
identified.
Question 8. Your testimony indicated that continued technological
developments allow illegal robocallers to conceal their identities in
``spoofing'' caller IDs while exponentially increasing robocall volumes
through automated dialing systems. These evolving technological changes
mean that the critical law enforcement efforts of the FTC cannot be the
only solution, and your testimony described the additional steps the
FTC is taking to develop innovative solutions to these issues. Would
you please describe the process and outcomes of the four public
challenges that the FTC held from 2013 to 2015? Are there plans to
incentivize innovators to combat robocalls in the future?
Answer. The FTC's process for its robocall challenges included
public announcements, committees with independent judges, and, in some
cases, cash prizes awarded under the America COMPETES Reauthorization
Act.\4\ To maximize publicity, the FTC announced each of its four
challenges in connection with public events. The FTC announced the
first robocall challenge at the FTC's 2012 Robocall Summit. In 2014,
the FTC conducted its second challenge, ``Zapping Rachel'' at DEF CON
22. The FTC conducted its third challenge, ``DetectaRobo,'' in June
2015 in conjunction with the National Day of Civic Hacking. The final
phase of the FTC's fourth public robocall challenge took place at DEF
CON 23. When the FTC held its first public challenge, there were few,
if any, call blocking or call labeling solutions available for
consumers. Today, two FTC challenge winners, NomoRobo and Robokilller,
offer call blocking applications, and there are hundreds of mobile apps
offering call blocking and call labeling solutions for cell phones.
Many home telephone service providers also now offer call blocking and
call labeling solutions. The FTC will not hesitate to initiate
additional innovation contests if it identifies further challenges that
could meaningfully benefit consumers by reducing the harm caused by
illegal robocalls.
---------------------------------------------------------------------------
\4\ See FTC, ``Details About the FTC's Robocall Initiatives,''
https://www.consumer.ftc.gov/features/feature-0025-robocalls.
---------------------------------------------------------------------------
In addition to developing call blocking and call labeling
technology, the telecom industry has also developed call verification
technology, called STIR/SHAKEN, to help consumers know whether a call
is using a spoofed Caller ID number and assist call analytics companies
in implementing call blocking and call labeling products. If widely
implemented and made available to consumers, the STIR/SHAKEN protocol
should minimize unwanted calls. Certain industry members have begun to
roll out this technology and it is in beta testing mode. We will keep a
close eye on this industry initiative and continue to encourage its
implementation.
Question 9. Would you please describe the FTC's coordination
efforts with state, federal, and international partners to combat
illegal robocalls?
Answer. The FTC frequently coordinates its efforts with its state,
federal, and international partners. The FTC often brings robocall
enforcement actions with states as co-plaintiffs. For example, in the
FTC's case against Dish Network, litigated for the FTC by the
Department of Justice, the FTC brought the case jointly with
California, Illinois, North Carolina, and Ohio. Collectively, the
states and the FTC obtained a historic $280 million trial verdict.\5\
---------------------------------------------------------------------------
\5\ Press Release, FTC and DOJ Case Results in Historic Decision
Awarding $280 Million in Civil Penalties Against Dish Network and
Strong Injunctive Relief for Do Not Call Violations (June 6, 2017),
https://www.ftc.gov/news-events/press-releases/2017/06/ftc-doj-case-
results-historic-decision-awarding-280-million-civil. The case is on
appeal before the Seventh Circuit Court of Appeals.
---------------------------------------------------------------------------
The FTC also coordinates outreach and education with the FCC. In
2018, the agencies co-hosted two robocall events--a policy forum that
discussed technological and law enforcement solutions to the robocall
problem \6\ and a public expo that allowed companies offering call
blocking and call labeling services to showcase their products for the
public.\7\ Additionally, the FTC and FCC hold quarterly calls, speak
regularly on an informal basis, and coordinate on a monthly basis with
our state partners through the National Association of Attorneys
General. The FTC also engages with international partners through
participation in international law enforcement groups such as the
International Consumer Protection Enforcement Network, International
Mass Marketing Fraud Working Group, and the Unsolicited Communications
Network (formerly known as the London Action Plan).
---------------------------------------------------------------------------
\6\ Press Release, FTC and FCC to Host Joint Policy Forum and
Consumer Expo to Fight the Scourge of Illegal Robocalls (Mar. 22,
2018), https://www.ftc.gov/news-events/press-releases/2018/03/ftc-fcc-
host-joint-policy-forum-illegal-robocalls.
\7\ Press Release, FTC and FCC to Co-Host Expo on April 23
Featuring Technologies to Block Illegal Robocalls (Apr. 19, 2018),
https://www.ftc.gov/news-events/press-releases/2018/04/ftc-fcc-co-host-
expo-april-23-featuring-technologies-block-0.
Question 10. Your testimony described the limitations of the FTC's
current data security enforcement authority provided by Section 5 of
the FTC Act including: lacking civil penalty authority, lacking
authority over non-profits and common carrier activity, and missing
broad APA rulemaking authority. Please describe each of these
limitations and how adjusted FTC authority to address these items would
improve the protection of consumers from data security risks.
Answer. Under current law, the FTC generally cannot obtain civil
penalties--in other words, money--for first-time security or privacy
violations. This means that, in order to be financial liable for data
security or privacy violations, a company often must violate the law,
be pursued by the Commission and put under order, and then violate the
law again. I believe this under-deters problematic data security and
privacy practices. If Congress were to give us the authority to seek
civil penalties for first-time violators, better deterrence would be
achieved. As to APA rulemaking authority, the Commission would benefit
from such authority in the areas of data security and privacy.
Rulemaking authority will ensure that the FTC can enact rules, with
notice and comment and consistent with Congressional direction, and
amend them as necessary to keep up with technological developments. For
example, in 2013, the FTC was able to use its APA rulemaking authority
to amend its Rule under the Children's Online Privacy Protection Act to
address new business models, including social media and collection of
geolocation information, that were not in place when the initial 2000
Rule was promulgated. As to nonprofits and common carriers, news
reports are filled with breaches affecting these sectors (e.g., the
education sector), and the FTC does not currently have jurisdiction
over them. Giving the FTC jurisdiction over these entities for purposes
of enforcing data security and privacy laws will create a level playing
field and ensure that these entities are subject to the same rules as
other entities that collect similar types of data.
______
Response to Written Questions Submitted by Hon. Richard Blumenthal to
Hon. Rebecca Kelly Slaughter
Privacy Rules
We know that Americans care about privacy--that they eagerly want
these rights. We need baseline rules. Companies should not store
sensitive information indefinitely and use that data for purposes that
people never intended. Federal rules must set meaningful obligations on
those that handle our data. We must enable consumers to trust and
control their personal data.
Question 8. Do you support providing state AGs with the power to
enforce Federal privacy protections and would you commit to working
with state AGs?
Answer. Yes. The state AGs are critical partners in our enforcement
efforts and would help ensure compliance with Federal privacy rules--we
cannot have too many cops on the beat.
Question 9. Why is it important that the FTC have rulemaking
authority when it comes to privacy? Where best would rulemaking be
applied?
Answer. APA rulemaking authority in the area of privacy provides
two big benefits: (1) notice and comment proceedings and (2)
flexibility to accommodate changing technology and practices. Notice
and comment rulemaking requires the FTC to solicit comment from
stakeholders on proposed rules or changes to a rule, which allows
industry, advocates, experts and consumers to weigh in. And the ability
to amend the rule in the future, again with notice and comment, would
enable the FTC to keep up with technological developments and any
unanticipated consequences.
Question 10. Do you believe elevating the Office of Technology
Research and Investigation to the Bureau level would meaningfully help
the FTC in addressing new technological developments across its
mandates?
Answer. Yes. Our cases are more sophisticated than ever and
creating, and more critically funding, a body of experts who can assist
on our most complex competition and consumer protection cases would be
invaluable. Today we have an economist assigned to every single case;
but almost all of our cases have a technological element and could
benefit from a technologist as well. We also need more research in the
areas of privacy and data security. Right now the FTC's Bureau of
Economics engages in substantial research and scholarship, producing
reports and papers on topics relevant to the Commission's consumer
protection and competition missions. I envision a Bureau of Technology
serving a very similar role. There are many emerging issues and policy
questions in the technology space that impact consumers and
competition: IoT security, AI, data portability, VR. Expert research
and scholarship on these issues would provide a significant benefit to
the Commission and public.
Board Accountability
Question 12. What is the FTC doing to investigate and hold
accountable individual board members and executives who knowingly
assist their companies in committing fraud? What more should the FTC be
doing in this regard?
Answer. I support increased focus on individual accountability for
company leaders who knowingly assist their companies in violating the
law and failing to comply with FTC orders. In February, the FTC
announced a record-setting COPPA fine against a company, Musical.ly,
now known as TikTok, that engaged in unlawful practices that put
children at risk. In connection with this case, I issued a statement
with my colleague Commissioner Chopra, calling publicly for the FTC to
look more closely at individuals in such matters going forward.\1\ When
any company appears to have made a business decision to violate or
disregard the law, the Commission should identify and investigate those
individuals who made or ratified that decision and evaluate whether and
how to hold them accountable.
---------------------------------------------------------------------------
\1\ Joint Statement of Commissioner Rohit Chopra and Commissioner
Rebecca Kelly Slaughter, In the Matter of Musical.ly Inc. (now known as
TikTok), No. 1723004 (Feb. 27, 2019), https://www.ftc.gov/system/files/
documents/public_statements/1463167/chopra_and_slaughter_musi
cally_tiktok_joint_statement_2-27-19.pdf.
---------------------------------------------------------------------------
FTC Investigation of Algorithms
Section 6(b) of the FTC Act gives the agency broad investigatory
and information-gathering powers. For example, in the 1970s the FTC
used its Section 6(b) authority to require companies to submit product-
line specific information, enabling the agency to assess the state of
competition across markets.
The FTC has released reports on big data and the harms biased
algorithms can cause to disadvantaged communities. These reports drew
attention to the potential loss of economic opportunity and diminished
participation in our society. Yet, information on how these algorithms
work, and on the inputs that go into them, remains opaque.
Question 19. Where the FTC consider using its Section 6(b)
investigative power to help us understand how these algorithms and
black-box A.I. systems work--the biases that shape them, and how those
can affect trade, opportunity, and the market?
Answer. The Commission's 6(b) investigative authority is a critical
tool that the Commission can use to increase its understanding of
industries and markets in order to inform both our competition and
consumer protection policy and enforcement agendas. There are many
issues in the technology arena that could be the subject of a 6(b)
study, and I would support such an effort.
FTC Consent Decree on Unrepaired Recalls
Most consumers probably do not know that, while new car dealers are
prohibited from selling vehicles with open recalls, used car dealers
are not. A recent FTC consent decree, which I strenuously disagreed
with and is currently being scrutinized in the courts, allows the sale
of used cars with unrepaired recalls. According to the consent decree,
car dealers can advertise that cars with unrepaired safety recalls like
a defective Takata airbag are ``safe'' or have passed a ``rigorous
inspection''--as long as they have a disclosure that the vehicle may be
subject to an unrepaired recall and directs consumers on how they can
determine the vehicle has an open recall.
Question 20. In your opinion, is a car with an open, unrepaired
recall, a ``safe'' car? Why would the FTC allow unsafe cars to be
advertised as ``safe'' and ``repaired for safety,'' with or without a
vague, contradictory and confusing disclaimer?
Answer. In my opinion, cars that have an open recall need to be
fixed.
Question on Non-Compete Clauses
I am concerned about the growth of non-compete clauses, which block
employees from switching jobs to another employer in the same sector
for a certain period of time. These clauses weaken workers' bargaining
power once they are in the job, because workers often cannot credibly
threaten to leave if their employer forces refuses to give them a raise
or imposes poor working conditions. According to the Economic Policy
Institute, roughly 30 million workers--including one in six workers
without a college degree--are now covered by non-compete clauses.
The consensus in favor of addressing non-compete clauses is
growing. For example, just this past December, an interagency report
indicated that non-compete clauses can be harmful in certain contexts,
such as the healthcare industry. Yet, the FTC has not yet undertaken
forceful action. In September, Commissioner Chopra suggested that the
FTC use its rulemaking authority to ``remove any ambiguity as to when
non-compete agreements are permissible or not.''
Question 23. Do you agree with the proposal that the FTC use its
rulemaking authority to address non-compete clauses? I invite you to
explain your reasoning regarding your stance.
Answer. Non-compete clauses are anticompetitive and unfair for the
vast majority of workers in our country, and unequivocally for those
who have little or no bargaining power when negotiating employment
contracts. A Commission rule to address non-compete clauses should be
considered among the potential mechanisms for stopping their use so
that workers reap the benefits of a fair and competitive marketplace
for their labor.
Question on Local Merger Enforcement
Even though big national mergers typically garner the most media
attention, smaller mergers can often raise monopoly concerns on the
local level. This can be true in the healthcare industry, for example.
In November, Commissioner Simons told me: ``Some local mergers may be
too small to require Hart-Scott-Rodino premerger notification, but may
still have anticompetitive effects.''
Question 24. Would you agree with me that Hart-Scott-Rodino
premerger notifications help antitrust enforcers catch concerning
mergers?
Answer. Yes.
Question 25. What sort of anticompetitive effects might be raised
by local mergers even when those mergers are too small to require Hart-
Scott-Rodino premerger notification?
Answer. Similar to mergers and acquisitions involving large firms,
mergers and acquisitions involving small firms in local markets can
result in competitive harm that violates Section 7 of the Clayton Act.
For example, a merger might eliminate horizontal competition, resulting
in higher prices, reduced quality, and/or less innovation. A merger
might also enable and incentivize anticompetitive conduct resulting
from vertical integration, including foreclosing or raising the cost to
rivals of a key input or foreclosing competitors' access to customers.
Finally, it is not difficult to imagine a large company engaging in
acquisitions--or potentially serial acquisitions--of nascent
competitors. These transactions may occur in local markets and be too
small to trigger HSR notification, but nonetheless merit scrutiny by
the Commission.
