Biden's New Executive Order Looks to Address Data Privacy
White House Asks FTC to Develop New Rules on Consumer Data CollectionIn his latest executive order, President Joe Biden asks the U.S. Federal Trade Commission to establish new rules over how tech firms can collect and use data from their customers as a way to offer more privacy protections for American consumers.
See Also: Using the Netskope HIPAA Mapping Guide
The focus on how large tech firms, such as Facebook, Google and Amazon, collect and use consumer data is one part of an executive order that seeks to address a raft of what the White House calls anticompetitive behavior by corporations that have harmed customers and reduced competition, according to a fact sheet published by the administration on Friday.
Besides asking the FTC to expand protections for consumer data and privacy, the order instructs the U.S. Department of Justice, as well as other federal agencies, to step up their antitrust enforcement, especially when it comes to larger tech firms buying small companies in deals that could stifle competition.
"Over the past [10] years, the largest tech platforms have acquired hundreds of companies - including alleged 'killer acquisitions' meant to shut down a potential competitive threat. Too often, federal agencies have not blocked, conditioned, or, in some cases, meaningfully examined these acquisitions," according to the White House.
The executive order also seeks to address a host of other issues by asking agencies such as the FTC and the Federal Communications Commission to take actions, such as increasing access to broadband internet services, restoring net neutrality rules that were eliminated in 2017, reducing anticompetitive clauses in employee contracts and allowing banking customers to more easily transfer their data.
"Fair competition is what made America the wealthiest, most innovative nation in history," Biden said during a signing ceremony at the White House on Friday.
The FTC and FCC are independent of the White House, which means the Biden administration can only ask these agencies to examine these issues and write new rules that they could enforce. The executive order does not offer specific rules or guidelines about protecting customers' data.
And while the new executive order does not address specific cybersecurity issues, Biden issued a separate order on May 12 that covers a range of security improvements, from ordering departments to adopt modern security practices to addressing how the federal government evaluates and purchases software (see: Biden's Cybersecurity Executive Order: 4 Key Takeaways).
Consumer Data
While the executive order issued Friday does not contain specifics for the FTC, the Biden administration stresses that the broad collection of personal information and other details has given tech firms too much access to sensitive data for business purposes.
"Big tech platforms gathering too much personal information: Many of the large platforms’ business models have depended on the accumulation of extraordinary amounts of sensitive personal information and related data," according to the White House.
What the FTC could do is create new rules for tech firms based on the Fair Trade Commission Act of 1914, which allows the agency to police unfair practices not covered by other laws, says Justin Antonipillai, who served as acting undersecretary for economic affairs at the U.S. Department of Commerce during the Obama administration.
"The FTC has the ability to go after companies that have unfair trade practices if they treat a consumer unfairly," says Antonipillai, now the founder and CEO of security firm WireWheel. "I suspect there will be a series of processes and hearings around their unfairness authority to react to the request from the president."
Antonipillai also points out the current leadership at the FTC has expressed interest in issues of how larger tech firms operate and use their market positions. For instance, Lina Khan, the chair of the FTC, previously worked on a House antitrust investigation of Amazon, Apple, Facebook and Google.
Other Actions
Federal and state lawmakers also have been attempting to address how companies use and collect consumer data. In April, a bipartisan group of senators sent letters to Google, Twitter, Verizon, AT&T and online advertising firms and networks raising national security concerns about the selling of citizens' data, which could end up in the hands of foreign governments (see: Senators Raise Security Concerns Over Selling Personal Data).
In March, U.S. Rep. Suzan DelBene, D-Wash., reintroduced a bill that would create a nationwide data privacy standard to be enforced by the FTC. While the Information Transparency and Personal Data Control Act has 19 co-sponsors in the House, the bill hasn't been scheduled for a hearing as of now.
Also, several states have passed or are planning to enact their own consumer data protection and privacy laws along the lines of the California's Consumer Privacy Act (see: Privacy Legislation Progresses in 5 More States).
Antonipillai says that any new FTC actions could overlap with state laws and create additional uncertainty for companies, which shows there is a need for an overarching federal law to protect data privacy.
"The time has long passed since we should have a national law in place that enables broad enforcement of privacy rights," Antonipillai says. "I don't think that this executive order is going to make it any more likely that this happens. The fact that the administration is approaching this through executive order shows that they don’t think legislation is likely this year."