TMT with Mike O'Rielly – Ep 19: Keynote Convo at FSF's 17th Annual Conference

Episode 19 of "TMT with Mike O'Rielly," a videocast featuring former FCC Commissioner and Adjunct Senior Fellow at the Free State Foundation Michael O'Rielly, was released on April 2. In this episode, titled "The Free State Foundation's Seventeenth Annual Policy Conference," Mr. O'Rielly has a conversation at #FSFConf17 with guests FTC Commissioner Melissa Holyoak, FCC Commissioner Nathan Simington, and former FCC Chairman Ajit Pai. Their conversation ranges a number of communications, competition, and administrative agency-related topics. Streaming video of the episode is now available: 

2025 Will Be a Big Year for the FCC in the Courts

On December 16, the Federalist Society hosted a webinar panel event, "Is FTC Administrative Litigation Unconstitutional?" The webinar's panelists discussed the future of Federal Trade Commission's (FTC) litigation and enforcement in light of the Supreme Court's decisions in Axon Enterprise, Inc. v. FTC (2023) and SEC v. Jarkesy (2024) as well as in light of the Court's openness to revisit the contours of administrative power as reflected by decisions such as West Virginia v. EPA (2022) and Loper Bright Enterprises v. Raimondo (2024).

In Jarkesy, the Court held that the Seventh Amendment entitles a defendant to a jury trial when the Securities and Exchange Commission (SEC) seeks civil penalties for securities fraud. The Court determined that the SEC's antifraud provisions replicate common law fraud claims that must be heard by a jury. 

 

Although the Supreme Court's holding in Jarkesy was limited to the Seventh Amendment, the FedSoc webinar panel's discussion touched on two facets of the Fifth Circuit's holding in an earlier stage of the case. The Fifth Circuit held that Congress unconstitutionally delegated legislative power to the SEC by failing to provide an intelligible principle by which the SEC would exercise delegated power, thereby violating the U.S. Constitution's Article I Legislative Vesting Clause. Additionally, the Fifth Circuit held that statutory removal restrictions on SEC Administrative Law Judges (ALJs) violate the Take Care Clause of Article II. Shortly, the Supreme Court will likely tackle nondelegation claims, presidential removal power claims, and other claims brought in other cases against the FTC or other agencies – including the FCC.

 

Indeed, in 2025, the Supreme Court will review the Fifth Circuit's July 2024 en banc decision in Consumers' Research v. FCC. The Fifth Circuit concluded that the universal service contribution system violates the Article I Legislative Vesting Clause. The Court's grant of a writ of certiorari in Consumers' Research v. FCC is noted briefly in my blog post from November 26, 2024. The lower court's decision in the case, which was based on nondelegation principles and precedents, is the subject of my August 2024 Perspectives from FSF Perspectives, "Fifth Circuit Rules USF Contribution Scheme Violates Legislative Vesting Clause."

 

Furthermore, lower courts are likely to weigh in next year on Jarkesy implications for the FCC's enforcement authority. In April 2024, the FCC fined the three nationwide wireless providers for the sale of consumer location-related information. Legal challenges to the Commission's authority to levy those fines are now pending before the D.C. Circuit, the Second Circuit, and the Fifth Circuit. 

 

Added to all of these pending cases are anticipated judicial decisions about the legal fate of the FCC's Safeguarding and Securing the Open Internet Order regulating broadband Internet services as public utilities and the Commission'sDigital Discrimination Order subjecting broadband providers to liability for unintentional disparate impacts. Oral arguments in those respective cases have been held before the Sixth Circuit and the Eighth Circuit. 

 

In all, it looks like 2025 will be a big year for the FCC in the courts.   

FCC, Following White House Lead, Again Targets Cable and DBS

On August 12, 2024, the Biden Administration released a Fact Sheet noting a proposed FTC rule that "would require companies to make it as easy to cancel a subscription or service as it was to sign up for one" and announcing that the FCC "is initiating an inquiry into whether to extend similar requirements to companies in the communications industry" (emphasis added).

A News Release issued the same day by FCC Chairwoman Jessica Rosenworcel revealed that she has circulated to her fellow commissioners a draft Notice of Inquiry that "would seek information on ways to ensure that consumers have appropriate and efficient access to customer service resources when working with their phone, cable and broadband providers" (emphasis added).

