The FTC recently released its annual privacy and security report, providing a snapshot of the issues focused on in the previous year. These reports are often looked at as a signal for insights into the agency’s upcoming priorities. Generally, the report contains a summary of the FTC’s enforcement, advocacy, and rulemaking actions from 2019, a year where we saw several record-setting fines. The report also discusses privacy/security workshops, consumer education, and international engagement. Some of the highlights from 2019 discussed in the report include:

  • The FTC brought 13 cases against companies that allegedly made false promises related to the EU-US Privacy Shield. Since the framework’s inception, the FTC has brought a total of 21 cases.
  • In 2019, the FTC levied a 170 million dollar fine against YouTube and Google for COPPA violations (the largest COPPA fine to date).
  • The 7 data security orders issued in 2019 signaled a number of new trends we can expect to continue (as we previously wrote about).
  • There were 8 cases of violations of the Telemarketing Sales Rule. This includes first enforcement action against a VoIP provider.
  • The public comment period for the Red Flags Rule, COPPA Rule, and GLB Privacy and Safeguards Rule all closed in 2019.
  • On the advocacy front, the FTC submitted comments to the NIST’s privacy framework. The agency also held a workshop on the future of the COPPA rule.

Putting it Into Practice: 2020 is already proving to be an active year for privacy legislation and commentary in the US (both at the state and federal level). We expect the FTC to continue to be busy this year with issues such as COPPA and more substantive enforcement related to EU-US Privacy Shield compliance. With many frameworks and written discussions emerging on AI both domestically and abroad, it’s likely the FTC may hold workshops and other public forums on the topic. We also anticipate there to be next steps from the public comment periods that concluded in 2019 for the three rules.