Question 26. What action would you recommend either the FTC or
Congress take in order to assist Federal and state antitrust enforcers
in catching local mergers that raise anticompetitive concerns?
Answer. The Commission should continue its practice of routinely
monitoring the market for potentially problematic mergers that do not
meet the HSR reporting requirements. It should also maintain its close
working relationship with state Attorneys General to help identify non-
reportable mergers that may be of mutual interest.
Question on Horizontal Shareholding
Recent research has raised questions about whether horizontal
shareholding harms competition in our economy. I would like to
understand your view on this ongoing research.
Question 27. Do you believe that horizontal shareholding raises
anticompetitive concerns?
Answer. I believe that the competitive impact of horizontal
shareholding merits close attention. If investors hold significant
minority stakes of competing firms and the investors orchestrate
collusion between the firms or exercise influence over the firms the
effect of which would be to substantially lessen competition, I believe
such actions would raise significant competitive concerns.
Question 28. Do you believe that our antitrust laws can be used to
address the anticompetitive concerns raised by horizontal shareholding?
Answer. The Clayton Act applies to partial acquisitions of
competing firms that do not confer control, but are likely to
substantially lessen competition. Traditionally, enforcement has
focused on cross-ownership acquisitions--or acquisitions between
competitors--but there is a developing literature about the application
of the Clayton Act to common ownership acquisitions and the evidence
that would demonstrate that such acquisitions are likely to
substantially lessen competition. This is a productive area of research
and debate, and I believe it raises significant questions for antitrust
enforcement and competition policy.
Question 29. What, if anything, are you doing to address any
potential harms of horizontal shareholding?
Answer. Going forward, the Commission should be on the lookout for
common ownership acquisitions that could potentially raise competitive
concerns and investigate to determine whether there is sufficient
evidence to merit enforcement action.
______
Response to Written Questions Submitted by Hon. Catherine Cortez Masto
to Hon. Rebecca Kelly Slaughter
Pet Leasing
I appreciate the Commission's attention to my request with six of
my colleagues for the FTC to investigate the practice of pet leasing
that is leading some consumers into confusing or deceptive contractual
obligations that cause them to have an issue with their beloved pet and
negatively impact their financial status, such as credit scores, for
far into the future. This is an issue that is a little under the radar
but needs strong oversight and attention under your deceptive practices
mandate if there are concerning financial practices being discovered.
Question. Can I get a further commitment from you all to keep my
office informed of actions and determinations you all may make
pertaining to this concerning issue and the Humane Society and Animal
Legal Defense Fund's formal petition to the Commission?
Answer. Yes. Business models predicated on long-term exorbitant
leasing terms (such as the rent-to-own industry) have appropriately
garnered scrutiny and criticism from consumer advocates. The extension
of these types of practices to something as personal and emotional as
the relationship between people and their pets is deeply distressing,
and I appreciate your efforts to raise awareness of the issue. The FTC
is committed to protecting consumers from unfair or deceptive acts or
practices, including in this troubling area. FTC staff has met with the
Humane Society and Animal Legal Defense Fund to discuss their concerns
and will continue to keep your office informed of the steps we are
taking in this area.
Bureau of Technology
Former Commissioner Terrell McSweeny has suggested creating a
Bureau of Technology at the FTC.
Question 1. Does the Commission have sufficient resources and
staffing to protect consumer privacy in the digital age?
Answer. No. The Commission has used the resources and staffing it
currently has to bring over 60 data security and privacy cases and to
engage in extensive consumer and business education and outreach
regarding privacy and security. And we will continue to use our
existing resources to do all that we can--but it is not enough. Not a
week goes by in which a data breach or problematic privacy practice
does not grab headlines. As consumer data are collected, stored, and
shared by more and more sectors of the economy, the FTC needs more
resources and more staff to help ensure that data is secure.
Question 2. Do support the establishment of a Bureau of Technology?
Answer. Yes. Our cases are more sophisticated than ever and
creating, and more critically funding, a body of experts who can assist
on our most complex competition and consumer protection cases would be
invaluable. Today we have an economist assigned to every single case;
but almost all of our cases have a technological element and could
benefit from a technologist as well. We also need more research in the
areas of privacy and data security. Right now the FTC's Bureau of
Economics engages in substantial research and scholarship, producing
reports and papers on topics relevant to the Commission's consumer
protection and competition missions. I envision a Bureau of Technology
serving a very similar role. There are many emerging issues and policy
questions in the technology space that affect consumers and
competition: IoT security, AI, data portability, VR. Expert research
and scholarship on these issues would provide a significant benefit to
the Commission and public.
Robocalls
Obviously protecting consumers from fraud is a fundamental tenet of
the FTC. And I applaud your work in both the education and enforcement
sectors of protecting consumers. But one area we all are still
struggling to stay ahead of the curve on is robocalls. That's why I
have legislation, the Deter Obnoxious, Nefarious, and Outrageous
Telephone Calls, or DO NOT Call Act with four of my Senate colleagues.
It would increase the deterrent against illegal robocalls by imposing a
potential criminal penalty rather than just civil fines. While these
tools would be more for the Federal Communications Commission, we are
obviously interested in fighting this problem on all fronts.
Question 1. Would you agree that in addition to finding more
effective technological tools to fight this problem, that this kind of
enhanced deterrent needs to receive serious consideration in Congress
to help provide regulators the tools to hold bad actors accountable for
this persistent nuisance and scurrilous action by scammers?
Answer. Yes, I support increasing the deterrent against illegal
robocalls, including through criminal penalties. In addition,
technological tools should be developed and applied to identify those
who are using sophisticated technology to evade detection, and we must
continue to work with our international partners to ensure that the
threat of penalties meaningfully reaches scammers who may escape the
jurisdiction of U.S. law enforcement.
Question 2. Are there additional actions Congress should be
considering related to this specific challenge?
Answer. I recommend Congress consider requiring or strongly
incentivizing voice service providers to offer call-blocking services
to all customers and to implement the STIR/SHAKEN protocol. In
addition, repealing the common-carrier exemption from the FTC act would
enable us to bring enforcement actions against carriers that routinely
and knowingly pass illegal traffic across their networks. Carriers
should have both the authority and the responsibility to keep nuisance
spam calls off their networks.
Data Minimization vs Big Data
A topic that has come up a lot during our discussions on privacy is
data minimization. This is a concept that I have been considering on as
I work on developing a comprehensive data privacy bill. As you're
aware, this is the idea that businesses should only collect, process,
and store the minimum amount of data that is necessary to carry out the
purposes for which is was collected. There are obvious advantages to
this as it minimizes the risk of data breaches and other privacy harms.
At the same time, big data analytics are going to be crucial for the
future and play an important role in smart cities, artificial
intelligence, and other important technologies that fuel economic
growth. I think it is important to find a balance between minimization
and ensuring that data, especially de-identified data, is available for
these applications.
Question. Can you describe how you view this balance and how we in
Congress can ensure that people's data is not abused but can still be
put to use in positive ways?
Answer. I agree that there is significant tension in how we balance
the known benefits of data minimization with the benefits that might be
derived from big data analytics. As a starting point, I believe that
careful consideration of several topics would help inform this
balancing: (1) the benefits and potential harms that arise from big
data; (2) how best to ensure that de-identified data is not later re-
linked to individuals; and (3) whether and how to preserve consumer
choice regarding how de-identified data is used beyond the expected
purposes for which it is collected.
General Privacy Recommendations
Question 1. While privacy was a significant topic of the oversight
hearing, as we look to develop a bill, can you specifically lay out
some of the top priorities you individually would like to see included
and what do you think gets overlooked in the conversations policymakers
have with allowing for future innovations and yet raising the bar for
protecting consumers?
Answer. From an enforcement perspective, my priorities include (1)
empowering the FTC to seek significant monetary penalties for privacy
violations in the first instance; (2) giving the FTC APA rulemaking
authority, to allow us to craft flexible rules that reflect stakeholder
input and can be periodically updated to keep up with future
innovations; and (3) repealing the common carrier and nonprofit
exemptions under the FTC Act to ensure that more of the entities
entrusted with consumer data are held to consistent standards. From a
policy perspective, I care deeply about making sure consumers have
meaningful information about how and when their data is being
collected, used and shared; lengthy and unintelligible click-through
contracts do not provide this information today. Furthermore, I am
concerned that consumers do not have meaningful choice when it comes to
accepting the terms presented today for data use and sharing, because
refusal to consent often leaves consumers unable to access services
necessary for participation in contemporary democratic society. I think
policymakers should endeavor to provide consumers with as much choice
as practicable regarding their data; to that end, I encourage Congress
to also think seriously about the implications of privacy rules on
competition so that if a customer prefers a more privacy-protective
product, she has the information and options available to meet that
preference.
Question 2. Can you also outline the optimal role you see for our
state Attorneys General in this privacy enforcement process?
Answer. I believe state Attorneys General should be given full
enforcement authority under any Federal privacy legislation. The state
AGs are critical partners in our enforcement efforts and would help
ensure compliance with Federal privacy rules--we cannot have too many
cops on the beat.
Data Privacy--Binding Contracts?
We live with this time information inundation where people can't
really read privacy policies and fairly agree to their content. But, we
all know that basically no one reads privacy policies--and indeed, no
reasonable person should read privacy policies, because according to
research done at Carnegie Mellon, it would take 76 work days to read
all of the privacy policies on encounters in a year. Companies take
advantage of the fact that no one reads privacy policies to bury terms
in those policies that no rational consumer would agree to (such as
Grindr selling its users HIV status to third parties).
Question. Should these terms of service be binding contracts?
Answer. Without comprehensive privacy legislation, the FTC relies
heavily on our Section 5 authority to police data security and privacy
practices, including our deception authority. For example, when a
company makes representations to its users through its privacy policies
but does not fulfill those promises, the FTC can bring and has brought
enforcement actions against the company. In addition, if a company
buries a material term of service in its terms and conditions,
particularly if it is unexpected or contrary to the impression created
more prominently elsewhere, it is unlikely that such a disclosure is
adequate.
As a general matter, we should be concerned about terms of service
written so opaquely and unintelligibly that no reasonable customer can
read or understand them. Furthermore, I am concerned that consumers do
not have meaningful choice when it comes to accepting the terms
presented today for data use and sharing, because refusal to consent
often leaves consumers unable to access services necessary for
participation in contemporary democratic society.
Privacy Risky Communities/Groups
Question 1. Do you think that certain communities or groups are any
more or less vulnerable to privacy risks and harms?
Answer. I am concerned that marginalized communities and groups are
especially vulnerable to elevated privacy risks and harms. Groups that
historically have been subject to profiling or targeting are
understandably wary of invasions of privacy. For example, we have heard
from LGBTQ civil rights organizations about the unique risks their
community faces from privacy violations. I would encourage the FTC to
take an intersectional approach and work with you as well as directly
affected communities to identify any existing data on these unique
vulnerabilities and to explore research opportunities to gather and
analyze additional data.
Question 2. Should privacy law and regulations account for such
unique or disparate harms, and if so, how?
Answer. Privacy law and regulations should protect all consumers,
but I believe there may be instances where additional protections are
needed for certain types of data or certain groups of consumers--for
example, our youngest consumers.
Immediate Civil Penalties Authority
Noting from your FTC testimony, ``Section 5 (of the FTC Act),
however, is not without limitations. For example, Section 5 does not
provide for civil penalties, reducing the Commission's deterrent
capability.''
Question. While I appreciate the long term successes of the FTC in
many respects to investigate data security matters, what are your
thoughts to whether there is enough of a deterrent effect with Section
5 authority when you can't immediately enforce against those who misuse
data with civil penalties right from the start, rather than as the
result of often times flagrant offenses to their already establish
consent decrees?
Answer. One need only open a newspaper (or scroll through a news
feed) on any given day to see reports of new privacy and data-security
incidents. If our current regime provided an effective deterrent, we
would see fewer and fewer of these reports rather than more and more.
So I do not believe that our Section 5 authority provides enough of a
deterrent, which is one reason that I support comprehensive privacy
legislation that would give the FTC the authority to impose money
penalties for first-time violations.
______
Response to Written Questions Submitted by Hon. Amy Klobuchar to
Hon. Rebecca Kelly Slaughter
The FTC is charged with enforcing the Children's Online Privacy
Protection Act (COPPA) and has done so for the last two decades.
Protecting the privacy of children has never been more important than
it is now, but the online privacy of all Americas is also increasingly
at risk.
Question 1. Both [you and Commissioner Noah Phillips] have recently
commented that we should learn from the FTC's experience in enforcing
COPPA when we consider our approach to protecting consumer privacy more
broadly. What lessons should we take away from the Commission's
experience enforcing COPPA when considering ways to protect online
privacy and data security for all Americans?
Answer. One key takeaway from the Commission's experience enforcing
COPPA is the flexibility afforded by APA Rulemaking. For example, in
2013, the FTC was able to use its APA rulemaking authority to amend the
COPPA Rule to address new business models, including social media and
collection of geolocation information, that were not in place when the
initial 2000 Rule was promulgated.
The Federal Trade Commission's budget has remained flat for the
past several years despite increasing demands on your agency's
resources, including a significant rise in merger filings.
Question 2. If additional resources were made available to the
Federal Trade Commission, how would you deploy those resources to
advance the agency's consumer protection and competition missions?
Answer. The Commission is always looking for ways to use existing
resources more efficiently, but additional resources would be put to
good use and help us to do more to further our competition and consumer
protection missions.
With respect to our competition mission, additional resources could
be dedicated to economic experts to support investigations and
litigations, freeing up funding for more investigations and enforcement
generally. Similarly, increasing the number of retrospective analyses
of our merger enforcement decisions could be resource-intensive, but
they help us learn from our enforcement decisions and inform future
enforcement or merger investigations. Moreover, additional resources
could be devoted to conducting studies of specific industries,
including technology-related industries, in order to enhance and
sharpen the Commission's understanding of competitive dynamics in
emerging and developing markets.
