On Thursday, September 13th , the FTC began its Hearings on Competition and Consumer Protection in the 21st Century. It was the first in a series of hearings on whether recent economic, business, technological, or international developments require changes to the FTC’s competition and consumer protection enforcement priorities. The series will provide the FTC with a range of viewpoints to evaluate current enforcement and policy in light of today’s digital landscape.
The focal points of the discussion were antitrust law, consumer protection, and consumer data regulation. Across all three categories, panelists highlighted the importance of clear policy goals to ensuring industry compliance, and supported the FTC’s endorsement of self-regulation.
The following is a summary of the points made by panelists in each of the three discussions:
A. Antitrust Law:
The fist topic of discussion was the current landscape of competition and consumer protection law and policy. It primarily focused on the current state of antitrust law. Panelists cautioned a return to the populist antitrust theories of the 1970’s, stating that a reliance on simple market concentration would be harmful to innovation. Antitrust law should not be used as a tool to dismantle the giant technology companies simply because of amorphous concepts of bigness and fairness.
Absent a legitimate antitrust concern, antitrust law is poorly designed to combat social issues like privacy, which are better suited to other forms of enforcement. The discussion clearly emphasized that politically or socially motivated enforcement is a misuse of antitrust law. Instead, antitrust law should focus on providing an adaptable framework and economic concepts for changing market conditions. They should be sufficiently flexible to apply across a broad area of industries. Such policy should be shaped from sophisticated data rather than broad, aggregated industry data.
Moreover, the FTC should continue its effort to harmonize international antitrust substance and procedure, such as by establishing a multilateral framework for antitrust cases. As globalization of antitrust continues, the FTC may need to go beyond soft international guidance to establish a basis for evaluating the actual implementation of such guidance.
B. Consumer Protection:
To help new entrants and multinational companies navigate the global patchwork of consumer protection and privacy laws in the U.S., regulatory guidance must clearly establish the rights of consumers and businesses. Harm to consumers should be interpreted to include the harms contemplated by common law privacy torts because of the abstract nature of the injuries that are made possible by emerging technology. The FTC should support self-regulatory efforts to enhance its mission of fighting fraud, deception, and unfair business practices. Self-regulation and industry standards incentivize businesses to do the right thing while remaining competitively viable. Further, self-regulation is cost-efficient for the FTC (the NAI was specifically highlighted as an example of strong self-regulation).
Consumer education is essential for navigating new marketplaces, and will ensure that the reasonable person standard is not diluted in light of unfamiliar, emerging markets. Similarly, the FTC should consider allocating more resources to its technological capacity, such as by adding a technology department to the agency.
C. Consumer Data Regulation:
The FTC must establish clear goals, values, and implementation measurements for privacy and data security policy. These policies must balance consumer sovereignty and privacy with marketplace efficiencies and the tremendous benefits that the digital economy has provided to consumers. Though the panelists disagreed as to what constitutes a privacy harm, each of them stressed the importance of articulating the particular harm that a policy is meant to prevent. Some thought that harm should be broadly interpreted to include risk and breach of consumer expectations, while others believed that the FTC should only involve itself when there is a substantial harm to consumers.
The panelists also compared U.S. privacy and consumer protection law to European law. The U.S. sectoral approach to privacy lacks consistency and business efficiencies compared to the EU’s comprehensive privacy law. Meaning that it is difficult to clearly articulate how data is protected in the U.S. because it often depends on who holds the data and what the data entails. The haphazard nature of this approach has lead California and the EU to take the helm of privacy regulation. Today, businesses focus their compliance efforts primarily on the GDPR and various California laws, such that they do not look to U.S. law more broadly as to how to build privacy programs and practices. However, commitments to privacy in the EU are typically only met when there is strong enforcement of those commitments. It remains to be seen whether European data protection authorities will truly be able to enforce GDPR for non-compliant businesses that are primarily located in the US.
The FTC has an opportunity to strike a balance between the less permissive European laws and the current scattered approach to data regulation in the US. The agency is well- positioned to do so by engaging the public in these hearings to thoughtfully and creatively keep pace with competition and consumer protection enforcement and policy in the 21st century.