Comments support the FTC’s ex post harm-based privacy approach
October 26, 2018 — TPI Senior Fellow and President Emeritus Thomas Lenard responded to a Request for Comments by the National Telecommunications and Information Administration (NTIA) on the Administration’s proposed approach to online privacy. NTIA is attempting to generate policies “to ensure that the United States remains at the forefront of enabling innovation and strong privacy protections,” while “reduc[ing] fragmentation nationally and increase[ing] harmonization and interoperability nationally and globally.”
Dr. Lenard’s comments applaud NTIA and the Administration for focusing on an outcomes-based approach, but cautions than many of NTIA’s current proposals focus on inputs rather than outcomes. In his comments, Dr. Lenard states that, “the relevant outcome should be a reduction in privacy harms to consumers. However, what the NTIA calls outcomes – transparency, access, and control – are actually inputs, which implies dictating how firms operate, which the RFC says the NTIA does not want to do. The NTIA does not explain how it expects these inputs to produce privacy benefits-i.e., reduce privacy harms.”
Dr. Lenard also suggests that NTIA should follow the current FTC model saying that, “any new proposal the Administration advances should yield net benefits relative to the current Federal Trade Commission approach…The FTC approach is ex post enforcement based on actual harms. In contrast, the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) use an ex ante regulatory approach that limits the collection, use, sharing, and retention of data in an attempt to protect consumers from hypothetical harms.” The latter approach is costly, because “collecting and analyzing large amounts of data is the basis of much, if not most, of the innovation that has taken place on the internet over the past 20 years.”
Dr. Lenard warned against abandoning the current ex post enforcement approach taken by the FTC, which he believes “has many advantages relative to the ex ante approach reflected in the GDPR and CCPA.”
Dr. Lenard’s full comments are available here.
The last day to submit comments to NTIA on this issue has been extended to November 9, 2018.
Contact: Chris McGurn, 202-445-0820, [email protected]
The Technology Policy Institute
The Technology Policy Institute is a non-profit research and educational organization that focuses on the economics of innovation, technological change, and related regulation in the United States and around the world. More information is available at https://techpolicyinstitute.org/.