Source: whitehouse.gov

When it comes to video distribution, of course, there is a wide chasm between "companies in the communications industry" and "cable." The former, broader category includes both unregulated streaming services and traditional Multichannel Video Programming Distributors (MVPDs) that rely upon facilities within their exclusive control. The latter category presumably is limited to the traditional MVPDs uniquely subject to FCC regulation: cable operators and Direct Broadcast Satellite (DBS) providers.

Given this critical distinction, if adopted, this Notice of Inquiry (and the Notice of Proposed Rulemaking sure to follow) first and foremost would result, not in a net benefit to consumers, but in yet another one-sided restraint on the ability of traditional MVPDs to compete effectively with far larger streaming services that grow more popular by the day. Similar instances in just the last year include:

• A pending Notice of Proposed Rulemaking adopted in April 2024 that would interfere with contracts between traditional MVPDs – and traditional MVPDs alone – and independent programmers by banning most favored nation (MFN) provisions and "unreasonable" alternative distribution method (AMD) provisions.
• A requirement adopted in March 2024 that traditional MVPDs – and traditional MVPDs alone – must "specify the 'all-in' price for video programming in their promotional materials that include pricing information and on subscribers' bills."
• A pending Notice of Proposed Rulemaking adopted in January 2024 that would force traditional MVPDs – and traditional MVPDs alone – to provide subscribers with a rebate whenever they are unable to agree on carriage terms with a broadcast station or programmer, a proposal I critiqued in an October 2023 Perspectives from FSF Scholars.
• A pending Notice of Proposed Rulemaking adopted in December 2023, in response to which the Free State Foundation filed comments and reply comments, that would prevent traditional MVPDs – and traditional MVPDs alone – from employing two cross-industry common billing practices: (1) early termination fees (ETFs), which make it possible for distributors to amortize up-front customer costs over an agreed-upon and enforceable term, and (2) whole-month billing.

For more on this topic, I recommend that you read "FCC's Dated View Drives Dramatic Shifts in Video Strategies," a July 2024 post to the FSF Blog, and "The FCC Is Complicit in the Decline of Traditional MVPDs," a May 2024 Perspectives.

TMT with Mike O'Rielly - Ep 6: Biden FTC's Processes, Policies, and Impacts

In Episode 6 of “TMT with Mike O'Rielly,” released on June 27, former FCC Commissioner and Free State Foundation Adjunct Senior Fellow Michael O'Rielly discusses the Biden FTC’s processes and policies and their impact on American companies and consumers with David Grossman, the Consumer Technology Association's Vice President of Policy & Regulatory Affairs. As the FTC aggressively seeks to expand its power, this is another don't-miss episode.

PRESS RELEASE: FTC Commissioner Wilson's Resignation Unfortunate Sign of FTC Breakdown

  

Regarding FTC Commissioner Christine Wilson’s resignation from the Federal Trade Commission, the following statement may be attributed to Free State Foundation President Randolph May:

“As she put in in the Wall Street Journal op-ed explaining her resignation, Commissioner Christine Wilson’s reached the point where she believed that a ’noisy exit’ was preferable to remaining. She acknowledged that elections have consequences and that she understood her own policy preferences likely wouldn’t prevail. But it is clear that Commissioner Wilson, to her mind, considered the problem with remaining not to be primarily differences of policy, but of process —  differences of process that led to abuse of power and lawlessness at the agency.

Commissioner Wilson’s depiction of what’s transpired at the FTC is disturbing for what it portends for the agency’s intent to carry out its own mission within the confines of the law and judicial precedent. But, viewed through a wider lens, what has transpired at the FTC may have broader implications for the administrative state. Like the FTC, the FCC, SEC, CFTC, and other multi-member agencies are, by design,, bipartisan commissions (with the party of the president able to have a majority of seats), with commissioners serving fixed, and staggered terms. When they were established by Congress, one key rationale for the multi-member model was that collegiality among the commissioners from different parties, with their different expertises and experiences, would lead to better decisions.  Obviously, the preexisting long-standing norms of collegiality and bipartisan cooperation, have completely broken down under Lina Khan’s chairmanship to the long-term detriment of the agency, assuming it can right itself. This is worth emphasizing at a time when there is much talk, sometimes too loose and unserious, about norms being broken." 

Privacy Recap: Regulatory Developments in California, Colorado

As the promising-but-flawed American Data Privacy and Protection Act awaits a House floor vote and the revised deadline for comments on the FTC's highly problematic privacy Advance Notice of Proposed Rulemaking looms, state activity continues to fill the federal void.

