The Commission's remedial authority to deter unfair and deceptive conduct in privacy and data security matters #FTC-2018-0052-D-0009

Submission Number:
FTC-2018-0052-D-0009
Commenter:
Adrian Gropper
Organization:
Patient Privacy Rights
State:
Massachusetts
Initiative Name:
The Commission's remedial authority to deter unfair and deceptive conduct in privacy and data security matters
5 - The Commissions remedial authority to deter unfair and deceptive conduct in privacy and data security matters; FTC enforcement on the basis of privacy policy is no longer practical from a consumer perspective. Enforcement needs to be around adherence to standardized contracts and standardized language. Notice and consent are not working any more because of the vast asymmetry in education, power, and attention that corporations can leverage in writing privacy policies and data use agreements. Regulatory strategy needs to shift to standardized information governance labels analogous to the standard nutrition labels we have on food. This would eliminate the ability to wordsmith and confuse that we see with current privacy policy statements.