More details on the ANPR are included below; comments will be due 60 days after the ANPR’s publication in the Federal Register. A Public Forum will also be held on September 8.
The Extent of Consumer Harms (including for Children and Teenagers). The ANPR seeks further information on types of harms and how they affect consumers. Questions include, for example, whether and what harms may not be easy to identify or quantify, as well as if a rulemaking should focus on certain kinds of data based on the data’s risks of harm. The ANPR also states that different kinds of consumers may be harmed differently (including children, teenagers, and protected classes) and asks (1) how harms may be particular to various demographics and (2) whether a rulemaking should consider special requirements to protect these demographics. These questions are particularly notable, as the FTC is currently undertaking a separate review of COPPA.
Data Security. The FTC asks how granular data safeguard rules should be and whether it should leverage existing requirements such as those in Children’s Online Privacy Protection Act (COPPA) and the FTC’s Safeguards Rule under the Gramm–Leach–Bliley Act (GLBA).
Notice, Transparency, and Disclosure. The FTC asks what information about consumer data practices should be made public and what processes enable transparency, as well as what role third parties should play in administering disclosure requirements or performing audits or assessments of data practices.
Consumer Consent. The FTC seeks comment on the standard for effective consent, whether some activities should be beyond the ability to consent, and how to provide and enforce opt-out rights.
Collection, Use, Retention, and Transfer of Consumer Data. The FTC asks whether and how it should limit biometric data and personalized or targeted advertising practices. It also seeks input on data minimization, purpose limitation, and data retention requirements, and how to account for interoperability.
Discrimination Based on Protected Categories. The FTC also asks about the prevalence of algorithmic discrimination based on protected categories (e.g., race, sex, age), the impact on consumers, how the FTC should evaluate and address algorithmic discrimination, and whether it should consider rules on algorithmic discrimination in areas where Congress has explicitly legislated, such as housing and employment.
Automated Decision-making Systems. The FTC seeks input on the prevalence and inevitability of algorithmic error in automated decision-making systems; what companies can do to prevent algorithmic errors, if any; and what legal theories support limitations on the use of automated systems or bar the FTC from regulating these and related activities.
Remedies and Obsolescence. The FTC seeks comment on remedy structures for any new rules it adopts and how rulemaking should account for evolving business models and practices.
Cost-Benefit Considerations. The FTC acknowledges that any potential rulemaking involves trade-offs. It seeks to understand the potential costs and benefits of a rulemaking and how it may impact innovation, competition, and consumer access to free services that rely on current models. The ANPR also asks about quantifying these trade-offs, if the analysis is different in the context of children’s information, and if certain companies should be exempt from certain rules based on size or nature of the companies’ consumer data.
Finally, the ANPR also notes that the FTC may pursue additional rulemaking activities subsequent to the above.
Authored by Mark Brennan, Dan Ongaro, Sophie Baum, and Ambia Harper.