In California, the only state where a comprehensive data privacy law has gone into effect, enforcement is underway – while, simultaneously, efforts to adopt rules implementing the Golden State's second privacy statute near the finish line. And in Colorado, the rulemaking process relating to its privacy law is just getting started.

In August, California Attorney General Rob Bonta announced a $1.2 million settlement with Sephora, Inc. regarding several alleged violations of the California Consumer Privacy Act (CCPA), which became valid law at the beginning of 2020.

According to the complaint, Sephora "did not tell consumers that it sold their personal information," "did not provide consumers with an easy-to find 'Do Not Sell My Personal Information' link," and did not configure its website "to detect or process any global privacy control signals, such as the 'Global Privacy Control' (GPC)."

As explained in the GPC website FAQs, the GPC "is a proposed specification designed to allow Internet users to notify businesses of their privacy preferences, such as whether or not they want their personal information to be sold or shared. It consists of a setting or extension in the user's browser or mobile device and acts as a mechanism that websites can use to indicate they support the specification."

Under the CCPA, the enabling of a universal opt-out mechanism such as the GPC has the same legal effect as clicking on a "Do Not Sell My Personal Information" link.

While the Sephora settlement is the first of its kind, it is by no means the only enforcement action undertaken by the California Attorney General's office. As noted in the Press Release, "[s]ince July 1, 2020, the Attorney General has issued notices to a wide array of businesses alleging noncompliance with the CCPA. Notices to cure have been issued to major corporations in the tech, healthcare, retail, fitness, data brokerage, and telecom industries, among others."

In addition, and as I detailed in "California Voters Approve the California Privacy Rights Act: A Detailed Analysis of Its Requirements and Impact," a November 2020 Perspectives from FSF Scholars, the Consumer Privacy Rights Act of 2020 (CPRA), which builds upon and modifies the CCPA, created the California Privacy Protection Agency (CPPA), the nation's first (and, at present, only) state agency dedicated to consumer privacy.

Once established, the CPPA assumed privacy-related rulemaking responsibilities from the office of the Attorney General. On May 27, 2022, the CPPA released draft CPRA regulations. Publication of a Notice of Proposed Rulemaking on July 8, 2022, formally started the process. The comment period closed on August 23, 2022.

On October 17, 2022, the CPPA released a modified draft of the CPRA regulations, as well as an explanation of the modified text. The CPPA Board will discuss, and potentially adopt some or all of the proposed rules, at virtual meetings this Friday and Saturday.

Per the CPPA's website, "[t]he proposed regulations (1) update existing CCPA regulations to harmonize them with CPRA amendments to the CCPA; (2) operationalize new rights and concepts introduced by the CPRA to provide clarity and specificity to implement the law; and (3) reorganize and consolidate requirements set forth in the law to make the regulations easier to follow and understand."

Colorado was the third state out of five so far – the others are California, Virginia, Utah, and Connecticut – to adopt a comprehensive data privacy statute. I summarized the major provisions of the Colorado Privacy Act (CPA) in an April 2021 post to the Free State Foundation's blog.

The CPA, which is scheduled to go into effect on July 1, 2023, authorizes the Colorado Attorney General to craft rules generally "for the purpose of carrying out" the CPA as well as a specific rule regarding "the technical specifications for one or more universal opt-out mechanisms that clearly communicate a consumer's affirmative, freely given, and unambiguous choice to opt out of the processing of personal data for purposes of targeted advertising or the sale of personal data."

On October 10, 2022, Colorado Attorney General Phil Weiser's office published a Notice of Proposed Rulemaking (NPRM). Comments are due on or before February 1, 2023 – but earlier deadlines apply if they are to "inform the stakeholder meetings" scheduled for November 10, 15, and 17, or are to be considered at the rulemaking hearing on February 1, 2023.

Specific topics addressed in the NPRM include: the substantive requirements for privacy notices, the scope of the consumer rights established by the CPA and the processes by which those rights are exercised, specifications for universal opt-out mechanisms, the duties of businesses ("controllers") that collect personal information, and the method by which consent is obtained ("including the prohibition against obtaining agreement through the use of Dark Patterns").

FTC Initiates Privacy Rulemaking Despite Congressional Momentum: Republican Commissioners Issue Strong Dissents

At a virtual news conference last Thursday, the FTC announced the adoption of an Advance Notice of Proposed Rulemaking (ANPR) on "commercial surveillance" (that is, the use of personal information) and "lax" data security practices.

