Comments come as Cantwell launches full court press to empower feds to fight digital abuses; hold tech companies accountable
WASHINGTON, D.C. – U.S. Senator Maria Cantwell, Chair of the Senate Committee on Commerce, Science, and Transportation today underscored the urgent need to strengthen federal digital protections for children during a subcommittee hearing in response to revelations that Facebook and Instagram were aware of the harmful impact its products have on children and teenagers. Today’s comments follow a hearing Sen. Cantwell chaired yesterday regarding her push to create a privacy and data security enforcement bureau at the Federal Trade Commission (FTC) and invest significant federal resources to ensure it is equipped with the authorities and resources to fight digital harms and hold bad actors accountable for privacy violations, deception, data breaches, internet scams, ransomware assaults and other data abuses.
“Data collection of children… should have more aggressive attention… and we need to update the Children’s Online Privacy Protection Act,” Sen. Cantwell said at today’s subcommittee hearing. “I think it’s very important to understand that our committee would like to move forward on stronger privacy legislation.”
At Sen. Cantwell’s full committee hearing yesterday, senators heard directly from former FTC officials who recounted how the severe lack of resources, technology and staffing expertise has left the agency unable to keep pace with the growing wave of privacy and data abuses. Sen. Cantwell pushed to for $1 billion in federal funding as part of the Build Back Better bill to create a robust privacy and data security enforcement bureau at the FTC and called for a bureau in her 2019 privacy legislation.
“Our precise locations, fitness regimens, computer strokes, and even our friends and family networks have basically been turned into commodities,” Sen. Cantwell said, explaining that while a digital economy has created new services and products, “it also exposed and threatened consumer privacy by unnecessarily collecting, storing, selling, and exposing consumers’ most personal data to theft and harm.”
“[F]rom July 2019 through July 2020, more than 650,000 residents of my state, Washington, were victims of data breaches, including the release of their healthcare information, banking records, social security numbers, and credit card information,” Cantwell continued. “The truth is that our economy has changed significantly and the Federal Trade Commission has neither the adequate resources, nor the technological expertise at the FTC to adequately protect consumers from harm.”
“Even where the FTC has taken enforcement actions against companies, the companies continue to violate those FTC orders, which is beyond frustrating,” Sen. Cantwell added. “Even though the FTC has been able to use their current authority of unfair and deceptive practices, companies like Facebook or others may gladly pay a $5 billion fine, when actually, they can still make over $70 billion a year from some of these same practices.”
Asked by Cantwell if they “support more resources at the FTC, similar to what we’ve been talking about as it relates to this reconciliation item on the FTC having more of a privacy enforcement authority,” all four witnesses agreed, including David Vladeck, former Director of the Federal Trade Commission Bureau of Consumer Protection and current Faculty Director at the Center on Privacy and Technology, Georgetown Law; Maureen Ohlhausen, former Acting Chair of the Federal Trade Commission and current Partner and Section Chair, Baker Botts; Ashkan Soltani, former Chief Technologist of the Federal Trade Commission and current Independent Researcher and Technologist; and Trade Morgan Reed, President of the App Association.
Click HERE to watch Cantwell’s exchange with the witnesses.
Vladeck described the impact Cantwell’s proposal to boost resources by $1 billion would have on the FTC’s enforcement capacity: “One area in which [the FTC needs] resources is being able to hire more technologists and engineers. I don’t think the FTC has ever had a cohort as many as 10 technologists on staff. When it comes to enforcement, oversight of existing consent decrees, there is a division within the Bureau of Consumer Protection that has about 45 staff members, and oversees more than 1,000 ongoing consent orders, or litigated orders imposed by a court. The volume of orders that need to be sorted, reviewed and subject to reporting requirements overwhelms the ability of staff to do the kind of surveillance of a company under orders is required,” he said.
“Take a look at Facebook, it was the one of the first real major privacy orders we engaged in. We did not have technologists and staff who could spend time reviewing closely what the company was doing,” Vladeck continued. “And that’s an endemic problem. And it’s going to be an enduring problem unless Congress devotes more resources to the FTC.”
“[T]he FTC is critically under-resourced to oversee the nation’s myriad of privacy and cybersecurity issues,” Soltani testified. “With a bare bones staff of about 40 attorneys and a handful of technologists, their resources pale in contrast to their counterparts in other countries. The resource problem is exasperated when businesses choose to litigate a case rather than accept a settlement. The proposal to create a fund and new bureau at the FTC is a strong step forward at providing the commission with new resources it needs desperately to effectively protect consumers in the digital economy. A new bureau focused on technology and data protection would help the FTC support its mission of placing unfair and deceptive trade practices related to privacy, data security, identity theft, and data abuses.”