Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

FTC Looking at Rules to Corral Tech Firms’ Data Collection

Whether it’s the fitness tracker on your wrist, the “smart” home appliances in your house or the latest kids’ fad going viral in online videos, they all produce a trove of personal data for big tech companies.

Whether it’s the fitness tracker on your wrist, the “smart” home appliances in your house or the latest kids’ fad going viral in online videos, they all produce a trove of personal data for big tech companies.

How that data is being used and protected has led to growing public concern and officials’ outrage. And now federal regulators are looking at drafting rules to crack down on what they call harmful commercial surveillance and lax data security.

The Federal Trade Commission announced the initiative Thursday, seeking public comment on the effects of companies’ data collection and the potential benefit of new rules to protect consumers’ privacy.

The FTC defines commercial surveillance as “the business of collecting, analyzing and profiting from information about people.”

In Congress, bipartisan condemnation of the data power of Meta — the parent of Facebook and Instagram — Google and other tech giants that have earned riches by aggregating consumer information used by online advertisers, has brought national data privacy legislation to its closest point ever to passage.

Around the country, parents’ concern has deepened over the impact of social media on children. Frances Haugen, a former Facebook data scientist, stunned Congress and the public last fall when she exposed internal company research showing apparent serious harm to some teens from Instagram. Those revelations were followed by senators grilling executives from YouTube, TikTok and Snapchat about what they’re doing to ensure young users’ safety in the wake of suicides and other harms to teens attributed by their parents to their usage of the platforms.

As concerns rise, social media platforms from Snapchat to TikTok to Instagram are adding new features they say will make their services safer and more age appropriate. But the changes rarely address the algorithms pushing endless content that can drag anyone, not just teens, into harmful rabbit holes.

The Democratic members of the FTC said Thursday it’s imperative for Congress to pass a new law, but that the agency was taking action in the meantime by issuing the notice of proposed rules.

Advertisement. Scroll to continue reading.

“Mass surveillance has heightened the risks and stakes of data breaches, deception, manipulation and other abuses,” the FTC said.

Agency officials noted that the FTC has brought hundreds of enforcement actions against companies over the last two decades for violations of privacy and data security. They included cases involving the sharing of health-related data with third parties, the collection and sharing of sensitive TV viewing data for targeted advertising, and failure to put in adequate security measures to protect sensitive data such as Social Security numbers.

However, the officials said, the FTC’s ability to deter illegal conduct is limited because it generally lacks authority to seek financial penalties for initial violations of law. That could change if the comprehensive privacy legislation were to clear Congress.

“Firms now collect personal data on individuals at a massive scale and in a stunning array of contexts,” FTC Chair Lina Khan said in an online news conference. “Our goal today is to begin building a robust public record to inform whether the FTC should issue rules to address commercial surveillance and data security practices, and what those rules should potentially look like.”

“We are very, very eager to hear from the public,” Khan said.

Topics of interest could include how companies use algorithms and automated systems to analyze the information they collect, and the potential effects of various data practices.

Khan, who was an outspoken critic of Big Tech as a law professor, was appointed by President Joe Biden last year to head the FTC — an independent agency that polices competition and consumer protection as well as digital privacy.

The rulemaking proposal was adopted in a 3-2 vote by the five FTC commissioners. Khan and the other two Democrats voted to issue it, while the two Republicans opposed it.

On Tuesday, Snapchat introduced new parental controls in what it calls the “Family Center” — a tool that lets parents see who their teens are messaging, though not the content of the messages themselves. Both parents and their children have to opt into the service.

Related: New Mexico Sues Google Over Collection of Children’s Data

Related: German Consumer Group Sues Tesla Over Privacy, Climate

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Compliance

Web scraping is a sensitive issue. Should a third party be allowed to visit a website and use automated tools to gather and store...

Cloud Security

Proofpoint removes a formidable competitor from the crowded email security market and adds technology to address risk from misdirected emails.