With respect to our consumer protection mission, additional
resources to support the increasing numbers of investigations and
enforcement actions are essential. In particular, the Commission needs
more technologists, experts, investigators, and attorneys to keep pace
with the challenges facing consumers in an increasingly complex and
digital marketplace.
______
Response to Written Questions Submitted by Hon. Tom Udall to
Hon. Rebecca Kelly Slaughter
Privacy
Question 1. Do you support strong civil penalties for consumer
privacy violations?
Answer. Yes.
Question 2. The California Consumer Protection Act goes into effect
in January 2020. As Congress considers pre-emption of that state law,
what additional authority should we give the FTC to ensure that
consumer privacy adequately is protected?
Answer. I support strong comprehensive privacy legislation that
would (1) empower the FTC to seek significant money penalties for
privacy violations in the first instance; (2) give the FTC APA
rulemaking authority, to allow us to craft flexible rules that reflect
stakeholder input and can be periodically updated to keep up with
technological developments; and (3) repeal the common carrier and
nonprofit exemptions under the FTC Act to ensure that more of the
entities entrusted with consumer data are held to consistent standards.
Moreover, I support an increase in resources and personnel to enable
the FTC to use these enforcement tools effectively.
Question 3. A recent New York Times analysis found that both the
Apple App Store and the Google Play Store have apps in their respective
children's or family sections that potentially violate COPPA. What
specific role should platform owners play to ensure COPPA compliance on
their platforms?
Answer. In 2012, the Commission revised the COPPA Rule to cover not
only websites, app developers, and other online services but also third
parties collecting personal information from users of those sites or
services. At that time, the Commission made clear that it did not
intend to make platforms responsible merely for offering consumers
access to someone else's child-directed content. Rather, they would be
liable under COPPA only if they had actual knowledge that they were
collecting personal information from a child-directed app. At the same
time, platforms are in a unique position to set and enforce rules for
apps that seek placement in the platform's store and to drive good
practices.
Question 4. Compliance for mobile apps may be hard to achieve
against fly-by-night operators overseas who do not care if their apps
violate U.S. law. How can the Vtech Electronics investigation and civil
penalty serve as an example for how the FTC can hold foreign app
developers responsible for violating COPPA?
Answer. In addition to the VTech case you mention, the Commission
has taken action in a number of privacy- or security-related cases
against companies that have a foreign presence, including Musical.ly,
TrendNet, inMobi, ASUS, and HTC.\2\ In each of these cases, the FTC
obtained successful relief for consumers in the United States,
including a substantial civil penalty in the Musical.ly, VTech, and
inMobi settlements. The Commission has also used other means to address
illegal conduct affecting U.S. consumers. For example, a few years ago
Commission staff sent a warning letter to a Chinese company, Baby Bus,
about COPPA violations relating to the collection of children's
personal information through its apps. The Commission copied the app
platforms on this communication. The company quickly responded and
addressed the concerns.
---------------------------------------------------------------------------
\2\ United States v. Musical.ly, No. 2:19-cv-01439 (C.D. Cal. filed
Feb. 27, 2019), https://www.ftc.gov/enforcement/cases-proceedings/172-
3004/musically-inc; In re: TRENDnet, Inc., No. C-4426 (Jan. 16, 2014),
https://www.ftc.gov/enforcement/cases-proceedings/122-3090/trendnet-
inc-matter; United States v. InMobi Pte Ltd., No. 3:16-cv-3474 (N.D.
Cal. filed June 22, 2016), https://www.ftc.gov/enforcement/cases-
proceedings/152-3203/inmobi-pte-ltd; In re ASUSTeK Computer Inc., No.
C-4587 (July 18, 2016), https://www.ftc.gov/enforcement/cases-
proceedings/142-3156/asustek-computer-inc-matter; In re HTC America
Inc., No. C-4406 (July 25, 2013), https://www.ftc.gov/enforcement/
cases-proceedings/122-3049/htc-america-inc-matter.
Question 5. The COPPA safe harbor organizations must submit an
annual report to the Federal Trade Commission, Can you share the
reports from the last 5 years?
Answer. The FTC-approved safe harbor organizations do submit annual
reports to the FTC each year. However, these organizations claim
confidentiality with respect to the information in their annual
reports. I generally support increased transparency of these reports,
and I would be glad to work with your office to identify appropriate
ways to make this information available.
______
Response to Written Questions Submitted by Hon. John Thune to
Hon. Christine S. Wilson
Question 1. Vertical mergers such as the merger between AT&T and
Time Warner have garnered some attention lately. The FTC and the DOJ
have not updated vertical merger guidance since 1984. Do you believe
that the FTC and DOJ should issue new guidance on vertical mergers?
Answer. I believe that the 1984 Department of Justice Non-
Horizontal Merger Guidelines \1\ are out of date. As we heard during
our hearing on the topic in November 2018, our understanding of the
economics of vertical integration has changed over the past thirty-five
years.\2\ The law governing vertical relationships, and particularly
vertical conduct such as resale price maintenance, has also changed
since then.\3\
---------------------------------------------------------------------------
\1\ U.S. Dep't of Justice Non-Horizontal Merger Guidelines (1984),
https://www.justice.gov/sites/default/files/atr/legacy/2006/05/18/
2614.pdf.
\2\ FTC, Hearings on Competition and Consumer Protection in the
21st Century, https://www.ftc.gov/policy/hearings-competition-consumer-
protection; see also FTC Workshop, FTC Hearing #5: Competition and
Consumer Protection in the 21st Century (Nov. 1, 2018), https://
www.ftc.gov/news-events/events-calendar/ftc-hearing-5-competition-
consumer-protection-21st-century.
\3\ See, e.g., Leegin Creative Leather Prods., Inc. v. PSKS, Inc.,
551 U.S. 887 (2007) (minimum resale price maintenance must be analyzed
under the rule of reason rather than the per se rule); State Oil Co. v.
Khan, 552 U.S. 3 (1997) (same holding, but as applied to maximum resale
price maintenance).
---------------------------------------------------------------------------
The agencies traditionally issue guidelines to promote transparent
and predictable agency enforcement. This goal can be achieved in
several different ways. For example, the agencies may use guidelines to
summarize the current state of the law. Alternatively, when the law is
not particularly clear, the agencies may use guidelines to clarify how
they intend to approach topics on which there is no clear binding
precedent. The agencies may also use guidelines either (a) to disclose
and formalize an approach the agencies already use or (b) to advance
new analytic techniques. For a variety of reasons, it is not clear to
me that new vertical merger guidelines could meaningfully increase the
transparency and predictability of our vertical merger decisions.
However, there is a range of alternatives between the two extremes
of issuing guidelines and saying nothing. For example, the agencies
already provide substantial insight on vertical merger analysis through
speeches,\4\ public statements,\5\ and rigorous case selection.\6\ I
believe this approach is well worth considering as an alternative to
issuing new formal guidelines.
---------------------------------------------------------------------------
\4\ See, e.g., Christine S. Wilson, Vertical Merger Policy: What Do
We Know and Where Do We Go?, Keynote Address at GCR Live 8th Annual
Antitrust Law Leaders Forum (Feb. 1, 2019), https://www.ftc.gov/system/
files/documents/public_statements/1455670/wilson_-_vertical_mer
ger_speech_at_gcr_2-1-19.pdf; Bruce Hoffman, Vertical Merger
Enforcement at the FTC, Remarks at Credit Suisse 2018 Washington
Perspectives Conference (Jan. 10, 2018), https://www
.ftc.gov/public-statements/2018/01/vertical-merger-enforcement-ftc
(explaining the FTC's current analysis of proposed vertical mergers and
highlighting the extent to which that analysis has moved beyond the
1984 Non-Horizontal Merger Guidelines).
\5\ See, e.g., In re Fresenius Med. Care AG & Co., FTC File No.
171-0227 (Feb. 19, 2019), https://www.ftc.gov/enforcement/cases-
proceedings/171-0227/fresenius-medical-care-nxstage-medical-matter
(Statements of (i) Chairman Simons, Commissioner Phillips, and
Commissioner Wilson; (ii) Commissioner Chopra; and (iii) Commissioner
Slaughter); In re Sycamore Partners II, L.P., FTC File No. 181-0180
(Jan. 28, 2019), https://www.ftc.gov/enforcement/cases-proceedings/181-
0180/sycamore-partners-ii-lp-staples-inc-essendant-inc-matter
(Statements of (i) Chairman Simons, Commissioner Phillips, and
Commissioner Wilson; (ii) Commissioner Wilson; (iii) Commissioner
Chopra; and (iv) Commissioner Slaughter).
\6\ For example, the Commission recently challenged a vertical
merger between Northrop Grumman, a leading provider of missile systems
to the Department of Defense, and Orbital ATK, a key supplier of solid
rocket motors. In re Northrop Grumman, Dkt. C-4652 (June 5, 2018),
https://www.ftc.gov/enforcement/cases-proceedings/181-0005-c-4652/
northrop-grumman-orbital-atk. The Commission also accepted consent
agreements to settle allegations that two other vertical mergers would,
absent the remedies imposed, diminish competition. See Fresenius Med.
Care AG & Co., FTC File No. 171-0227 (Feb. 19, 2019), https://
www.ftc.gov/system/files/documents/public_statements/1455719/
171_0227_fresenius_nxstage_majority_statement_2-19-19.pdf (Statement of
Chairman Simons, Commissioner Phillips, and Commissioner Wilson
Concerning the Proposed Acquisition of NxStage Medical, Inc. by
Fresenius Medical Care AG & Co. KGaA) (explaining consent agreement
addresses horizontal concern regarding harm to competition in market
for bloodline tubing sets for hemodialysis treatment but finding no
evidence of competitive harm from vertical concerns); In re Sycamore
Partners II, L.P., Staples, Inc., and Essendant Inc., Dkt. C-4667 (Jan.
25, 2018), https://www.ftc.gov/enforcement/cases-proceedings/181-0180/
sycamore-partners-ii-lp-staples-inc-essendant-inc-matter (Statement of
Chairman Simons, Commissioner Phillips, and Commissioner Wilson)
(consent agreement resolving charges that a merger between Staples, the
world's largest retailer of office products and related services, and
Essendant, a wholesale distributor of office products, was likely to
harm competition in the market for office supply products sold to
small- and mid-sized businesses).
Question 2. Government lawsuits to stop mergers are litigated using
different procedures depending on which agency, the FTC or DOJ, handles
the case. Do you think Congress should take action to ensure that
agencies follow the same procedures, or do you support another
approach?
Answer. It is not clear to me why the use of different procedures,
by itself, is problematic. Nor, apparently, was it clear to the
legislators that enacted these different statutes. Absent strong
evidence that these differences in procedure meaningfully affect the
ultimate result, I see little reason to alter the machinery of
antitrust enforcement.
One procedural difference between the two antitrust agencies is the
Commission's unique authority to initiate administrative litigation,
which we call ``Part 3'' litigation after the relevant portion of our
Rules of Practice. In theory it could be problematic for the agency to
file a merger case in Part 3 litigation after seeking a preliminary
injunction in Federal district court and having that request denied. I
myself would not support proceeding in that circumstance. Yet the
Commission has very rarely done so in practice, and indeed has over the
years put in place several safeguards to ensure the practice remains
very rare. For example, under Commission Rule 3.26,\7\ the Commission
automatically stays a pending Part 3 matter if a Federal district court
denies the staff's request for a preliminary injunction and the
respondent makes a timely motion thereafter to withdraw the case from
Part 3 adjudication.\8\ Moreover, the Commission's stated policy is to
proceed in such circumstances only when several conditions are met.\9\
In practice these conditions obtain, and the Commission proceeds, only
very rarely.\10\
---------------------------------------------------------------------------
\7\ 16 C.F.R. Sec. 3.26.
\8\ Id. Sec. 3.26(c).
\9\ See Administrative Litigation Following the Denial of a
Preliminary Injunction: Policy Statement, 60 Fed. Reg. 39,741 (Aug. 3,
1995), available at https://www.ftc.gov/sites/default/files/
attachments/merger-review/950803administrativelitigation.pdf.
\10\ See, e.g., Press Release, FTC Withdraws Appeal Seeking a
Preliminary Injunction to Stop LabCorp's Integration with Westcliff
Medical Laboratories, Mar. 24, 2011, https://www.ftc.gov/news-events/
press-releases/2011/03/ftc-withdraws-appeal-seeking-preliminary-
injunction-stop-labcorps (noting the vote to withdraw the matter from
litigation was 5-0); Statement of Commissioners Leibowitz, Kovacic, and
Ramirez, In re Laboratory Corp. of Am., FTC Docket No. 9345 (Apr. 21,
2011), available at https://www.ftc.gov/system/files/documents/
public_state
ments/568671/110422labcorpcommstmt.pdf (concluding, under an earlier
version of Rule 3.26 and after applying the factors listed in the
Commission's 1995 policy statement, that the Commission should not
proceed with administrative litigation following a Federal district
court's order denying a request for a preliminary injunction).
---------------------------------------------------------------------------
In contrast to the largely theoretical problems with Part 3
litigation, there is substantial evidence that this procedure can
provide real benefits. A detailed analysis of every case the Commission
brought in Part 3 since 1977--more than one hundred cases in all--
concluded that our administrative litigation authority provided ``clear
value'' in complex antitrust cases that require the agency's
``institutional expertise in law and economics.'' \11\ This has been
particularly true in ``healthcare mergers, pay-for-delay agreements,
and state-action immunity'' cases.\12\ The same analysis found scant
evidence that the Part 3 process disfavors defendants.\13\
---------------------------------------------------------------------------
\11\ Maureen K. Ohlhausen, Administrative Litigation at the FTC:
Effective Tool for Developing the Law or Rubber Stamp?, 12 J. Comp. L.
& Econ. 623, 656 (2016).
\12\ Id.
\13\ Id. at 656-57 (noting both due process protections afforded to
defendants and the significant proportion of cases (40 percent) in
which the Commission ultimately rejected antitrust liability).
