August 12, 2022

FTC issues ANPR to ‘crack down’ on harmful commercial surveillance and data security practices

Consumer protectionThe Federal Trade Commission (FTC) on Thursday announced that it would begin soliciting public feedback through an advance notice of proposed rulemaking (ANPR), in an effort to mitigate harmful commercial surveillance and relaxed data security practices. The FTC defines commercial surveillance as “the business of collecting, analyzing, and profiting from information about people,” calling attention to the increased risks of data breaches, deceptions, and other harms it has caused consumers.

“Firms now collect personal data on individuals at a massive scale and in a stunning array of contexts,” said FTC Chair Lina M. Khan. “The growing digitization of our economy—coupled with business models that can incentivize endless hoovering up of sensitive user data and a vast expansion of how this data is used—means that potentially unlawful practices may be prevalent.”

The agency is seeking public comment related to commercial data collection and use practices, asking for input on whether it should implement new regulations to prevent or deter related consumer harms. The public will have an opportunity to share input during a virtual public forum, hosted by the FTC, on September 8.

The FTC currently lacks the authority to enforce regulations over credit unions. However, the ANPR suggests a rulemaking designed to regulate the collection and use of consumers’ data across the entire economy, and the NAFCU-opposed American Data Privacy and Protection Act (ADPPA), which passed the House Energy and Commerce Committee last month, could soon provide the FTC broad authority to implement and enforce new data privacy and date security standards, including over credit unions. 

The association has repeatedly told Congress that any comprehensive legislation must also recognize the robust federal data privacy standards that have been in place for decades, including the Gramm-Leach-Bliley Act (GLBA), and should avoid conflicting or duplicative disclosure requirements by incorporating easy-to-understand language consistent with the GLBA’s disclosure requirements.

NAFCU has long advocated for comprehensive federal data privacy regulation that requires fintechs and other companies to follow the same robust data privacy and data security standards credit unions have followed for decades. NAFCU will be re-releasing its data privacy principles soon. The association will continue to update credit unions via NAFCU Today.