FTC Releases 2023 Privacy and Data Security Update: A Comprehensive Overview

The Federal Trade Commission (FTC) has unveiled its Privacy and Data Security Update for 2023, showcasing the agency's relentless efforts in safeguarding consumer privacy amidst evolving data usage by companies. Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, emphasized the FTC's proactive stance against indiscriminate data collection and exploitation, underscoring the agency's commitment to securing meaningful remedies to protect consumer information.

The publication underscores the FTC's extensive work in the realm of privacy and data security over the past years. Since 1999, the FTC has brought forth 97 privacy cases, 169 Telemarketing Sales Rule and CAN-SPAM cases, and 89 data security cases. Beyond enforcement actions, the agency has been actively involved in rulemaking and policy endeavors aimed at urging companies to fortify privacy protections and implement robust safeguards for consumer data.

Between 2021 and 2023, the FTC has addressed 5 privacy and security concerns in several pivotal areas, including:

1. Artificial Intelligence (AI):T he FTC has pursued enforcement actions concerning the collection, retention, and utilization of consumer data in AI development. Notable cases include allegations against Amazon Alexa for violating the Children’s Online Privacy Protection Act (COPPA) by indefinitely retaining children’s voice recordings. Similarly, Rite Aid faced charges for deploying AI facial recognition technology that erroneously flagged individuals as wrongdoers.

2. Health Privacy: Protection of sensitive health information remains a paramount FTC priority. Actions in 2023 include final approval of an order banning BetterHelp from sharing health data for advertising purposes and imposing a civil penalty on GoodRx for violating the Health Breach Notification Rule.

3. Children’s Privacy: The FTC has vigorously enforced COPPA, securing a record penalty against Fortnite maker Epic Games. Additionally, actions were taken against ed tech provider Edmodo for using children’s data for advertising and against Amazon for COPPA violations related to its gaming services.

4. Geolocation Data: Given the sensitivity of location data, the FTC has cracked down on its unauthorized use. Notably, the agency sued data broker Kochava Inc. for selling geolocation data that could track individuals' movements, raising concerns about privacy violations.

5. Data Security: The FTC has actively targeted companies failing to implement adequate data security measures. Recent enforcement actions include cases against Global Tel*Link, Drizly, Chegg, and CafePress for data security lapses.

Moreover, the FTC has ensured compliance with the Fair Credit Reporting Act, bringing forth 117 FCRA cases and obtaining over $137 million in civil penalties. This includes actions against Trans Union LLC for inaccurate tenant screening reports.

In addition to enforcement actions, the FTC has engaged in rulemaking and policy initiatives to establish baseline standards for consumer privacy protection. Proposed rules aim to clarify health breach notifications, strengthen COPPA, and address harmful surveillance practices.

The FTC's Privacy and Data Security Update serves as a testament to the agency's unwavering dedication to safeguarding consumer privacy in an increasingly data-driven landscape.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.