---------------------------------------------------------------------------
In summary, I am loathe to ``fix'' procedural differences between
the two antitrust agencies without strong evidence both that there is a
problem and that the proposed solution is meaningfully better. For
example, there is scant evidence that one procedural difference, Part 3
administrative litigation, is problematic. There is instead substantial
evidence that Part 3 litigation has helped us protect competition in
key sectors of our economy, such as health care.
Question 3. Should Congress amend Section 5(n) of the FTC Act,
which addresses unfair practices, to clarify what constitutes
``substantial injury?'' If so, how?
Answer. No. Neither the Commission, nor the Courts who have ruled
on this issue, have struggled to interpret that element. Substantial
injury can be financial, physical, reputational, or unwanted
intrusions. Financial injury can manifest in a variety of ways:
fraudulent charges, delayed benefits, expended time, opportunity costs,
fraud, and identity theft, among other things.\14\ Physical injuries
include risks to individuals' health or safety, including the risks of
stalking and harassment.\15\ Reputational injury involves disclosure of
private facts about an individual, which damages the individual's
reputation. Tort law recognizes reputational injury.\16\ The FTC has
brought cases involving this type of injury, for example, in a case
involving public disclosure of individuals' Prozac use \17\ and public
disclosure of individuals' membership on an infidelity-promoting
website.\18\ Finally, unwanted intrusions involve two categories. The
first includes activities that intrude on the sanctity of people's
homes and their intimate lives. The FTC's cases involving a revenge
porn website,\19\ an adult-dating website,\20\ and companies spying on
people in their bedrooms through remotely-activated webcams fall into
this category.\21\ The second category involves unwanted commercial
intrusions, such as telemarketing, spam, and harassing debt collection
calls.
---------------------------------------------------------------------------
\14\ See, e.g., TaxSlayer, LLC, No. C-4626 (F.T.C. Oct. 20, 2017)
(Complaint), https://www.ftc.gov/enforcement/cases-proceedings/162-
3063/taxslayer (alleging delayed benefits, expended time, and risk of
identity theft).
\15\ See, e.g., FTC v. Accusearch, Inc., No. 06-CV-0105 (D. Wyo.
May 3, 2006) (Complaint), https://www.ftc.gov/enforcement/cases-
proceedings/052-3126/accusearch-inc-dba-abikacom-jay-patel (alleging
that telephone records pretexting endangered consumers' health and
safety).
\16\ Under the tort of public disclosure of private facts (or
publicity given to private life), a plaintiff may recover where the
defendant's conduct is highly offensive to a reasonable person.
Restatement (Second) of Torts Sec. 652D (1977).
\17\ Eli Lilly and Co., No. C-4047 (F.T.C. May 8, 2002), https://
www.ftc.gov/enforcement/cases-proceedings/012-3214/eli-lilly-company-
matter.
\18\ FTC v. Ruby Corp., et al., No. 1:16-cv-02438 (D.D.C. Dec. 14,
2016), https://www.ftc.gov/enforcement/cases-proceedings/152-3284/
ashley-madison.
\19\ FTC v. EMP Media, Inc., et al., No. 2:18-cv-00035 (D. Nev.
Jan. 9, 2018), https://www.ftc.gov/enforcement/cases-proceedings/162-
3052/emp-media-inc-myexcom.
\20\ FTC v. Ruby Corp., et al., No. 1:16-cv-02438 (D.D.C. Dec. 14,
2016), https://www.ftc.gov/enforcement/cases-proceedings/152-3284/
ashley-madison.
\21\ See Press Release, FTC Halts Computer Spying (Sept. 25, 2012),
https://www.ftc.gov/news-events/press-releases/2012/09/ftc-halts-
computer-spying; see also Aaron's, Inc., C-4442 (F.T.C. Mar. 10, 2014),
https://www.ftc.gov/enforcement/cases-proceedings/122-3256/aarons-inc-
matter.
Question 4. Should the FTC issue more guidance to marketers on the
level of support needed to substantiate their claims? If so, when do
you anticipate that such guidance could be issued?
Answer. The FTC has issued extensive guidance over the years to
help marketers in determining the level of support needed to
substantiate claims. The Commission first articulated the relevant
factors used to determine the level of evidence required to
substantiate objective performance claims in Pfizer, Inc., 81 F.T.C. 23
(1972). Those factors included the type of claim, the type of product,
the consequences of a false claim, the benefits of a truthful claim,
the cost of developing substantiation for the claim, and the amount of
substantiation experts in the field believe is reasonable. The
Commission and the courts have reaffirmed this standard many times
since 1972.\22\ The FTC also has provided extensive guidance through
Guides, staff guidance documents, speeches, and presentations to
industry trade groups and industry attorneys.\23\
---------------------------------------------------------------------------
\22\ See, e.g., Thompson Med. Co., 104 F.T.C. 648, 813 (1984),
aff'd, 791 F.2d 189 (D.C. Cir. 1986); Daniel Chapter One, 2009 WL
5160000 at *25-26 (F.T.C. 2009), aff'd, 405 Fed. Appx. 505 (D.C. Cir.
2010) (unpublished opinion), available at 2011-1 Trade Cas. (CCH) �
77,443 (D.C. Cir. 2010); POM Wonderful, LLC, 155 F.T.C. 1, 55-60
(2013), aff'd, 777 F.3d 478 (D.C. Cir. 2015), cert. denied, 136 S. Ct.
1839, 194 L. Ed. 2d 839 (2016); FTC Policy Statement Regarding
Substantiation, 104 F.T.C. 839, 840 (1984) (appended to Thompson Med.
Co., 104 F.T.C. 648 (1984)).
\23\ See Guides for the Use of Environmental Marketing Claims, 16
C.F.R. Sec. 260.2 (2019), https://www.ecfr.gov/cgi-bin/text-
idx?SID=bd96b2cdcd01f7620d43e50a9d1d8cec&mc=true&
node=se16.1.260_12&rgn=div8; Dietary Supplements: An Advertising Guide
for Industry, https://www.ftc.gov/tips-advice/business-center/guidance/
dietary-supplements-advertising-guide-industry.
---------------------------------------------------------------------------
As late as 2014, the Commission took a more stringent view on
substantiation, requiring in orders that companies support challenged
diet and health claims with two randomized, placebo-controlled, double
blind clinical trials (``RCTs'').\24\ Recently, the D.C. Circuit
correctly rejected the Commission's heightened requirements on First
Amendment grounds, noting the Commission failed ``to justify a
categorical floor of two RCTs for any and all disease claims.'' \25\
Today, the Commission has returned to its traditional, more flexible
standard.\26\ As noted above, this approach is encapsulated in the
Pfizer opinion and reflects the central role of balancing the costs of
prohibiting truthful claims against the benefits of prohibiting false
claims.\27\
---------------------------------------------------------------------------
\24\ See Applied Food Sciences, Inc., FTC File No. 142-3054 (Sept.
10, 2014) (stipulated final judgment and order), https://www.ftc.gov/
system/files/documents/cases/140908afsstip1.pdf; In re The Dannon
Company, Inc., FTC File No. 082-3158 (Feb. 4, 2011) (decision and
order), https://www.ftc.gov/sites/default/files/documents/cases/2011/
02/110204dannondo.pdf; In re Nestle Healthcare Nutrition, Inc., FTC
File No. 092-3087 (Jan. 18, 2011) (decision and order), https://
www.ftc.gov/sites/default/files/documents/cases/2011/01/
110118nestledo.pdf; FTC v. Iovate Health Sciences USA, Inc., Case. No.
10-CV-587 (W.D.N.Y. July 29, 2010) (stipulated final judgment and
order), https://www.ftc.gov/sites/default/files/documents/cases/2010/
07/100729iovatestip.pdf. This level of substantiation exceeds what is
specified in the Commission's Dietary Supplements Guide. Dietary
Supplements: An Advertising Guide for Industry, https://www.ftc.gov/
tips-advice/business-center/guidance/dietary-supplements-advertising-
guide-industry.
\25\ POM Wonderful, LLC v. FTC, 777 F.3d 478, 502 (D.C. Cir. 2015)
(``If there is a categorical bar against claims about the disease
related benefits of a food product or dietary supplement in the absence
of two RCTs, consumers may be denied useful, truthful information about
products with a demonstrated capacity to treat or prevent serious
disease. That would subvert rather than promote the objectives of the
commercial speech doctrine.'').
\26\ See e.g., Nobetes Corp., Case No. 2:18-cv-10068-KS (Dec. 13,
2018) (stipulated order) (requiring ``competent and reliable scientific
evidence shall consist of human clinical testing of the Covered
Product, or of an Essentially Equivalent Product, that is sufficient in
quality and quantity based on standards generally accepted by experts
in the relevant disease, condition, or function to which the
representation relates, when considered in light of the entire body of
relevant and reliable scientific evidence, to substantiate that the
representation is true.''), https://www.ftc.gov/system/files/documents/
cases/nobetes_-_signed_stipulated_order.pdf.
\27\ See generally J. Howard Beales, Timothy J. Muris & Robert
Pitofsky, In Defense of the Pfizer Factors, in THE REGULATORY
REVOLUTION AT THE FTC: A THIRTY-YEAR PERSPECTIVE ON COMPETITION AND
CONSUMER PROTECTION 83 (James C. Cooper ed., 2013) (All three of the
authors served as Director of the Bureau of Consumer Protection and two
served as Chairman at the FTC. The article provides a comprehensive
discussion of Pfizer).
---------------------------------------------------------------------------
The Commission's guidance sets forth flexible principles that can
be applied to multiple products and claims. It does not attempt to
answer every question about substantiation, given the virtually
limitless range of advertising claims, products, and services to which
it could be applied. Instead, it seeks to strike the right balance
between being specific enough to be helpful but not so granular that it
would overlook some important factor that might arise under given
circumstances and thereby actually chill useful speech.
Question 5. In June, the 11th Circuit vacated the Commission's data
security order against Lab-MD. What effect, if any, will this have on
the Commission's data security orders going forward?
Answer. The Eleventh Circuit determined that the mandated data
security provision of the Commission's LabMD Order was insufficiently
specific. The opinion did not have any effect on the FTC's use of
Section 5 to protect consumers from deceptive or unfair data security
practices. We are engaged in an ongoing process to craft appropriate
order language in data security cases, based on the Eleventh Circuit
opinion, feedback we received from our December hearing on data
security, and our own internal discussion of how our orders can create
better deterrence of future misconduct using our existing tools.
Question 6. If Federal privacy legislation is passed, what
enforcement tools would you like to be included for the FTC?
Answer. First, I would recommend that Congress consider giving the
FTC the authority to seek civil penalties for initial privacy
violations, which will create an important deterrent effect. Second,
while the process of enacting Federal privacy legislation will involve
difficult tradeoffs that are appropriately left to Congress, targeted
APA rulemaking authority, similar to that in the Children's Online
Privacy Protection Act, will allow the FTC to keep up with
technological developments. For example, in 2013, the FTC was able to
use its APA rulemaking authority to amend the COPPA Rule to address new
business models, including social media and collection of geolocation
information, that were not in place when the initial 2000 Rule was
promulgated. Third, the FTC could use broader enforcement authority to
take action against common carriers and nonprofits, which it cannot
currently do under the FTC Act. I also believe that the promulgation of
Federal privacy legislation should be undertaken in conjunction with
national data breach notification and data security legislation.
Question 7. During the hearing, I asked you whether the FTC would
consider using its section 6(b) authority to study consumer information
data flows, specifically sending requests to Google, Facebook, Amazon,
and others in the tech industry to learn what information they collect
from consumers and how that information is used, shared, and sold. You
responded, ``Sure, 6(b) is a really powerful tool and that's the type
of thing that might very well make sense for us to use it for.'' I
believe the FTC's section 6(b) authority could provide some much needed
transparency to consumers about the data practices of large technology
companies, and help identify areas that may require additional
attention from lawmakers. Can you explain in more detail whether you
believe the FTC should conduct a study pursuant to section 6(b) of the
Federal Trade Commission Act on the data collection, use, filtering,
sharing, and sale practices of large technology companies?
Answer. The FTC's section 6(b) authority could be used to conduct a
study about the data practices of large technology companies. The FTC
has a comparative advantage in policy research and development through
the use of 6(b) studies, which allows the Commission to proceed in
measured and thoughtful ways on complicated policy questions. I will
continue to encourage the Commission to issue 6(b) studies in the
technology area.
______
Response to Written Questions Submitted by Hon. Jerry Moran to
Hon. Christine S. Wilson
Question 1. Section 5(a) of the FTC Act, which prohibits ``unfair
or deceptive acts or practices in or affecting commerce'' is the legal
basis for a body of consumer protection law that covers data privacy
and security practices. The FTC has brought hundreds of cases to date
to protect the privacy and security of consumer information held by
companies of all sizes under this authority. The FTC staff recently
submitted comments to the National Telecommunications and Information
Administration (NTIA) that clearly indicate the FTC staff's view that
the FTC would be the appropriate agency to enforce a new comprehensive
privacy legislative framework. Do you agree with the staff's view?
Answer. Absolutely. The FTC has developed a substantial body of
expertise on privacy issues over the past several decades, by bringing
hundreds of cases, hosting approximately 70 workshops, and conducting
numerous policy initiatives. The FTC is committed to using all of its
expertise, its existing tools under the FTC Act, and whatever
additional authority Congress gives us, to protect consumer privacy
while promoting innovation and competition in the marketplace.
Question 2. As Congress evaluates opportunities to create
meaningful Federal legislation to appropriately ensure privacy of
consumers' data, there have been suggestions to increase the FTC's
authorities to enforce in this space. Will you commit to working with
this Committee in measuring what resources, if any, will be needed to
allow the agency to enforce any additional authorities that may or may
not be provided in Federal legislation?
Answer. Yes. We can certainly use additional resources, additional
staff, and additional authorities including civil penalties, targeted
APA rulemaking, and jurisdiction over non-profits and common carriers.
We are committed to utilizing whatever additional tools Congress gives
us efficiently and vigorously.
