ALL (PRIVACY) IS NOT LOST: ATTORNEYS GENERAL AND PRIVACY PROTECTION
By: Mitchell Noordyke, Volume 101 Staff Member
In March, the House and Senate voted to prevent portions of the FCC Privacy Rule from going into effect. This rule would have required more demanding protocol from broadband internet access service and telecommunications service providers to ensure protection of consumer data. It sought greater transparency into service provider privacy practices and prioritized choice for consumers regarding the handling of their data. The striking down of the FCC Privacy Rule is a signal for what the federal government’s approach to privacy will be under the new administration. “Given the . . . presidential administration of Donald Trump and the Republican Party’s control of both Houses of Congress, federal agencies like the FTC and FCC will likely slow down their consumer privacy enforcement efforts.” However, consumers need not rely on federal agencies to protect their privacy, as state attorneys general have played an important role policing privacy and establishing privacy norms in the past and are likely to play a larger role in the future.
Predictions that federal consumer privacy enforcement under a Trump administration would slow have proven to be correct. The response from proponents of consumer privacy and net neutrality regulation to Donald Trump’s appointment of Ajit Pai as chairman of the FCC indicate fear for the fate of consumer privacy. Additionally, acting FTC chairwoman, Maureen Ohlhausen’s, philosophy of “regulatory humility” alludes to a diminished role for the FTC in regulating privacy under the Trump administration. However, the decreased role of federal agencies in the protection of consumer privacy does not mean consumers will be without protection. Instead, those concerned about the future of consumer privacy should look to state attorneys general to take a leadership role in defending privacy.
Not only can state attorneys general offices move more nimbly than their federal counterparts in response to changing privacy concerns, they are positioned to respond to local matters. As “the first to see and understand the cons and conmen working their way through the system, receiving and fielding consumer complaints about everything . . . . [They] often see problems consumers are facing before [the FTC] . . . .” These local matters soon develop into specialties that allow states to act as bellwethers for the industries in which they specialize. For example, California has developed a specialty responding to privacy issues in the technology sector, Massachusetts and Connecticut have particular strength in health privacy and data security matters, and New York specializes in financial sector privacy.
State attorneys general offices have played an active role developing the privacy standards the U.S. enjoys today. Though subject to less fanfare than federal agencies, their impact should not be overlooked. Critiques to state attorneys general privacy action fear a “pile-up” effect in which organizations face “all 50 attorneys general [jumping] on [them] separately.” However, this has been shown to be an “illusion” due to limited resources and “AG offices [looking] for partners to share the burden of litigation.” With a history of success protecting privacy, a broad tool belt for enforcement, and valuable specialties in high-interest industries, state attorneys general will likely play a more prominent role in U.S. privacy regulation under the current political conditions.
- S.J. Res. 34, 115th Cong. (as passed by House, Mar. 28, 2017). ↑
- Protecting the Privacy of Customers of Broadband and Other Telecommunications Services, 81 Fed. Reg. 87,274, 87,274–276 (Oct. 27, 2016) (to be codified at 47 C.F.R. pt. 64). ↑
- Id.; see also Ronald Waclawski, Looking Back at the FCC’s Privacy Rules, Minn. L. Rev. De Novo (Apr. 18, 2017), http://www.minnesotalawreview.org/2017/04/looking-back-at-fcc-privacy-rules (detailing the content of the FCC Privacy Rule, the FCC’s move to block its enactment under new FCC chairman Ajit Pai, and the industry response to the Rule). ↑
- See id. at 811 (concluding that “[s]tate attorneys general have played a critical role in U.S. privacy law” and urging for more action in the future). ↑
