Chris Jay Hoofnagle, FEDERAL TRADE COMMISSION: PRIVACY LAW AND POLICY (2016)
Reviewed by Dee Pridgen
Chris Hoofnagle has put together an impressive, authoritative and useful treatise on the law of consumer privacy in the U.S. and the role of the Federal Trade Commission. This book is an excellent read for all those interested in consumer privacy, and should prove to be a valuable resource for years to come.
Part I is a detailed description of the history, structure, political context and legal authority of the FTC, vis a vis its consumer protection mission. This part could be a worthwhile stand-alone reference work in itself, since the FTC has not been studied this closely by other scholars in recent years. Hoofnagle exhibits a deep understanding of the FTC’s “unfair and deceptive trade practices” mandate, and how it has come to be used in the protection of consumer privacy. Hoofnagle concludes, correctly, that the FTC is “the country’s top privacy cop,” a role that started to emerge in the 1990’s, but is based on its experience in consumer protection since the mid-1930’s. As Hoofnagle notes, the FTC doesn’t often get the recognition it should, especially since the creation of the Consumer Financial Protection Bureau (CFPB) in 2010 threatened to overshadow the FTC.
Part II traces the history of FTC privacy actions from the mid-1990’s to the present. Hoofnagle notes that due to the quirks of the FTC’s legal authority to issue regulations, the FTC has taken mostly a case by case approach. Indeed, a “common law” of consumer privacy has emerged from the collection of FTC consent orders, especially in the area of data security. The industry basically looks to the specifications in these consent orders as a code of “best practices” they would be wise to adopt to escape FTC scrutiny. As to consumer online privacy, the FTC promotes industry self-regulation, and has supported “notice and choice” disclosures, which Hoofnagle recognizes as somewhat weak and ineffective, as shown by behavioral economics. The book also features accurate summaries and insightful critiques of specific privacy-related federal statutes, including COPPA (Children’s Online Privacy Protection Act), FCRA (Fair Credit Reporting Act), CANSPAM, Telemarketing Sales Act and FDCPA (Fair Debt Collection Practices Act). Hoofnagle also compares the European privacy laws to those of the U.S., finding the European law to be much more pro-consumer and reflecting a different mindset than prevails here.
In Part III, Hoofnagle concludes with the “need to defend the FTC.” He notes that more private information is now being tracked and used by advertisers and platform companies alike than ever before and that the current regulatory regime for privacy in the U.S. is inadequate. The FTC is the most experienced consumer protection agency, and consumer privacy issues can resurrect old consumer problems in new ways. Hoofnagle gives the example of Facebook acting as “an information age bait and switch,” by attracting customers based on good privacy policies and then changing those policies later in ways that undermine privacy. He argues persuasively that the FTC needs to be strengthened, not weakened, and that it should continue to cooperate with other agencies such as the CFPB, fighting on the same side in the same battle for consumer privacy.