Question 3. Sharing responsibilities with the DOJ's Antitrust
Division, the FTC enforces antitrust law in a variety of sectors as
described by your testimony. While the vast majority of premerger
filings submitted to enforcement agencies do not raise competition
concerns, the FTC challenged 45 mergers since the beginning of 2017,
and of those, the FTC only voted to initiate litigation to block five
transactions. Would you please describe the resource needs of the
agency associated with hiring qualified outside experts to support its
litigation efforts? Please explain how developments in the high-
technology sector are accounted for in the FTC's decision-making
process related to antitrust enforcement.
Answer. I appreciate your attention to the agency's resource needs.
The FTC is committed to maximizing its resources to enhance its
effectiveness in protecting consumers and promoting competition, to
anticipate and respond to changes in the marketplace, and to meet
current and future challenges. Resource constraints, however, remain a
significant challenge. As discussed in more detail below, evolving
technologies and intellectual property issues continue to increase the
complexity of antitrust investigations and litigation. This complexity,
coupled with the rising costs of critical expert witnesses and
increases in caseload, sometimes leads to financial and personnel
resource limitations. In the past, we have requested additional
resources for experts, information technology, and more full-time
employees in support of our mission to protect consumers and promote
competition. These continue to be critical areas of need for our
agency. If we receive additional resources, they likely would be
applied to these areas as needed.
Qualified experts are a critical resource in all of the FTC's
competition cases heading toward litigation. For example, the services
of these expert witnesses are critical to the successful investigation
and litigation of merger cases, as they provide insight on proper
definition of product and geographic markets, the likelihood of entry
by new competitors, and the development of models to contrast merger
efficiencies with potential competitive harm.
Expert witness costs are highly dependent on the number, scope,
duration, and disposition of our Federal and administrative court
challenges. The cost of an expert, for example, increases if we require
the expert to testify or produce a report. To limit these costs, the
FTC has identified and implemented a variety of strategies, including
using internal personnel from its Bureau of Economics as expert
witnesses whenever practical. The opportunities to use internal experts
as testifying experts are limited, however, by several factors,
including staff availability, testifying experience, and the
specialized expertise required for specific matters. I will continue to
encourage the FTC to evaluate how to increase its use of internal
experts and control expert costs without compromising case outcomes or
reducing the number of enforcement actions.
In addition to expert witness costs, you asked about how
developments in the high-technology sector factor into the FTC's
decision-making process related to antitrust enforcement. The FTC
closely follows activity in the high-technology sector. Given the
important role that technology companies play in the American economy,
it is critical that the Commission--in furthering its mission to
protect consumers and promote competition--understand the current and
developing business models and scrutinize incumbents' conduct to ensure
that they abide by the same rules of competitive markets that apply to
any company. When appropriate, the Commission will take action to
counter the harmful effects of coordinated or unilateral conduct by
technology firms.
The fundamental principles of antitrust do not differ when applied
to high-technology industries, including those in which patents or
other intellectual property are highly significant. The issues,
however, are often more complex and require different expertise, which
may necessitate the hiring of outside experts or consultants to help us
develop and litigate our cases. The FTC also strives to adapt to the
dynamic markets we protect by leveraging the research, advocacy, and
education tools at our disposal to improve our understanding of
significant antitrust issues and emerging trends in business practices,
technology, and markets. For example, last fall, the Commission
launched its Hearings on Competition and Consumer Protection in the
21st Century to consider whether the FTC's enforcement and policy
efforts are keeping pace with changes in the economy, including
advancements in technology and new business models made possible by
those developments.\28\ I will continue to encourage the agency to
scrutinize technology mergers and conduct by technology firms to ensure
not only that consumers benefit from their innovative products, but
also that competition thrives in this dynamic and highly influential
sector.
---------------------------------------------------------------------------
\28\ FTC, Hearings on Competition and Consumer Protection in the
21st Century, https://www.ftc.gov/policy/hearings-competition-consumer-
protection. Recent hearings included a two-day workshop on the
potential for collusive, exclusionary, and predatory conduct in
multisided, technology-based platform industries. FTC Workshop, FTC
Hearing #3: Competition and Consumer Protection in the 21st Century
(Oct. 15-17, 2018), https://www.ftc.gov/news-events/events-calendar/
2018/10/ftc-hearing-3-competition-consumer-protection-21st-century.
Similarly, in early November, the Commission held a two-day workshop on
the antitrust frameworks for evaluating acquisitions of nascent
competitors in the technology and digital marketplace, and the
antitrust analysis of mergers and conduct where data is a key asset or
product. FTC Workshop, FTC Hearing #6: Competition and Consumer
Protection in the 21st Century (Nov. 6-8, 2018), https://www.ftc.gov/
news-events/events-calendar/ftc-hearing-6-competition-consumer-pro
tection-21st-century. Also in November, the Commission held a two-day
workshop on the competition and consumer protection issues associated
with algorithms, artificial intelligence, and predictive analysis in
business decisions and conduct. FTC Workshop, FTC Hearing #7:
Competition and Consumer Protection in the 21st Century (Nov. 13-14),
https://www.ftc.gov/news-events/events-calendar/ftc-hearing-7-
competition-consumer-protection-21st-century.
Question 4. Earlier this year, I introduced legislation called the
Senior Scams Prevention Act with Senator Bob Casey to combat continued
and increasingly complex attempts to defraud one of the Nation's most
vulnerable populations, our senior community. This bill seeks to ensure
retailers, financial institutions and wire transfer companies have the
resources to train employees to help stop financial frauds and scams on
seniors. Would you agree that awareness and education, guided by ``best
practices'' established by industry and government partners, is a
valuable tool in preventing consumer harms against our Nation's
seniors?
Answer. Yes. Protecting older consumers is one of the agency's top
priorities. As the population of older Americans grows, the FTC's
efforts to identify scams affecting seniors and to bring aggressive law
enforcement action, as well as provide awareness and useful advice to
seniors, become increasingly vital. Using research, the FTC developed
its Pass It On campaign to share preventative information about frauds
and scams with older adults.\29\ This popular campaign, used by many of
our partners, engages active older adults to share the materials with
people in their communities, including people in their lives who may
need this information. The FTC stands ready to work with industry and
our government partners to create additional material for industry,
including retailers, financial institutions, wire transfer companies
and others to help prevent harm to our Nation's seniors.
---------------------------------------------------------------------------
\29\ FTC, FTC Website: Consumer Information--Pass it on, https://
www.consumer.ftc.gov/features/feature-0030-pass-it-on (providing
consumer information on identity theft, imposter scams, charity fraud,
and other topics).
Question 5. In its comments submitted to NTIA on ``Developing the
Administration's Approach to Consumer Privacy,'' the FTC discussed the
various cases that it has taken up to address privacy-related harms to
consumers, and it specifically noted four categories of harms:
financial injury, physical injury, reputational injury, and unwanted
intrusion. Could you please briefly describe each category while noting
any FTC enforcement considerations specific to that type of harm?
Answer. Certainly. Financial injury can manifest in a variety of
ways: fraudulent charges, delayed benefits, expended time, opportunity
costs, fraud, and identity theft, among other things.\30\ Physical
injuries include risks to individuals' health or safety, including the
risks of stalking and harassment.\31\ Reputational injury involves
disclosure of private facts about an individual, which damages the
individual's reputation. Tort law recognizes reputational injury.\32\
The FTC has brought cases involving this type of injury, for example,
in a case involving public disclosure of individuals' Prozac use \33\
and public disclosure of individuals' membership on an infidelity-
promoting website.\34\ Finally, unwanted intrusions involve two
categories. The first includes activities that intrude on the sanctity
of people's homes and their intimate lives. The FTC's cases involving a
revenge porn website,\35\ an adult-dating website,\36\ and companies
spying on people in their bedrooms through remotely-activated webcams
fall into this category.\37\ The second category involves unwanted
commercial intrusions, such as telemarketing, spam, and harassing debt
collection calls. In terms of enforcement considerations, as noted
above, the FTC is very mindful of ensuring that it addresses these
harms, while not impeding the benefits of data collection and use
practices.
---------------------------------------------------------------------------
\30\ See, e.g., TaxSlayer, LLC, No. C-4626 (F.T.C. Oct. 20, 2017)
(complaint), https://www.ftc.gov/enforcement/cases-proceedings/162-
3063/taxslayer (alleging delayed benefits, expended time, and risk of
identity theft).
\31\ See, e.g., FTC v. Accusearch, Inc., No. 06-CV-0105 (D. Wyo.
May 3, 2006) (complaint), https://www.ftc.gov/enforcement/cases-
proceedings/052-3126/accusearch-inc-dba-abikacom-jay-patel (alleging
that telephone records pretexting endangered consumers' health and
safety).
\32\ Under the tort of public disclosure of private facts (or
publicity given to private life), a plaintiff may recover where the
defendant's conduct is highly offensive to a reasonable person.
Restatement (Second) of Torts Sec. 652D (1977).
\33\ Eli Lilly and Co., No. C-4047 (F.T.C. May 8, 2002), https://
www.ftc.gov/enforcement/cases-proceedings/012-3214/eli-lilly-company-
matter.
\34\ FTC v. Ruby Corp., et al., No. 1:16-cv-02438 (D.D.C. Dec. 14,
2016), https://www.ftc.gov/enforcement/cases-proceedings/152-3284/
ashley-madison.
\35\ FTC v. EMP Media, Inc., et al., No. 2:18-cv-00035 (D. Nev.
Jan. 9, 2018), https://www.ftc.gov/enforcement/cases-proceedings/162-
3052/emp-media-inc-myexcom.
\36\ FTC v. Ruby Corp., et al., No. 1:16-cv-02438 (D.D.C. Dec. 14,
2016), https://www.ftc.gov/enforcement/cases-proceedings/152-3284/
ashley-madison.
\37\ See Press Release, FTC Halts Computer Spying (Sept. 25, 2012),
https://www.ftc.gov/news-events/press-releases/2012/09/ftc-halts-
computer-spying; see also Aaron's, Inc., No. C-4442 (F.T.C. Mar. 10,
2014), https://www.ftc.gov/enforcement/cases-proceedings/122-3256/
aarons-inc-matter.
Question 6. In the FTC's recent comments in NTIA's privacy
proceeding, the FTC said that its ``guiding principles'' are based on
``balancing risk of harm with the benefits of innovation and
competition.'' Would you describe what this means, how you strike this
balance, and how it is applied in practice under your Section 5
authority in the FTC Act?
Answer. Regulations may impose significant costs on regulated
companies, so new regulations must be handled with care to avoid
stifling innovation or entrenching incumbents. The FTC has a
longstanding history of weighing the countervailing benefits when
determining if an injury to consumers justifies the imposition of a
remedy. In unfairness cases, section 5(n) of the FTC Act requires us to
strike this balance. It does not allow the FTC to bring a case alleging
unfairness ``unless the act or practice causes or is likely to cause
substantial injury to consumers, which is not reasonably avoidable by
consumers themselves and not outweighed by benefits to consumers or to
competition.'' Thus, for example, in our data security complaints and
orders, we often plead the specific harms that consumers are likely to
suffer from a company's data security failures. We do not assert that
companies need to spend unlimited amounts of money to address these
harms; in many of our cases, we specifically allege that the company
could have fixed the security vulnerabilities at low or no cost.
Question 7. The FTC's comments pertaining to ``control'' in NTIA's
privacy proceeding stated, ``Choice also may be unnecessary when
companies collect and disclose de-identified data, which can power data
analytics and research, while minimizing privacy concerns.'' How would
the FTC suggest Federal regulation account for de-identified data, if
at all?
Answer. This question is an excellent one, and pertains to an area
in which I continue to listen to various perspectives and analyze
policy ramifications. There are many potentially important uses for de-
identified data. But protecting privacy using de-identified information
is becoming more complex as new and powerful tools are able to combine
data sets and extract information. One possible standard identified in
the FTC's 2012 Privacy Report states that data is de-identified if it
is not ``reasonably linkable'' to a consumer, computer, or device.\38\
Data can be deemed to be de-identified to the extent that a company:
(1) takes reasonable measures to ensure that the data is de-identified;
(2) publicly commits not to try to re-identify the data; and (3)
contractually prohibits downstream recipients from trying to re-
identify the data. Additionally, I think that we must invest in
research and education to ensure consumers and the market place
understand the evolving risks associated with de-identified data.
Although this language provides some general principles for de-
identification, we would be happy to work with your staff on drafting
more specific legislative language.
---------------------------------------------------------------------------
\38\ Available at https://www.ftc.gov/sites/default/files/
documents/reports/federal-trade-commission-report-protecting-consumer-
privacy-era-rapid-change-recommendations/120326privacy
report.pdf.
Question 8. Your testimony indicated that continued technological
developments allow illegal robocallers to conceal their identities in
``spoofing'' caller IDs while exponentially increasing robocall volumes
through automated dialing systems. These evolving technological changes
mean that the critical law enforcement efforts of the FTC cannot be the
only solution, and your testimony described the additional steps the
FTC is taking to develop innovative solutions to these issues. Would
you please describe the process and outcomes of the four public
challenges that the FTC held from 2013 to 2015? Are there plans to
incentivize innovators to combat robocalls in the future?
Answer. The FTC's process for its robocall challenges included
public announcements, committees with independent judges, and, in some
cases, cash prizes awarded under the America COMPETES Reauthorization
Act.\39\ To maximize publicity, the FTC announced each of its four
challenges in connection with public events. The FTC announced the
first robocall challenge at the FTC's 2012 Robocall Summit. In 2014,
the FTC conducted its second challenge, ``Zapping Rachel'' at DEF CON
22. The FTC conducted its third challenge, ``DetectaRobo,'' in June
2015 in conjunction with the National Day of Civic Hacking. The final
phase of the FTC's fourth public robocall challenge took place at DEF
CON 23. When the FTC held its first public challenge, there were few,
if any, call blocking or call labeling solutions available for
consumers. Today, two FTC challenge winners, NomoRobo and Robokiller,
offer call blocking applications, and there are hundreds of mobile apps
offering call blocking and call labeling solutions for cell phones.