- Daniel Cooper, Trump’s FCC Head Is Doing Exactly What We Expected: A Summary of Ajit Pai’s First Two Weeks as Head of the FCC, Engadget (Feb. 9, 2017), https://www.engadget.com/2017/02/09/trump-fcc-first-two-weeks (summarizing Pai’s activities during his first two weeks as Chairman, which included beginning “the process of undermining the principles of net neutrality” and cancelling the FCC’s zero rating investigation). ↑
- See, e.g., id.; Jacob Kastrenakes, Trump’s New FCC Chief Is Ajit Pai, and He Wants To Destroy Net Neutrality, The Verge (Jan. 23, 2017), http://www.theverge.com/2017/1/23/14338522/fcc-chairman-ajit-pai-donald-trump-appointment. But cf. Harold Furchtgott-Roth, President Trump Designates Ajit Pai As Chairman of FCC, Forbes (Jan. 22, 2017), https://www.forbes.com/sites/haroldfurchtgottroth/2017/01/22/president-trump-designates-ajit-pai-as-chairman-of-fcc/#12d5e17e1577 (approving of Pai’s appointment due to the author’s perception that Pai will push for more deregulation). Pai has a track record of opposition to net neutrality and consumer privacy regulation. See Brian Fung, Trump Taps Net Neutrality Critic To Lead the FCC, Wash. Post (Jan. 23, 2017), https://www.washingtonpost.com/news/the-switch/wp/2017/01/23/meet-donald-trumps-official-new-fcc-chairman-ajit-pai/?utm_term=.1517226ab513 (emphasizing Pai’s recent opposition to FCC net neutrality and consumer privacy decisions). ↑
- See Remarks by FTC Commissioner Maureen K. Ohlhausen, Antitrust Policy for a New Administration, Jan. 24, 2017, https://www.ftc.gov/system/files/documents/public_statements/1051993/antitrust_policy_for_a_new_administration.pdf. ↑
- The author does not seek to diminish state attorneys’ general already impactful role in protecting privacy. ↑
- See Keats Citron, supra, note 4, at 748, 811. ↑
- See id. at 752–85 (2016) (summarizing the efforts made by state attorneys general to address a wide array of privacy-related issues). “State attorneys general have been on the front lines of privacy enforcement since before the intervention of federal agencies. In the 1990s, while the Federal Trade Commission (FTC) was emphasizing self-regulation, state attorneys general were arguing that consumer protection laws required the adoption of Fair Information Practice Principles (FIPPs).” Id. at 749 (citing Denise Gellene, Chalk One Up for Privacy: American Express Will Inform Cardholders That It Sorts Them for Sales Pitches, L.A. Times (May 14, 1992), http://articles.latimes.com/1992-05-14/business/fi-3033_1_american-express; Chris Woodyard, Lungren Joins Suit Accusing TRW of “Illegal Practices”, L.A. Times (July 9, 1991), http://articles.latimes.com/1991-07-09/business/fi-2151_1_trw-s-credit; Telephone Interview with Susan Henrichsen, Cal. Assistant Att’y Gen. 1990-2005 (July 14, 2015); Chris Oakes, Michigan Warns Sites on Privacy, Wired (June 14, 2000), http://archive.wired.com/politics/law/news/2000/06/36967?currentPage=all; Dee-Ann Durbin, Privacy Rights on Web Sought: State Attorneys General Take Lead on Privacy, Ledger (Feb. 10, 2001), https://news.google.com/newspapers?nid=1346&dat=20010210&id=uCJOAAAAIBAJ&sjid=eP0DAAAAIBAJ&pg=6251,6993124&hl=en). ↑
- Id. at 750. ↑
- Id. at 763–71. State attorneys general are also responsible for norms pertaining to use restrictions, sexual privacy, youth privacy, and telephone privacy. Id. at 771–77. ↑
- Id. at 755 (recognizing California, Connecticut, Illinois, Indiana, Maryland, Massachusetts, New Jersey, New York, North Carolina, Ohio, Pennsylvania, Texas, Vermont, and Washington as “a core group of states [that] have taken the lead on privacy enforcement . . . .”). Twenty-seven states have joined multistate enforcement efforts in the past five years. Id. at 757. ↑
- Id. at 753–54, 759–60. ↑
- Id. at 760 (quoting Connecticut Attorney General George Jepsen). ↑
- Kamala Harris (@KamalaHarris), Twitter (Oct. 12, 2012, 8:27 AM), https://twitter.com/kamalaharris/status/256778084219502592. ↑
- Keats Citron, supra note 4, at 766. ↑
- Annie Bai & John Kennedy, Apps Gone Wild? The FTC and California AG Seek To Rein in Mobile App Privacy Practices, Int’l Ass’n of Privacy Profs.: The Privacy Advisor (Mar. 1, 2013), https://iapp.org/news/a/2013-03-01-apps-gone-wild-the-ftc-and-california-ag-seek-to-rein-in-mobile. ↑
- See Keats Citron, supra note 4, at 786. ↑
- Id. ↑
- See id. at 786-88 (describing the different industry-specific privacy specialties develop by state attorneys general). ↑
- Id. ↑
- Id. at 796 (quoting Sara Cable, Assistant Attorney General of Massachusetts). ↑
- Id. at 796. ↑