Over forceful objections from the two Republican Commissioners, and in the face of significant congressional progress on a bipartisan, bicameral federal comprehensive data privacy bill, this action by the majority initiates a "Magnuson-Moss" rulemaking pursuant to Section 18 of the FTC Act.

The ANPR:

[I]nvites comment on whether it should implement new trade regulation rules or other regulatory alternatives concerning the ways in which companies (1) collect, aggregate, protect, use, analyze, and retain consumer data, as well as (2) transfer, share, sell, or otherwise monetize that data in ways that are unfair or deceptive.

It poses a total of 95 wide-reaching questions, grouped into the following broad categories:

• The extent to which personal data practices and security measures harm consumers, particularly children and teenagers;
• The appropriate way to balance costs and benefits; and
• Whether the FTC should regulate prevalent data privacy and security practices.

In just one troubling example of the ANPR's explicit bias against the prevailing notice-and-consent paradigm – a point of view that Commissioner Noah Phillips in his dissent characterizes as "a rather dystopic view of modern commerce" – question 74 asks under "which circumstances, if any, is consumer consent likely to be effective" and question 77 seeks input on "[h]ow demonstrable or substantial must consumer consent be if it is to remain a useful way of evaluating whether a commercial surveillance practice is unfair or deceptive" (emphases added).

In her Dissenting Statement, Commissioner Christine Wilson objected to the ANPR primarily on the basis of the risk it poses to the continued progress of the American Data Privacy and Protection Act (ADPPA). As I noted two weeks ago in a Perspectives from FSF Scholars, an amended version of the ADPPA on July 20, 2022, cleared the House Commerce Committee on a 53-1 vote.

Emphasizing her unwavering preference for congressional, rather than agency, action, Commissioner Wilson made plain that "[t]he momentum of ADPPA plays a significant role in [her] 'no' vote" – and that she is "gravely concerned that opponents of the bill will use the [ANPR] as an excuse to derail the ADPPA."

Commissioner Wilson did acknowledge that, at an earlier point in time, she "became willing to consider whether the Commission should undertake a Section 18 rulemaking to address privacy and data security."

However, for a litany of reasons – including "changes to the Section 18 Rules of Practice that decrease opportunities for public input and vest significant authority for the rulemaking proceedings solely with the Chair" and "Chair Khan's public statements [that] give [Commissioner Wilson] no basis to believe that she will seek to ensure that proposed rule provisions fit within the Congressionally circumscribed jurisdiction of the FTC" – the Commissioner has had an abrupt change of heart.

I documented this evolution in a series of posts to the Free State Foundation's blog.

In his Dissenting Statement, Commissioner Phillips reiterated a similarly longstanding conviction that Congress, rather than the FTC, "is where national privacy law should be enacted." In that vein, he wrote that he is "heartened to see Congress considering just such a law today" and hopes that "this Commission process does nothing to upset that consideration."

Taking issue with the ANPR's foundational terminology, Commissioner Phillips labeled the phrase "commercial surveillance" an "academic pejorative," one that is "defined so broadly (and with such foreboding) that it captures any collection or use of consumer data" – and one that "trades a serious attempt to understand business practices it would regulate for the chance to liken untold companies large and small to J. Edgar Hoover's COINTELPRO."

Expanding upon this concern, Commissioner Phillips makes the following additional points:

• The ANPR "provides no notice whatsoever of the scope and parameters of what rule or rules might follow" – thereby "undermining the public input and congressional notification processes" required by Section 18.
• It exceeds the FTC's congressionally delegated Section 5 authority over "unfair or deceptive acts or practices" and "signal[s] the majority's view that the scope of the rules passed by the unelected commissioners of an independent agency should be on par with statutes passed by elected legislators." Referencing (1) "personalized" or "targeted" advertising, and (2) consent, which he refers to as "one of the traditional bedrocks of privacy policy," he argues that the ANPR portends regulating "common business practices we have never before even asserted are illegal."
• Overstepping the limits of the FTC's jurisdiction, "[i]t seeks to recast the agency as a civil rights enforcer, contemplating policing algorithms for disparate impact without a statutory command."
• It "shortchanges data security, one area ripe for FTC rulemaking."

Critically, Commissioner Phillips highlights how the ANPR in practice could result in consumer harm: "Reducing the ability of companies to use data about consumers, which today facilitates the provision of free services, may result in higher prices – an effect that policymakers would be remiss not to consider in our current inflationary environment."