Many home telephone service providers also now offer call blocking and
call labeling solutions. The FTC will not hesitate to initiate
additional innovation contests if it identifies further challenges that
could meaningfully benefit consumers by reducing the harm caused by
illegal robocalls.
---------------------------------------------------------------------------
\39\ See ``Details About the FTC's Robocall Initiatives'' at
https://www.consumer.ftc.gov/features/feature-0025-robocalls.
---------------------------------------------------------------------------
In addition to developing call blocking and call labeling
technology, the telecom industry has also developed call verification
technology, called STIR/SHAKEN, to help consumers know whether a call
is using a spoofed Caller ID number and assist call analytics companies
in implementing call blocking and call labeling products. If widely
implemented and made available to consumers, the STIR/SHAKEN protocol
should minimize unwanted calls. Certain industry members have begun to
roll out this technology and it is in beta testing mode. I understand
Chairman Pai recently called on the Nation's largest carriers to
provide details about their caller ID authentication plans for 2019. I
support this industry initiative.
Question 9. Would you please describe the FTC's coordination
efforts with state, federal, and international partners to combat
illegal robocalls?
Answer. The FTC frequently coordinates its efforts with its state,
federal, and international partners. The FTC often brings robocall
enforcement actions with states as co-plaintiffs. For example, in the
FTC's case against Dish Network, litigated for the FTC by the
Department of Justice, the FTC brought the case jointly with
California, Illinois, North Carolina, and Ohio. Collectively, the
states and the FTC obtained a historic $280 million trial verdict.\40\
---------------------------------------------------------------------------
\40\ Press Release, FTC and DOJ Case Results in Historic Decision
Awarding $280 Million in Civil Penalties Against Dish Network and
Strong Injunctive Relief for Do Not Call Violations (June 6, 2017),
https://www.ftc.gov/news-events/press-releases/2017/06/ftc-doj-case-
results-historic-decision-awarding-280-million-civil. The case is on
appeal before the Seventh Circuit Court of Appeals.
---------------------------------------------------------------------------
The FTC also coordinates outreach and education with the FCC. In
2018, the agencies co-hosted two robocall events--a policy forum that
discussed technological and law enforcement solutions to the robocall
problem \41\ and a public expo that allowed companies offering call
blocking and call labeling services to showcase their products for the
public.\42\ Additionally, the FTC and FCC hold quarterly calls, speak
regularly on an informal basis, and coordinate on a monthly basis with
our state partners through the National Association of Attorneys
General. The FTC also engages with international partners through
participation in international law enforcement groups such as the
International Consumer Protection Enforcement Network, International
Mass Marketing Fraud Working Group, and the Unsolicited Communications
Network (formerly known as the London Action Plan).
---------------------------------------------------------------------------
\41\ Press Release, FTC and FCC to Host Joint Policy Forum and
Consumer Expo to Fight the Scourge of Illegal Robocalls (Mar. 22,
2018), https://www.ftc.gov/news-events/press-releases/2018/03/ftc-fcc-
host-joint-policy-forum-illegal-robocalls.
\42\ Press Release, FTC and FCC to Co-Host Expo on April 23
Featuring Technologies to Block Illegal Robocalls (Apr. 19, 2018),
https://www.ftc.gov/news-events/press-releases/2018/04/ftc-fcc-co-host-
expo-april-23-featuring-technologies-block-0.
cQuestion 10. Your testimony described the limitations of the FTC's
current data security enforcement authority provided by Section 5 of
the FTC Act including: lacking civil penalty authority, lacking
authority over non-profits and common carrier activity, and missing
broad APA rulemaking authority. Please describe each of these
limitations and how adjusted FTC authority to address these items would
improve the protection of consumers from data security risks.
Answer. Under current law, the FTC cannot obtained civil penalties
for first-time security violations. I believe this under-deters
problematic data security practices. If Congress were to give us the
authority to seek civil penalties for first-time violators (subject to
statutory limitations on the imposition of civil penalties, such as
ability to pay and stay in business), better deterrence would be
achieved. As to APA rulemaking authority, though we are not seeking
general APA rulemaking authority for a broad statute like Section 5,
were Congress to enact specific data security legislation, it is
important for the FTC to have APA rulemaking authority. Such authority
will ensure that the FTC can enact rules and amend them as necessary to
keep up with technological developments. For example, in 2013, the FTC
was able to use its APA rulemaking authority to amend its Rule under
the Children's Online Privacy Protection Act to address new business
models, including social media and collection of geolocation
information, that were not in place when the initial 2000 Rule was
promulgated. As to nonprofits and common carriers, news reports are
filled with breaches affecting these sectors (e.g., the education
sector) and the FTC does not currently have jurisdiction over them.
Giving the FTC jurisdiction over these entities for purposes of
enforcing data security laws will create a level playing field and
ensure that these entities are subject to the same rules as other
entities that collect similar types of data.
______
Response to Written Questions Submitted by Hon. Amy Klobuchar to
Hon. Christine S. Wilson
Question 1. Net neutrality is the bedrock of a fair, fast, open,
and global internet. Now that the FCC has eliminated critical net
neutrality protections that prevent Internet service providers from
blocking, slowing, and prioritizing web traffic, it is clear that the
FTC now has primary authority in preventing Internet abuses.
a. Can you please describe the Commission's activity in policing
the internet?
b. Does the FTC have the resources and expertise to effectively
fulfill its mission in this area?
Answer. The consumer protection and competition issues raised by
the growth of the Internet and all of its subsidiary technologies are
not new to the FTC, which is well equipped to analyze potential conduct
and business arrangements that may impact consumers and competition.
The FTC's complementary competition and consumer protection tools are
capable of protecting consumers and competition online.
The FTC has significant expertise in understanding competition in
broadband markets.\1\ From an antitrust perspective, the ultimate issue
is whether broadband Internet access providers engage in unilateral or
joint conduct that is likely to harm competition in a relevant market.
---------------------------------------------------------------------------
\1\ See generally Comment of the Staff of the Bureau of Consumer
Protection, Bureau of Competition, and Bureau of Economics of the Fed.
Trade Comm'n, WC Docket No. 17-108 (filed July 17, 2017), https://
www.ftc.gov/system/files/documents/advocacy_documents/comment-staff-
bureau-consumer-protection-bureau-competition-bureau-economics-federal-
trade/ftc_staff_comment_to_fcc
_wc_docket_no17-108_7-17-17.pdf; Fed. Trade Comm'n, Broadband
Connectivity Competition Policy (2007), https://www.ftc.gov/reports/
broadband-connectivity-competition-policy-staff-report.
---------------------------------------------------------------------------
The FTC has reviewed a number of mergers in the Broadband Internet
Access Service (``BIAS'') and Internet markets, and has required
remedies where necessary to preserve competition. For example, in 2014,
Nielsen Holdings N.V. agreed to divest and license assets and
intellectual property to address the FTC's concerns that its
acquisition of Arbitron Inc. might substantially lessen competition.\2\
In 2000, the Commission reviewed the merger of America Online, Inc.
(``AOL'') and Time Warner and issued an order that resolved antitrust
concerns by imposing a number of conditions to prevent the integrated
firm from denying access to or discriminating against unaffiliated
Internet Service Providers (``ISPs'').\3\ In 2006, the FTC scrutinized
a transaction among firms that provided multichannel video programming
distribution, closing its investigation after determining that the
evidence did not suggest the proposed acquisition was likely to
substantially lessen competition in any geographic region in the United
States.\4\
---------------------------------------------------------------------------
\2\ Nielsen Holdings N.V., No. C-4439 (F.T.C. Feb. 24, 2014),
https://www.ftc.gov/enforcement/cases-proceedings/131-0058/nielsen-
holdings-nv-arbitron-inc-matter.
\3\ Am. Online, Inc., No. C-3989 (F.T.C. Apr. 17, 2001), https://
www.ftc.gov/enforcement/cases-proceedings/0010105/america-online-inc-
time-warner-inc.
\4\ Comcast Corporation, No. 051-0151 (F.T.C. Jan. 31, 2006)
https://www.ftc.gov/public-statements/2013/07/acquisition-comcast-
corporation-and-time-warner-cable-inc-cable-assets.
---------------------------------------------------------------------------
Likewise, the FTC's consumer protection tools are well suited to
ensure that companies keep their promises to consumers about their
broadband service. The FTC can take action against Section 5 violations
by BIAS providers, also known as ISPs, for non-common carrier
activities including deceptive advertising of services or prices,
privacy violations, or unfair billing methods. The FTC recently has
brought a number of throttling cases. In 2015, the FTC settled charges
that TracFone, a large prepaid wireless provider, failed to disclose
that it throttled the speeds of consumers on ``unlimited'' data plans.
The company paid $40 million in consumer refunds.\5\ The FTC is
currently litigating against AT&T Mobility over allegations that the
company unfairly throttled the speeds of consumers on plans advertised
as ``unlimited.'' \6\
---------------------------------------------------------------------------
\5\ FTC v. TracFone Wireless, Inc., No. 15-cv-00392-EMC (N.D. Cal.
Feb. 20, 2015), https://www.ftc.gov/enforcement/cases-proceedings/132-
3176/straight-talk-wireless-tracfone-wireless-inc.
\6\ FTC v. AT&T Mobility LLC, 87 F. Supp. 3d 1087 (N.D. Cal. 2015)
(No. C-14-4785 EMC) (complaint).
---------------------------------------------------------------------------
The FTC has the expertise to effectively fulfill its mission in
this area. The FTC also has the requisite resources. If Congress were
to entrust us with additional resources, I am confident that we could
deploy those resources in efficient and effective manners.
Question 2. The Federal Trade Commission's budget has remained flat
for the past several years despite increasing demands on your agency's
resources, including a significant rise in merger filings.
a. If additional resources were made available to the Federal Trade
Commission, how would you deploy those resources to advance the
agency's consumer protection and competition missions?
Answer. To effectively and efficiently perform our antitrust and
consumer protection missions, the FTC must receive sufficient funding
to attract and retain competent staff, conduct investigations, engage
in our important research and development, and produce timely consumer
education materials. If additional resources were made available to the
FTC, I would prioritize three areas.
Health care expenditures as a percentage of GDP have been growing
for several decades, and accounted for 17.9 percent of GDP in 2017.
Given the importance of this sector to ordinary Americans, the FTC has
long devoted significant attention to this arena. Both the FTC's Bureau
of Competition and its Bureau of Consumer Protection have played a key
role in promoting vibrant competition, ensuring accurate information
about products and services, protecting consumers' sensitive medical
information, and advising government entities on the likely impact of
new regulations on entry and competition. The past decade has seen
significant regulatory and technological changes that impact health
care, as well as notable innovations in how health care is delivered to
patients. The continuing growth of this sector, combined with
significant concerns about health care costs, misuse of sensitive data,
and burgeoning occupational licensing requirements, underscore the need
for the FTC to maintain its focus on this industry. It is imperative
for the FTC to continue increasing its understanding of how these
developments affect patient choice and the quality of patient care, and
how these changes should be incorporated into the Commission's advocacy
and enforcement efforts.
Trade across borders and the rapid proliferation of competition and
consumer protection regimes generate benefits for consumers and
businesses, but also give rise to potential pitfalls. Consumers can
easily fall prey to fraudsters who have never set foot on U.S. soil,
and foreign cartels can raise the prices of goods imported into the
United States. American businesses can face exclusionary conduct from
foreign competitors that limits access to markets overseas, and foreign
governments can apply their competition laws in ways that
disproportionately disadvantage U.S. companies. The FTC, together with
the DOJ Antitrust Division, has long played a role in coordinating with
and providing technical assistance to competition and consumer
protection agencies in other jurisdictions. But challenges remain, and
now more than ever the FTC and the DOJ Antitrust Division must assume a
global leadership role in advancing sensible antitrust and consumer
protection policies that promote competition, protect consumers, and
move away from the use of competition and consumer protection regimes
to favor national champions and advance industrial policy goals.
Advances in technology create many benefits for consumers but
present enforcement complexities for the FTC. Some of the most
controversial public policy issues--e.g., the intersection of
intellectual property and antitrust, data security and privacy--are
rooted in continuing technological advances. An informed understanding
of how technologies work and how their use affects consumers is
therefore necessary to the sensible and economically grounded exercise
of the FTC's authority. The FTC historically has taken advantage of its
unique R&D capabilities--including 6(b) studies, hearings, and
workshops to stay abreast of technological developments that may
implicate new enforcement priorities and challenges, to fashion sound
enforcement policies, and to make policy recommendations to Congress,
as well as to Federal and state agencies. In fact, the FTC recently
announced the creation of a task force, within the Bureau of
Competition, to investigate competition in U.S. technology markets and
take enforcement action when warranted. In light of this new
initiative, the FTC is well positioned to be a thought leader on the
complex issues that arise in this arena, and should continue taking
full advantage of that capability.
______
Response to Written Questions Submitted by Hon. Tom Udall to
Hon. Christine S. Wilson
Privacy
Question 1. Do you support strong civil penalties for consumer
privacy violations?
Answer. Yes. Under the FTC's current authority, we cannot seek
civil penalties for initial privacy violations of Section 5 of the FTC
Act. I believe we need the ability to seek civil penalties for initial
violations in order to more effectively deter unlawful conduct. These
penalties would of course be subject to the statutory limitations in
Section 5(n) of the FTC Act, including ability to pay, degree of
culpability and ability to continue to do business.
Question 2. The California Consumer Protection Act goes into effect
in January 2020. As Congress considers pre-emption of that state law,
what additional authority should we give the FTC to ensure that
consumer privacy adequately is protected?
Answer. I support the enactment of Federal privacy legislation that
would be enforced by the FTC and contain at least three components.
First, as I noted above, it should give the Commission the ability to
seek civil penalties for initial privacy violations. Second, it should
give the Commission the ability to conduct APA rulemaking in order to
make sure any legislation keeps up with technological developments.
