Lenard’s FTC Comments Analyze Potential Privacy Regulation Changes
Any new proposed privacy policy should yield net benefits relative to the current Federal Trade Commission approach, according to TPI Senior Fellow and President Emeritus Thomas Lenard in comments submitted to the Commission in connection with its Hearings on Competition and Consumer Protection in the 21st Century.
Lenard stated that the FTC’s ex post enforcement approach based on actual harms has many advantages relative to ex ante regulatory approaches that limit the collection and use of data in an attempt to protect consumers from hypothetical harms. The recently adopted European General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are both examples of the ex ante approach.
Lenard noted that free content and services provided by advertising-supported platforms is valuable to consumers. He pointed out that consumers willingly exchange personal information for those benefits, and that people’s behavior better reflects their real preferences than responses to survey questionnaires.
He acknowledged that these platforms have suffered well-publicized data breaches, but also said that systematic evidence of privacy-related harms to consumers, even from these episodes, is difficult to find.
Lenard’s analysis, moreover, suggests that markets are working. While consumers may not have suffered from these data breaches, the firms responsible for them have, as reflected in large declines in their stock prices, creating an incentive to avoid breaches.
Lenard noted that privacy regulations favor large incumbents and make entry by new firms more difficult. For example, companies like Google and Facebook appear to be benefitting from the GDPR, while smaller companies are leaving the European market to avoid the costs and risk of large fines for noncompliance.
Lenard concluded that while there is a strong argument in favor of a national regime that would preempt state laws, abandoning the current approach in favor of a national version of some variant of the approach taken by the GDPR and the CCPA would likely entail substantial costs to consumers and producers of digital goods and services.
Contact: Ashley Benjamin, 202-495-7727, [email protected]
The Technology Policy Institute
The Technology Policy Institute is a non-profit research and educational organization that focuses on the economics of innovation, technological change, and related regulation in the United States and around the world. More information is available at https://techpolicyinstitute.org/.
