You often hear the FTC described as America’s top cop on the privacy beat. We’re not the only agency working on privacy and data security issues, of course, but we have the broadest jurisdiction. And for more than 20 years, we have used it thoughtfully and forcefully to protect consumers even as new products and services emerge and evolve.
Part of our work involves the enforcement of specific laws and rules that protect the privacy of certain health, credit, and financial data. We also enforce the Children’s Online Privacy Protection Act and the COPPA Rule to make sure companies don’t collect personal information from kids online without their parents’ permission.
But that’s only part of our story. We use the FTC Act’s general prohibition on unfair and deceptive acts and practices to challenge allegedly illegal conduct involving the privacy and security of all kinds of consumer information. Our reach extends across the marketplace, touching on sectors as diverse as retail, advertising, credit reporting, health, financial, tech hardware, software, mobile, and social media.
As law enforcers, we walk the walk. To date, we’ve brought over 130 spam and spyware cases, over 120 Do Not Call cases targeting illegal telemarketing, over 100 Fair Credit Reporting Act actions, approximately 60 data security cases, more than 50 consumer privacy actions, almost 30 cases for violations of the Gramm-Leach-Bliley Act, and over 20 actions enforcing COPPA.
That long list of enforcement actions includes cases that protected consumer interests in the brick-and-mortar world and online. Depending on the nature of the violation, we’ve challenged the practices of smaller companies and global giants. The cases cover all parts of the internet ecosystem, including social networks, search engines, ad networks, online retailers, mobile apps, device manufacturers, and participants in the Internet of Things (IoT) marketplace.
Furthermore, the FTC Act’s broad ban on unfair and deceptive practices has allowed us to challenge a host of harmful privacy- and security-related violations. We’ve sued businesses that made deceptive claims about how they collect, use, and share consumer data. We’ve challenged companies that failed to provide reasonable security for people’s personal information and IoT devices. We’ve targeted businesses that spammed consumers, deceptively tracked them online, installed spyware or other malware on their computers, publicly posted sensitive data online without consumers’ knowledge or consent, and invaded consumers’ privacy by violating Do Not Call and other telemarketing provisions..
For companies that have violated the law – and for savvy businesses that read case announcements with a discerning “What can I learn from this?” eye – FTC law enforcement actions send a message about the need to protect consumers’ privacy. But our gaze is forward-facing, too. As the enforcement leader in the privacy and security arena, we’ve used recent conferences on topics like drones and FinTech to focus the national conversation on keeping consumer privacy and data security front and center as new technologies emerge.
How can you keep up to date on what’s up on our beat? Once a year, we release our Privacy and Security Update. The latest update for 2016 and updates for 2015, 2014, and 2013 tell you where we’ve been on behalf of America’s consumers – and where we’re going. What these updates demonstrate is that even as technology and the privacy landscape evolve, our interest remains constant: to protect consumers’ personal information and ensure that they can confidently take advantage of the many benefits offered by a vibrant and innovative marketplace.