FTC kicks off commercial surveillance rulemaking process

Julie Rubash, Chief Privacy Counsel
August 15, 2022

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.


California Children’s Bill Advances

The California Appropriations Committee voted to advance an amended version of AB2273, the Children’s Age Appropriate Design Code, to the Senate floor.

The bill, as amended, would require online services likely to be accessed by children to comply with certain requirements.

Requirements include configuring default privacy settings for all visitors to the service to the settings that offer a high level of privacy protection, unless otherwise in the best interests of children.


AB2273 appears to have been inspired by the UK Age Appropriate Design Code, which went into force in September 2021.

The the initial declarations in the legislation even state the Legislature’s intent that businesses and the California Data Protection Working Group look to the UK Age Appropriate Design Code and the UK Information Commissioner’s Office for guidance and best practices in innovating solutions and best practices for compliance with the California law. 

FTC Kicks Off Commercial Surveillance Rulemaking Process

The Federal Trade Commission issued an Advance Notice of Proposed Rulemaking and opened a comment period, seeking feedback about harms from commercial surveillance practices and whether rules are needed to protect people’s privacy and information.

In particular, the FTC seeks comments and harms to consumers, harms to children and teenagers, how to balance costs and benefits of current practices, and how, if at all, the FTC should regulate harmful commercial surveillance.

Regulations could potentially address data security, use of biometric information, automated decision-making, algorithmic discrimination, and methods for consent, notice, transparency and disclosure.

Stakeholders may submit written feedback and/or participate in a virtual public forum to be held September 8. 


Commercial surveillance is described broadly in the notice as the “collection, aggregation, analysis, retention, transfer, or monetization of consumer data and the direct derivatives of that information”.

The terms “commercial surveillance” and “surveillance advertising” have been frequently used over the past year by advocates looking to restrict or even ban targeted advertising.

Comments by the Electronic Privacy Information Center noted that the FTC has a critical role to play in ending “surveillance advertising,” and a petition filed by Accountable Tech encouraged the FTC to prohibit “surveillance advertising” altogether. 

In response to the FTC’s notice, the Network Advertising initiative (NAI) issued a statement calling “surveillance” a loaded term to describe established business practices that benefit consumers, small business, and a competitive marketplace and noting that “tailored advertising, with the right limitations on certain uses of data, does not represent a systemic harm and should not be banned or substantially curtailed.”  

New Rule Makes Digital Marketing Providers Liable in Financial Sector

The Consumer Financial Protection Bureau (CFPB) issued a new interpretive rule clarifying that digital marketing providers acting as service providers to financial firms can be liable under the Consumer Financial Protection Act.

The Act contains an exception for providers of ad space and time, but the CFPB’s rule clarifies that the exception does not apply to digital marketers engaged in ad targeting and delivery, where the provider is identifying or selecting prospective customers and/or selecting or placing content to affect consumer engagement.

This means that the CFPB and other law enforcers can enforce the Act against digital marketers engaged in unfair, deceptive or abusive acts or other financial protection violations. 


The FTC typically has enforcement authority against digital marketing providers with respect to unfair or deceptive acts or practices, but this ruling adds another enforcement authority (the CFPB) and another potential claim (abusive practices) that could bring liability to digital marketing providers when servicing clients in the financial sector.

The CFPB’s most recent Supervision and Examination Manual specifically cites engagement in “targeted advertising or marketing in a discriminatory way” as one potential area for examiners to test to determine whether the entity is engaged in unfair, deceptive or abusive acts, so digital marketing providers may pay particular attention to whether their services may cause or contribute to such discrimination in the financial sector.  


Noyb Files Another Round of Cookie Complaints

Privacy watchdog None of Your Business (noyb) filed an additional 226 complaints with 18 data protection authorities across the EEA, claiming GDPR violations by companies using cookie banners that don’t create a “fair yes/no choice”.


This is the second round of complaints issued by noyb regarding alleged deceptive cookie banners.

Decisions on the first round (consisting of over 400 complaints) are still pending.

The European Data Protection Board created a taskforce in October 2021 to allow supervisory authorities to exchange views and coordinate responses to the complaints.  

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

Revised Version of APRA Advances Out of U.S. House Subcommittee

May 28, 2024

New Version of the American Privacy Rights Act of...

Exciting New Diagnose Features: New Filters and More Vendor Details

May 21, 2024

New features to help you with your vendor governance,...

Minnesota Sends Comprehensive Privacy Law to Governor

May 20, 2024

Minnesota Sends Privacy Law to Governor. One day before the...

Latest White Papers

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Ebook: A Publisher’s Guide to Vendor List Curation

December 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]