Blog

FTC kicks off commercial surveillance rulemaking process

Julie Rubash, Chief Privacy Counsel
August 15, 2022

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

USA

California Children’s Bill Advances

The California Appropriations Committee voted to advance an amended version of AB2273, the Children’s Age Appropriate Design Code, to the Senate floor.

The bill, as amended, would require online services likely to be accessed by children to comply with certain requirements.

Requirements include configuring default privacy settings for all visitors to the service to the settings that offer a high level of privacy protection, unless otherwise in the best interests of children.

A DEEPER LOOK

AB2273 appears to have been inspired by the UK Age Appropriate Design Code, which went into force in September 2021.

The the initial declarations in the legislation even state the Legislature’s intent that businesses and the California Data Protection Working Group look to the UK Age Appropriate Design Code and the UK Information Commissioner’s Office for guidance and best practices in innovating solutions and best practices for compliance with the California law. 

FTC Kicks Off Commercial Surveillance Rulemaking Process

The Federal Trade Commission issued an Advance Notice of Proposed Rulemaking and opened a comment period, seeking feedback about harms from commercial surveillance practices and whether rules are needed to protect people’s privacy and information.

In particular, the FTC seeks comments and harms to consumers, harms to children and teenagers, how to balance costs and benefits of current practices, and how, if at all, the FTC should regulate harmful commercial surveillance.

Regulations could potentially address data security, use of biometric information, automated decision-making, algorithmic discrimination, and methods for consent, notice, transparency and disclosure.

Stakeholders may submit written feedback and/or participate in a virtual public forum to be held September 8. 

A DEEPER LOOK

Commercial surveillance is described broadly in the notice as the “collection, aggregation, analysis, retention, transfer, or monetization of consumer data and the direct derivatives of that information”.

The terms “commercial surveillance” and “surveillance advertising” have been frequently used over the past year by advocates looking to restrict or even ban targeted advertising.

Comments by the Electronic Privacy Information Center noted that the FTC has a critical role to play in ending “surveillance advertising,” and a petition filed by Accountable Tech encouraged the FTC to prohibit “surveillance advertising” altogether. 

In response to the FTC’s notice, the Network Advertising initiative (NAI) issued a statement calling “surveillance” a loaded term to describe established business practices that benefit consumers, small business, and a competitive marketplace and noting that “tailored advertising, with the right limitations on certain uses of data, does not represent a systemic harm and should not be banned or substantially curtailed.”  

New Rule Makes Digital Marketing Providers Liable in Financial Sector

The Consumer Financial Protection Bureau (CFPB) issued a new interpretive rule clarifying that digital marketing providers acting as service providers to financial firms can be liable under the Consumer Financial Protection Act.

The Act contains an exception for providers of ad space and time, but the CFPB’s rule clarifies that the exception does not apply to digital marketers engaged in ad targeting and delivery, where the provider is identifying or selecting prospective customers and/or selecting or placing content to affect consumer engagement.

This means that the CFPB and other law enforcers can enforce the Act against digital marketers engaged in unfair, deceptive or abusive acts or other financial protection violations. 

WHY IT MATTERS

The FTC typically has enforcement authority against digital marketing providers with respect to unfair or deceptive acts or practices, but this ruling adds another enforcement authority (the CFPB) and another potential claim (abusive practices) that could bring liability to digital marketing providers when servicing clients in the financial sector.

The CFPB’s most recent Supervision and Examination Manual specifically cites engagement in “targeted advertising or marketing in a discriminatory way” as one potential area for examiners to test to determine whether the entity is engaged in unfair, deceptive or abusive acts, so digital marketing providers may pay particular attention to whether their services may cause or contribute to such discrimination in the financial sector.  

EUROPE

Noyb Files Another Round of Cookie Complaints

Privacy watchdog None of Your Business (noyb) filed an additional 226 complaints with 18 data protection authorities across the EEA, claiming GDPR violations by companies using cookie banners that don’t create a “fair yes/no choice”.

BACKGROUND

This is the second round of complaints issued by noyb regarding alleged deceptive cookie banners.

Decisions on the first round (consisting of over 400 complaints) are still pending.

The European Data Protection Board created a taskforce in October 2021 to allow supervisory authorities to exchange views and coordinate responses to the complaints.  

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

FTC and Sensitive Location Data; New Pen Register Class Actions

December 9, 2024

FTC takes action against the sale of sensitive data...

California CPPA Issues Notice of Proposed Rulemaking

November 25, 2024

News out of California this week. The CPPA moved...

Mitigating risk under the Video Privacy Protection Act (VPPA)

November 23, 2024

Because VPPA is just one of many tools being...

Latest White Papers

E-book: Enterprise Guide To Cookie management & Tracker List Curation

July 1, 2024

How to review the tracking tech on your websites...

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]