FSF Comments to FTC: The Intersection Between Privacy, Big Data, and Competition

On August 20, 2018, Free State Foundation President Randolph J. May and I submitted comments in connection with the FTC's "Hearings on Competition and Consumer Protection in the 21st Century." These particular comments are submitted on the topic of "The Intersection Between Privacy, Big Data, and Competition."

Here is an excerpt from our comments:

The exchange of non-sensitive consumer information enables companies to sell targeted advertising, which covers the costs of offering “free” content and services to consumers. Substantial evidence shows that the overwhelming majority of consumers are willing to exchange personal information for “free” content and services. However, it is important that firms provide consumers with adequate disclosure regarding the collection and use of their personally identifiable data. This way, as part of the bargain, consumers are empowered to make informed choices that reflect their preferences.

Because the functioning of much of the Internet ecosystem involves the exchange of non-sensitive consumer information, as a default, "opt-out" rules, as opposed to "opt-in" rules, spur the development of additional Internet content and services. This enables the monetization of a greater pool of consumer information, while still empowering consumers with a choice about if they want their data collected and used. For certain clearly sensitive information, for example relating to health or financial services, the default should be opt-in rather than opt-out.

Consumers expect the application of consistent privacy rules throughout the entire United States. Therefore, privacy regulation in the U.S. should reflect those expectations, whether consumers are doing business with an Internet service provider (ISP) or an edge provider. Internet communications do not stop or change at state borders and neither should privacy laws. To the extent state-by-state privacy regulations differ, this creates a "patchwork problem" for service providers that, at a minimum, imposes additional costs but also is likely to stifle investment and innovation. The FTC should regulate the privacy practices of both edge providers and ISPs in a consistent manner, and to the extent that a "patchwork" of state laws and regulations develop that impose more stringent requirements on service providers than those imposed at the federal level, then those state laws and regulations that conflict with federal policy should be preempted.