Third, it should give the Commission jurisdiction over nonprofits and
common carriers. Beyond these general parameters, I note that the
process of enacting Federal privacy legislation will involve difficult
tradeoffs that are appropriately left to Congress. I also believe that
the promulgation of Federal privacy legislation should be undertaken in
conjunction with national data breach notification and data security
legislation. No matter the specific privacy or data security laws
Congress enacts, the Commission commits to using its extensive
expertise and experience to enforce them vigorously and
enthusiastically.
Question 3. A recent New York Times analysis found that both the
Apple App Store and the Google Play Store have apps in their respective
children's or family sections that potentially violate COPPA.\7\ What
specific role should platform owners play to ensure COPPA compliance on
their platforms?
---------------------------------------------------------------------------
\7\ Valentino-DeVries, J., Singer, N., Krolick, A., Keller, M. H.,
How Game Apps That Captivate Kids Have Been Collecting Their Data, N.Y.
Times, Sept. 12, 2018, https://www.nytimes.com/interactive/2018/09/12/
technology/kids-apps-data-privacy-google-twitter.html.
---------------------------------------------------------------------------
Answer. In 2012, the Commission revised the COPPA Rule to cover not
just websites, app developers, and other online services but also third
parties collecting personal information from users of those sites or
services. At that time, the Commission made clear that it did not
intend to make platforms responsible merely for offering consumers
access to someone else's child-directed content. Rather, they would be
liable under COPPA only if they had actual knowledge that they were
collecting personal information from a child-directed app. At the same
time, platforms are in a unique position to set and enforce rules for
apps that seek placement in the platform's store and to drive good
practices. We encourage platforms to pursue best practices in this
regard, beyond those required by COPPA. For example, platforms can
serve an important educational function for apps that may not
understand the requirements of COPPA.
Question 4. Compliance for mobile apps may be hard to achieve
against fly-by-night operators overseas who do not care if their apps
violate U.S. law. How can the Vtech Electronics investigation and civil
penalty serve as an example for how the FTC can hold foreign app
developers responsible for violating COPPA?
Answer. The Commission benefits significantly from the expertise of
its Office of International Affairs in cases involving foreign
companies or individuals. In addition to the VTech case you mention,
the Commission has taken action in a number of privacy- or security-
related cases against companies that have a foreign presence (see,
e.g., TrendNet, inMobi, ASUS, and HTC).\8\ In some of these cases, for
example, a foreign entity manufactured the devices at issue. In each of
these cases, the FTC obtained successful relief for consumers in the
United States, including substantial civil penalties in the VTech and
inMobi settlements. More recently, the FTC took action against BLU, a
U.S.-based phone manufacturer that was allowing its Chinese service
provider to access text messages and other private information,
contrary to its representations to consumers.\9\ The Commission has
also used other means to address illegal conduct affecting U.S.
consumers. For example, a few years ago Commission staff sent a warning
letter to a Chinese company, Baby Bus, about COPPA violations relating
to the collection of children's personal information through its apps.
The Commission copied the app platforms on this communication. The
company quickly responded and addressed the concerns.
---------------------------------------------------------------------------
\8\ In re: TRENDnet, Inc., No. C-4426 (Jan. 16, 2014), https://
www.ftc.gov/enforcement/cases-proceedings/122-3090/trendnet-inc-matter;
United States v. InMobi Pte Ltd., No. 3:16-cv-3474 (N.D. Cal. June 22,
2016), https://www.ftc.gov/enforcement/cases-proceedings/152-3203/
inmobi-pte-ltd; In re ASUSTeK Computer Inc., No. C-4587 (July 18,
2016), https://www.ftc.gov/enforcement/cases-proceedings/142-3156/
asustek-computer-inc-matter; In re HTC America Inc., No. C-4406 (July
25, 2013), https://www.ftc.gov/enforcement/cases-proceedings/122-3049/
htc-america-inc-matter.
\9\ In re BLU Prods. and Samuel Ohev-Zion, No. C-4657 (Sept. 6,
2018), https://www.ftc.gov/enforcement/cases-proceedings/172-3025/blu-
products-samuel-ohev-zion-matter.
Question 5. The COPPA safe harbor organizations must submit an
annual report to the Federal Trade Commission, can you share the
reports from the last 5 years?
Answer. The FTC-approved safe harbor organizations do submit annual
reports to the FTC each year. However, organizations claim
confidentiality with respect to the information in their annual
reports.
______
Response to Written Questions Submitted by Hon. Richard Blumenthal to
Hon. Christine S. Wilson
Question 1. Do you support providing state AGs with the power to
enforce Federal privacy protections and would you commit to working
with state AGs?
Answer. Yes. The Attorneys General are important partners in
protecting consumers, and I believe the model of giving state Attorneys
General the power to enforce Federal privacy protections ensures that
there are multiple enforcers investigating potential law violations.
Question 2. Why is it important that the FTC have rulemaking
authority when it comes to privacy? Where best would rulemaking be
applied?
Answer. The process of enacting Federal privacy legislation will
involve difficult tradeoffs that are appropriately left to Congress.
APA rulemaking authority within those parameters is important, because
it will enable the FTC to keep up with technology developments. For
example, Congress gave the FTC APA rulemaking authority to implement
the Children's Online Privacy Protection Act. In 2013, the FTC was able
to use this authority to amend a Rule it had initially promulgated in
2000, in order to address new business models, technologies such as
smart phones, and social media and collection of geolocation
information. I believe providing the FTC with APA rulemaking in
targeted areas, as Congress did with the Children's Online Privacy
Protection Act, would be most effective.
Question 3. Do you believe elevating the Office of Technology
Research and Investigation to the Bureau level would meaningfully help
the FTC in addressing new technological developments across its
mandates?
Answer. At this time, I do not believe that elevating the Office of
Technology Research and Investigation to the Bureau level would
meaningfully help the FTC. However, I share your concerns and am
actively thinking about how best to integrate technologists into our
agency and how most effectively to deploy our limited resources to
address our needs in this area. The FTC recently announced the creation
of a task force within the Bureau of Competition to investigate
competition in U.S. technology markets and take enforcement action when
warranted. The task force will collaborate closely with the Bureaus of
Consumer Protection and Economics. Moreover, we are continuing to
examine technology markets to ensure consumers benefit from robust
competition. This effort includes evaluating the information developed
at the Commission's Hearings on Competition and Consumer Protection in
the 21st Century.
Question 4. What is the FTC doing to investigate and hold
accountable individual board members and executives who knowingly
assist their companies in committing fraud? What more should the FTC be
doing in this regard?
Answer. The FTC always considers the potential liability of
individual officers and others who participated in or controlled
deceptive and unfair practices. In cases where the FTC finds evidence
of wrongdoing that meets the applicable legal standard, and where
naming the individual is appropriate to obtain full and complete relief
for consumers and appropriate injunctive relief, we do so.
Question 5. Where the FTC consider using its Section 6(b)
investigative power to help us understand how these algorithms and
black-box A.I. systems work--the biases that shape them, and how those
can affect trade, opportunity, and the market?
Answer. I agree that algorithms and artificial intelligence are
important topics of study. The FTC has issued a report on the subject
of the benefits and risks of big data that contains guidance for
companies that use big data analytics.\10\ In 2017, the FTC and
Department of Justice submitted a joint paper on algorithms and
collusion to the Organization for Economic Cooperation and Development
(``OECD'') as part of the OECD's broader look at the role of
competition policy and the digital age.\11\ More recently, we examined
the competition and consumer protection implications of algorithms,
artificial intelligence, and predictive analytics as part of the
Commission's Hearings on Competition and Consumer Protection in the
21st Century.\12\ The two-day hearing featured a distinguished group of
technologists, scientists, public servants, academics, and industry
leaders (as well as economists and lawyers), who gathered to educate us
and the broader competition and consumer protection community about how
these technologies work, how they are used in the marketplace, and
their policy implications. The Commission also invited public
commentary on this topic.
---------------------------------------------------------------------------
\10\ See FTC, FTC Report--Big Data: A Tool for Inclusion or
Exclusion? Understanding the Issues (Jan. 2016), https://www.ftc.gov/
system/files/documents/reports/big-data-tool-inclusion-or-exclusion-
understanding-issues/160106big-data-rpt.pdf.
\11\ Note to the OECD by the United States on Algorithms and
Collusion, DAF/COMP/WD(2017)41 (May 26, 2017), https://www.ftc.gov/
system/files/attachments/us-submissions-oecd-other-international-
competition-fora/algorithms.pdf.
\12\ FTC, Hearings on Competition and Consumer Protection in the
21st Century, https://www.ftc.gov/policy/hearings-competition-consumer-
protection; FTC Workshop, FTC Hearing #7: Competition and Consumer
Protection in the 21st Century (Nov. 13-14, 2018), https://www.ftc.gov/
news-events/events-calendar/ftc-hearing-7-competition-consumer-
protection-21st-century.
---------------------------------------------------------------------------
The FTC has a comparative advantage in policy research and
development through the use of 6(b) studies, which allows the
Commission to proceed in measured and thoughtful ways on complicated
policy questions. I will continue to encourage the Commission to stay
abreast of developments in these areas, including through the use of
6(b) studies, when appropriate.
Question 6. In your opinion, is a car with an open, unrepaired
recall, a ``safe'' car? Why would the FTC allow unsafe cars to be
advertised as ``safe'' and ``repaired for safety,'' with or without a
vague, contradictory and confusing disclaimer?
Answer. I share your concerns regarding the safety issues raised by
recalls in the used automobile marketplace. As you note, while Federal
auto safety law requires that all new cars sold be free from recalls,
it does not prohibit auto dealers from selling used cars with open
recalls.
However, the FTC Act enables the Commission to stop auto dealers
selling such cars from engaging in misleading advertising practices
that mask the existence of open recalls. In an effort to stop such
claims, in 2016 and 2017, the Commission brought actions against
General Motors Company, CarMax, Inc., and four other large used car
dealerships.\13\ In these actions, the Commission alleged that these
companies' advertising claims violated the FTC Act by touting the
rigorousness of their used car inspections while failing to clearly
disclose the existence of unrepaired safety recalls in some cars.
---------------------------------------------------------------------------
\13\ See Press Release, GM, Jim Koons Management, and Lithia Motors
Inc. Settle FTC Actions Charging That Their Used Car Inspection Program
Ads Failed to Adequately Disclose Unrepaired Safety Recalls, Jan. 28,
2016, https://www.ftc.gov/news-events/press-releases/2016/01/gm-jim-
koons-management-lithia-motors-inc-settle-ftc-actions; Press Release,
CarMax and Two Other Dealers Settle FTC Charges That They Touted
Inspections While Failing to Disclose Some of the Cars Were Subject to
Unrepaired Safety Recalls, Dec. 16, 2016, https://www.ftc.gov/news-
events/press-releases/2016/12/carmax-two-other-dealers-settle-ftc-
charges-they-touted.
---------------------------------------------------------------------------
Our orders stop this deceptive conduct and provide important
additional protections for consumers.
Question 7. Do you agree with the proposal that the FTC use its
rulemaking authority to address non-compete clauses? I invite you to
explain your reasoning regarding your stance.
Answer. I do not believe the Commission should use its rulemaking
authority to address non-compete clauses. The Commission has long
assessed the legality of business conduct on a case-by-case basis,
rather than through blanket rulemaking, and we should continue to do
so. So too have the courts, which have established the firm legal rule
that a covenant not to compete does not violate the Sherman Act if it
is ancillary to a significant lawful business purpose of the contract
and is reasonably limited in scope to protect legitimate interests.\14\
The inquiry into the reasonableness of the scope of the clauses
typically considers the duration, territory, and type of product
involved. To the extent that these factors are factual, the case-by-
case approach of the common law is an appropriate way to develop the
law regarding non-compete clauses. There is no reason to deviate from
the common law tradition to establish Commission rules to assess non-
compete clauses.
---------------------------------------------------------------------------
\14\ See, e.g., Eichorn v. AT&T Corp., 248 F.3d 131, 145 (3d Cir.
2001).
Question 8. Would you agree with me that Hart-Scott-Rodino
premerger notifications help antitrust enforcers catch concerning
mergers?
Answer. Yes, I agree that the premerger notification requirements
of the Hart-Scott-Rodino Premerger Notification Act help antitrust
enforcers identify anticompetitive mergers before they are consummated,
preventing consumer harm. Once a merger is consummated and the firms'
operations are integrated, it can be very difficult, if not impossible,
to ``unscramble the eggs'' and restore the acquired firm to its former
status as an independent competitor.
Question 9. What sort of anticompetitive effects might be raised by
local mergers even when those mergers are too small to require Hart-
Scott-Rodino premerger notification?
Answer. Anticompetitive mergers harm consumers through higher
prices and by reducing quality, choices, and innovation, or by
thwarting competitors' entry into a market.\15\ The arena of
competition affected by a merger may be geographically bounded (e.g.,
confined to a small or local area) if geography limits some customers'
willingness to or ability to substitute to some products, or some
suppliers' willingness or ability to serve some customers.\16\
---------------------------------------------------------------------------
\15\ U.S. Dep't of Justice & Fed. Trade Comm'n Horizontal Merger
Guidelines Sec. 1 (2010), https://www.ftc.gov/public-statements/2010/
08/horizontal-merger-guidelines-united-states-department-justice-
federal (``A merger enhances market power if it is likely to encourage
one or more firms to raise price, reduce output, diminish innovation,
or otherwise harm customers as a result of diminished competitive
constraints or incentives.'').
\16\ Id. at Sec. 4.2. In antitrust analysis, a relevant market
identifies a set of products or services and a geographic area of
competition in which to analyze the potential effects of a proposed
transaction. The purpose of market definition is to identify options
available to consumers. See id. at Sec. 4 (describing market definition
in antitrust analysis).
---------------------------------------------------------------------------
The FTC often examines local geographic markets when reviewing
mergers in retail markets, such as supermarkets, pharmacies, retail gas
or diesel fuel stations, or funeral homes, or in service markets, such
as health care. For example, in a recent Federal court action to enjoin
the proposed merger of two rival physician services providers, the FTC
and State of North Dakota defined the relevant geographic market as the
Bismarck-Mandan, North Dakota, Metropolitan Statistical Area--a four-
county area that includes the cities of Bismarck and Mandan and smaller
communities within the surrounding 40 to 50 mile radius.\17\ The types
of anticompetitive effects that may occur in local markets are the same
as those that may occur in larger geographic markets--higher prices,
lower levels of service, reduced innovation, and fewer choices.
