In new comments filed in advance of a workshop on “informational injury,” a coalition of advertising groups encouraged the Federal Trade Commission to take action in cases involving privacy or data security issues only when consumers have suffered concrete injuries.
“A concrete injury standard creates predictability for businesses and consumers while also protecting consumers who have legitimate claims of injury,” the American Advertising Federation, the American Association of Advertising Agencies, the Association of National Advertisers, the Data & Marketing Association, the Interactive Advertising Bureau and the Network Advertising Initiative wrote.
Scheduled for December 12, the workshop will consider the different types of injury to consumers and businesses from privacy and data security incidents; explore frameworks for how to quantitatively measure such injuries and estimate the risk of their occurrence; and seek a better understanding of how consumers and businesses weigh these injuries and risks when evaluating the tradeoffs to sharing, collecting, storing and using information.
The ad groups threw their support behind “the existing legal framework of sectoral laws … complemented by self-regulatory codes of conduct,” and “urge[d] the Commission to maintain concrete injury as the cornerstone of the FTC’s privacy and data security enforcement regime.”
Without a concrete injury standard, allegations of injury would be based on subjective or potentially unverifiable harms, the groups said, resulting in “significant uncertainty for consumers and businesses, a break from traditional approaches to legal injury in the United States, and an impractical and unworkable legal standard.”
“[A]n injury standard based on subjective emotional distress is too vague to be applied consistently,” the groups told the FTC. “Since emotional privacy injuries are subjective to the individual, the same information use or sharing practice may be interpreted entirely differently by two people.”
The ad groups also took the opportunity to advocate on behalf of continued self-regulation in the privacy and data security context, as it is “flexible and responsive, both of which are key qualities for the regulation of rapidly evolving technologies and practices,” according to the comments. In particular, the groups highlighted the efforts of the Digital Advertising Alliance’s Self-Regulatory Program as a model of what the industry can accomplish.
“We believe that the Commission’s and previous Administration’s recognition and encouragement of the role of self-regulation should remain a guidepost for the FTC’s work on informational injuries,” the groups wrote. “Any expansion of the definition of informational injury would undermine the robust, flexible, and responsive industry programs that have proven to provide the right balance for promoting innovation and addressing privacy concerns.”
To read the comments, click here.
Why it matters: The comments filed by the AAF, 4As, ANA, DMA, IAB and NAI expressed support for the existing legal framework, including self-regulation of privacy and data security, with a standard of concrete consumer injury for FTC enforcement efforts. Much more will be heard on the issue as the December workshop on informational injury approaches.