FTC proposes sweeping restrictions on tech company’s ability to access data from teens – Privacy Shield

In the year On May 3, 2023, the Federal Trade Commission (“FTC”) issued an order to show cause against Meta for violating Meta’s 2012 and 2020 Privacy Orders and seeks to bar the company from making any revenue related to individuals under 18 years of age. .

In the Order to Show Cause (the “Order”), the FTC proposes several changes to the Meta 2020 order and directs Meta’s portfolio of products and businesses, including Instagram, WhatsApp and Oculus. Specifically, as a result of the alleged violations, the FTC is seeking to impose a blanket ban on the “monetization” of individuals under the age of 18 and to prohibit the release of new products without prior approval from an FTC independent reviewer. The FTC also wants to limit the company’s future use of facial recognition technology and require FTC approval of all merger and acquisition targets for similar privacy concerns. FTC commissioners unanimously approved the order.

The order reflects the FTC’s latest attempt to position itself as America’s primary consumer privacy watchdog, particularly when it comes to the privacy of young people’s information. In the year In late 2022, the FTC announced a fine against Epic Games for violating the Children’s Online Privacy Protection Act, which allows the FTC to monitor the online privacy of children under the age of 13. The order shows the FTC’s willingness to go further with this ban. It also demonstrates the FTC’s willingness to test the limits of its enforcement authority in the area of ​​consumer privacy protection by inserting itself into its day-to-day operations without express regulatory authority.

On a practical level, the order as proposed will cause uncertainty for countless businesses and is a warning to technology, marketing and other companies involved in this complex digital marketing ecosystem. The ban will affect many companies and industries, as every major company today uses data for various business purposes, including developing new products and services and providing free online services to this group. The order leaves open the question of what constitutes “monetization” and whether it is permissible under such a ban in the context of youth. The FTC’s answer to the last question: Never. The order prohibits the company from using the minor’s information even after the minor turns 18.

Outside of the juvenile context, the FTC has made it clear that it intends to regulate “commercial surveillance and lax data security.” The FTC broadly defines “[c]Business monitoring [as] The business of collecting, analyzing, and accessing information about people.” This broad definition could include many companies that use data in the course of day-to-day operations. The FTC also extends its authority by requiring pre-approval of new products before they can be marketed. Greater control over mergers and acquisitions based on data privacy. Beyond the sector, they apply to manufacturing, marketing, healthcare and other industries.

There are significant questions about whether the FTC will be able to prove the alleged violations or whether it has the regulatory authority to take any more aggressive actions it considers. Under long-standing principles of equity, the FTC may grant immunity relief only when the drug is reasonably related to the infringement. That inquiry requires an assessment of the existence of a history of prior infringements, the seriousness and willfulness of the infringement at issue, and the ease with which the infringement could occur in relation to other products. When the FTC attempts to prohibit a broad range of lawful conduct, courts can consider the economic harm to the business, the additional harm to the public, and the existence of multiple non-interfering defenses. These issues may limit the FTC’s ability to exercise broad oversight through the prophylactic relief vehicle, and at the very least invite litigation from companies targeted by the FTC.

In addition, bipartisan legislation governs data privacy protections, and several states have enacted their own legal frameworks—some of which address the privacy of youth information. Courts are likely to view this latest attempt by the FTC to circumvent these frameworks by regulating major policy questions under the guise of Section 5 authority.

The content of this article is intended to provide a general guide to the subject. You should seek specialist advice regarding specific circumstances.