On April 26, the Senate voted to confirm nominees to all five Commissioner slots on the Federal Trade Commission. It was the first time the entire FTC has been confirmed at once since its founding in 1914. The new roster of Commissioners raises new questions about the role the FTC will play in cybersecurity and privacy. It has become increasingly active in this area in recent years and wholesale turnover at the top of the Commission could have a lasting effect on this body of law.
For better or worse, the new Commissioners are comparatively thin on privacy and cybersecurity experience. The new Chairman, Joe Simons, joins a long line of FTC Chairs from the ranks of the antitrust bar, having practiced in that area of law for many years as a law firm partner. Similarly, Commissioner Christine Wilson will join the Commission after building a solid reputation as an antitrust litigator, with little apparent experience in cybersecurity or privacy (she will join the Commission as soon as the Commissioner she is replacing, Maureen Ohlhausen, is confirmed as a federal judge). Rohit Chopra, one of two new Democratic Commissioners, does not hail from the antitrust bar, but neither is he steeped in cybersecurity or privacy, having spent much of his career in financial consumer advocacy.
Probably the two Commissioners most familiar with the challenges of today’s cyber world are the two who are joining the FTC from Capitol Hill – Noah Phillips, Chief Counsel to Senate Majority Whip John Cornyn, and Rebecca Slaughter, Chief Counsel to Senate Minority Leader Charles Schumer. Because of the seniority of Senators Cornyn and Schumer, and because both Phillips and Slaughter worked on the Senate Judiciary Committee which has jurisdiction over many of these issues, they have been exposed at high levels to the policy and legislative questions facing Congress with regard to cybersecurity and privacy. Slaughter, in particular, has shown an interest and spent time on these issues.
As if the growing importance of this area weren’t enough, the Federal Communications Commission’s recent withdrawal from oversight of Internet service providers (if it holds) will likely lead to even greater pressure on the FTC to regulate activity on the Internet, as it looks to fill the vacuum left by the FCC. It’s difficult to predict where the new FTC will take its work on privacy and cybersecurity, but it seems likely to become more active in this area.
Putting It Into Practice: The first few months of the new FTC should begin to shed light on where it will take its privacy and cybersecurity missions. Companies should pay particular attention to their first steps, which will no doubt foreshadow regulatory and enforcement action ahead.