---------------------------------------------------------------------------
\17\ FTC v. Sanford Health, No. 1:17-cv-0133 (D.N.D. Dec. 13,
2017), https://www.ftc.gov/enforcement/cases-proceedings/171-0019/
sanford-health-ftc-state-north-dakota-v. The U.S. District Court for
the District of North Dakota granted the FTC and State of North
Dakota's preliminary injunction motion on December 13, 2017. The
parties have appealed and the case is now pending before the Eighth
Circuit.
Question 10. What action would you recommend either the FTC or
Congress take in order to assist Federal and state antitrust enforcers
in catching local mergers that raise anticompetitive concerns?
Answer. I have no opinion as to whether Congress should take
action, but note that identifying anticompetitive mergers remains one
of the top priorities of the agency's competition mission. The vast
majority of mergers the FTC investigates are reported and examined at
the premerger stage. The FTC, however, also devotes significant
attention to identifying unreported, often consummated, mergers that
could harm consumers. Both for mergers that do not meet the premerger
notification requirements and for conduct matters, the FTC uses the
trade press and other news articles, consumer and competitor
complaints, hearings, economic studies, and other means to identify
harmful practices that threaten competition. The FTC also routinely
works with states' Attorneys General in its enforcement efforts, and
state Attorneys General routinely join the FTC as co-plaintiffs in the
FTC's Federal court litigations, such as in the North Dakota physician
services merger litigation discussed above.
Question 11. Do you believe that horizontal shareholding raises
anticompetitive concerns?
Answer. The short answer is that I do not yet know enough to draw
sound, reliable conclusions here. Very little empirical research has
been done on this topic, and the few studies that have been completed
are quite controversial. At present, this remains a very unsettled
issue.\18\
---------------------------------------------------------------------------
\18\ See Note to the OECD by the United States on Common Ownership
by Institutional Investors and Its Impact on Competition at � 1, DAF/
COMP/WD(2017)86 (Nov. 28, 2017), https://www.ftc.gov/system/files/
attachments/us-submissions-oecd-other-international-competition-fora/
common_ownership_united_states.pdf (explaining that ``[g]iven the
ongoing academic research and debate, and its early stage of
development, the U.S. antitrust agencies are not prepared at this time
to make any changes to their policies or practices with respect to
common ownership by institutional investors.'').
---------------------------------------------------------------------------
There is little doubt that active investment (i.e., investment that
seeks to control a company, obtain board seats and the like) in
competitors can create the kinds of competition problems that the
antitrust laws are designed to address. The antitrust agencies have
long policed improper relationships between corporate competitors, even
when they fall short of a full combination or merger. For example,
Section 8 of the Clayton Act effectively prohibits so-called
``interlocking directorates'' in which an officer or director of one
firm serves as an officer or director of a competitor. But it is an
open question whether the same kinds of problems created by active
investments may also arise as the result of investments by
institutional investors in competing companies.
The general theory is that cross-holdings by large institutional
investors may blunt the competitive vitality of rival firms within that
industry, and lead to higher prices and other effects. For example, if
a company's shareholders have interests in a rival, that company may be
less likely to engage in a price war or other forms of aggressive
competition that could reduce its rival's profits because those profits
are ultimately returned to the company's shareholders through their
interests in the rival. Proponents of this theory note that the risk of
upsetting common investors may make it easier for firms to maintain
stable market conditions or potentially even increase prices over what
might prevail without common ownership by large, institutional
investors. Critics have cited methodological problems in the original
research and various structural issues that would make it difficult or
even impossible for institutional investors to play the disciplining
role envisioned by this theory in the real world. Critics also point
out that any remedy to address these concerns would likely increase the
cost of retail investment and thereby cause harm to ordinary investors.
To date, there is no reliable consensus as to which side in this
debate has the stronger argument, and the limited research suggests
this question will remain unsettled until additional empirical work is
completed in this area. Given the formative nature of the academic
debate, I cannot definitively take a position on this issue. Additional
study is required, which as I mention below, the Commission is
currently helping to facilitate.
Question 12. Do you believe that our antitrust laws can be used to
address the anticompetitive concerns raised by horizontal shareholding?
Answer. As noted above, I am still evaluating the viability of this
concern. The use of the agency's enforcement powers in this area is
therefore premature in my view.
That said, antitrust doctrine is flexible, allowing us to address
even novel harms in the economy. The fact that the FTC has not
litigated a case involving horizontal shareholding by a single
institutional investor is not a bar to the Commission's launching a
meritorious case, should it identify one. However, the Commission's
ability to take future action in this area will be circumscribed by
prior caselaw, due process considerations, and the need to demonstrate
actual anticompetitive effects in the real world.
The Commission is unlikely to take enforcement action in this area
until it has sufficient confidence that it can demonstrate to the
courts both that the underlying theory of harm is robust, and that a
specific set of passive investments has had actual anticompetitive
effects in the real world. Should those conditions be satisfied, the
Commission could take action under current law.
Question 13. What, if anything, are you doing to address any
potential harms of horizontal shareholding?
Answer. In December 2018, the Commission held a full-day workshop
that was largely devoted to exploring the merits of the common
ownership issue in greater detail.\19\ At the workshop, which was part
of our Hearings on Competition and Consumer Protection in the 21st
Century, respected academics and industry experts on both sides of this
issue shared their expertise with both us and the public. The
Commission also invited public commentary on this topic.
---------------------------------------------------------------------------
\19\ FTC Workshop, FTC Hearing # 8: Competition and Consumer
Protection in the 21st Century (Dec. 6, 2018), https://www.ftc.gov/
news-events/events-calendar/ftc-hearing-8-competition-consumer-
protection-21st-century.
---------------------------------------------------------------------------
We are still accepting public comments on this issue. Once the
comment period ends, we intend to carefully evaluate all of the public
submissions and the workshop testimony with a view towards better
refining our understanding of the merits of this concern. Workshops
like the one we held also serve to bring together those of different
views, allowing them to hear and respond to criticisms of their
positions, which we have found to be useful in fostering future
academic work in areas of continuing interest to the agency.
______
Response to Written Questions Submitted by Hon. Catherine Cortez Masto
to Hon. Christine S. Wilson
Pet Leasing
I appreciate the Commission's attention to my request with six of
my colleagues for the FTC to investigate the practice of pet leasing
that is leading some consumers into confusing or deceptive contractual
obligations that cause them to have an issue with their beloved pet and
negatively impact their financial status, such as credit scores, for
far into the future. This is an issue that is a little under the radar
but needs strong oversight and attention under your deceptive practices
mandate if there are concerning financial practices being discovered.
Question. Can I get a further commitment from you all to keep my
office informed of actions and determinations you all may make
pertaining to this concerning issue and the Humane Society and Animal
Legal Defense Fund's formal petition to the Commission?
Answer. The FTC is committed to protecting consumers from unfair or
deceptive acts or practices, including any such practices carried out
by merchants or third party leasing and financing companies. As the
proud owner of four cats and three dogs, I am committed to the well-
being of all pets and their humans. Pet owners are entitled to
understand whether their payments are going towards a lease or a
purchase. For these reasons, I commit to continuing to keep your office
informed of public actions the Commission takes concerning pet leasing
or the Humane Society and Animal Legal Defense Fund's petition to the
Commission.
Data Minimization vs Big Data
A topic that has come up a lot during our discussions on privacy is
data minimization. This is a concept that I have been considering on as
I work on developing a comprehensive data privacy bill. As you're
aware, this is the idea that businesses should only collect, process,
and store the minimum amount of data that is necessary to carry out the
purposes for which is was collected. There are obvious advantages to
this as it minimizes the risk of data breaches and other privacy harms.
At the same time, big data analytics are going to be crucial for the
future and play an important role in smart cities, artificial
intelligence, and other important technologies that fuel economic
growth. I think it is important to find a balance between minimization
and ensuring that data, especially de-identified data, is available for
these applications.
Question. Can you describe how you view this balance and how we in
Congress can ensure that people's data is not abused but can still be
put to use in positive ways?
Answer. Your question neatly captures the dilemma. Businesses can
apply ``big data'' analysis tools to gain insights from large data sets
that help the business to innovate, for example, to improve an existing
product. This analysis can provide new consumer benefits, such as the
development of new features. On the other hand, consumers' data may be
used for unexpected purposes in ways that are unwelcome.\20\
---------------------------------------------------------------------------
\20\ See, e.g., Press Release, FTC Charges Deceptive Privacy
Practices in Google's Rollout of Its Buzz Social Network (Mar. 30,
2011), https://www.ftc.gov/news-events/press-releases/2011/03/ftc-
charges-deceptive-privacy-practices-googles-rollout-its-buzz) (alleging
that Google deceptively repurposed information it had obtained from
users of its Gmail e-mail service to set up the Buzz social networking
service, leading to public disclosure of users' e-mail contacts).
---------------------------------------------------------------------------
The FTC has issued a report on the benefits and risks of big data
that contains guidance for companies that use big data analytics.\21\
Last fall, the Commission also hosted a workshop on the intersections
between big data, privacy and competition.\22\ We are happy to work
with your staff to develop legislation on how to balance the benefits
and risks of big data.
---------------------------------------------------------------------------
\21\ See FTC, FTC Report--Big Data: A Tool for Inclusion or
Exclusion? Understanding the Issues (Jan. 2016), https://www.ftc.gov/
system/files/documents/reports/big-data-tool-inclusion-or-exclusion-
understanding-issues/160106big-data-rpt.pdf.
\22\ See FTC Workshop, FTC Hearing #6: Competition and Consumer
Protection in the 21st Century (Nov. 6-8, 2018), https://www.ftc.gov/
news-events/events-calendar/ftc-hearing-6-competition-consumer-
protection-21st-century.
---------------------------------------------------------------------------
General Privacy Recommendations
Question 1. While privacy was a significant topic of the oversight
hearing, as we look to develop a bill, can you specifically lay out
some of the top priorities you individually would like to see included
and what do you think gets overlooked in the conversations policymakers
have with allowing for future innovations and yet raising the bar for
protecting consumers?
Answer. In its testimony, the Commission urged Congress to consider
enacting privacy legislation that would be enforced by the FTC. The
testimony recognized that, while the agency remains committed to
vigorously enforcing existing privacy-related statutes, Congress may be
able to craft Federal legislation that would more seamlessly address
consumers' legitimate concerns regarding the collection, use, and
sharing of their data and provide greater clarity to businesses while
retaining the flexibility required to foster competition and
innovation. Such legislation would also demonstrate our country's
commitment to global leadership in the digital economy in light of the
patchwork of emerging privacy standards both domestically and abroad.
As far as top priorities for such legislation, first, Congress should
give the Commission authority to deter violations by fining companies
for initial violations, as it has for violations of other statutes.
Second, Congress should ensure that all types of companies across the
economy must protect consumers' privacy and security. As one example,
the Commission has long urged the repeal of the FTC Act's provision
that places limits on the agency's ability to go after law violations
by common carriers and by non-profits. Third, Congress should consider
giving the FTC targeted APA rulemaking authority so that the FTC can
enact rules to keep up with technology developments. Excellent examples
of this approach appear in statutes such as CAN-SPAM and COPPA.
Question 2. Can you also outline the optimal role you see for our
state Attorneys General in this privacy enforcement process?
Answer. The Attorneys General are important partners in protecting
consumers. For a number of statutes, such as COPPA, Congress enacted
legislation that enables Attorneys General to enforce the law in
addition to the Commission. I applaud this model. A number of state
Attorneys General have brought actions to enforce COPPA, for example,
so there is not just one enforcer. And when state Attorneys General
bring these actions, they are enforcing the same standard that other
states and the Commission are enforcing, so the same protections apply
consistently nationwide.
Privacy Risky Communities/Groups
Question 1. Do you think that certain communities or groups are any
more or less vulnerable to privacy risks and harms?
Answer. Yes. Congress previously has recognized that certain
communities or groups may be more or less vulnerable to privacy risks
and harms when promulgating the Children's Online Privacy Protection
Act, and certain provisions of Gramm-Leach Bliley and the Health
Insurance Portability and Accountability Act. The Commission also has
worked to address issues particularly affecting certain communities or
groups through a number of means, including law enforcement as well as
a series of seminars and other events around the country and through
consumer education.\23\
---------------------------------------------------------------------------
\23\ See, e.g., FTC, Website: Common Ground Conferences and
Roundtables Calendar, https://www.consumer.gov/content/common-ground-
conferences-and-roundtables-calendar; FTC, Web
site: Consumer Information--Fraud Affects Every Community, https://
www.consumer.ftc.gov/features/every-community.
Question 2. Should privacy law and regulations account for such
unique or disparate harms, and if so, how?
Answer. Yes. I believe the approach Congress took with COPPA, GLB
and HIPAA is instructive here. Existing laws like the Fair Credit
Reporting Act and the Equal Credit Opportunity Act also provide
important protections against unlawful discrimination. The Commission
is happy to work with you to think through these issues as you craft
legislation.
Immediate Civil Penalties Authority
Noting from your FTC testimony, ``Section 5 (of the FTC Act),
however, is not without limitations. For example, Section 5 does not
provide for civil penalties, reducing the Commission's deterrent
capability.''
Question. While I appreciate the long term successes of the FTC in
many respects to investigate data security matters, what are your
thoughts to whether there is enough of a deterrent effect with Section
5 authority when you can't immediately enforce against those who misuse
data with civil penalties right from the start, rather than as the
result of often times flagrant offenses to their already establish
consent decrees?
Answer. In the data security area, I believe that Congress should
enact legislation giving the FTC the authority to seek civil penalties
against first-time violators, which we cannot currently do under the
FTC Act. I support such legislation precisely because I believe that
our existing legal regime does not provide sufficient deterrence.
[all]