On September 8, 2022, the FTC will host a virtual public forum on the ANPR.

Comments on the ANPR will be due 60 days after its publication in the Federal Register.

#FSFConf14 Speakers on Need for Federal Privacy Law

At the Free State Foundation's recent Fourteenth Annual Policy Conference, FTC Commissioners Christine Wilson and Noah Phillips voiced their support for a federal data privacy regime. And on May 23, 2022, another speaker at #FSFConf14, USTelecom President & CEO Jonathan Spalter, authored a blog post urging the Biden Administration and Congress to work together "on this essential national priority."

In the meantime, Connecticut has compounded the confusion and chaos wrought by multiple, inconsistent state-level comprehensive data privacy statutes. On May 10, 2022, Governor Ned Lamont signed into law "An Act Concerning Personal Data Privacy and Online Monitoring." Connecticut is the fifth state to date – following California (twice), Virginia, Colorado, and Utah – to fill the federal void.

Nevertheless – and forgive me if I sound like a broken record – recent reporting suggests that federal lawmakers may be making progress behind the scenes toward a workable consensus on data privacy.

During #FSFConf14's "The View from the FTC," a Fireside Chat hosted by Maureen Ohlhausen, former FTC Acting Chairman and Commissioner (a video of which is available here), Commissioner Wilson echoed that optimistic sentiment (direct link here). Describing herself as one who "tend[s] to be a Pollyanna," she stated that "I'm actually hopeful, more hopeful than I have been, because I hear there's a concerted push to get federal privacy legislation across the finish line soon."

Commissioner Wilson also reiterated her position that federal privacy legislation is necessary:

I have been advocating for federal privacy legislation almost from the day that I was sworn in as a Commissioner. And I do think it's important, I think there is a market failure that needs to be addressed. I think consumers have very little understanding of the data that's collected from them and how that data is collected, used, and sold.

I also think that businesses need guardrails, they need to understand the rules of the road. And right now we have states with conflicting opinions about what those guardrails should be, and we have a developing international regime also with conflicting ideas. And so, businesses need clarity and certainty in order to know how to comply with the law, but also to invest and to grow. 

Responding to a related query regarding what the FTC can do in the interim to "to fill the gap," Commissioner Wilson noted the agency's authority under Section 5 of the FTC Act to address "unfair and deceptive acts or practices in or affecting commerce" and subject-matter-specific jurisdiction pursuant to other statutes, such as the Children's Online Privacy Protection Act (COPPA). She also highlighted a "body of consents that provide very good rules of the road."

Later in the Fireside Chat (direct link here), Commissioner Phillips, responding to a question from an audience member regarding smartphone apps, acknowledged the existence, with respect to personal data, of an "information asymmetry" – a concept familiar to those who attended Commissioner Wilson's keynote address during FSF's Twelfth Annual Policy Conference in 2020.

Given that "[c]onsumers may not understand fully what they're engaging in," Commissioner Phillips indicated his support for a "nutrition label" solution:

[O]ne of the things I've always felt would be very useful is to look more carefully at things like labels. And understand, you know, what are ways that we can get good information out to people? We do this in a lot of other areas, right?

And you think about food, right? It's maybe not efficient for me every day to, you know, if I'm at the grocery store, examine each label. But if I care, and if I want to, and the cost to you, the producer of Honey Nut Cheerios, is fairly low, that can be a really beneficial rule. A rule that is good for competition. A rule that allows consumers to shop across products, including for those features. 

So let's take what are you doing with your data, right? And Apple has a version of this, in iOS 14, they have these "nutrition labels," they call them. But it's a way of taking complex subject matter and boiling it down in terms that allow people to sort of shop across products and compare. And perhaps even to create markets around features where markets may not naturally arise.

Relatedly, USTelecom's Mr. Spalter, who participated in Free State Foundation President Randolph May's #FSFConf14 "The 'Hottest Topics' in Communications and Internet Policy" Fireside Chat (a video of which is available here), earlier this week published a blog post titled "Global Privacy Leadership Begins Here at Home."

After acknowledging the Biden Administration's "efforts toward harmonizing strong consumer privacy protections around the world" via the Global Cross-Border Privacy Rules Declaration, Mr. Spalter made the salient point that "for the U.S. to truly lead this worldwide endeavor, our nation must first lead by example here at home."

He therefore "urge[d] the Administration and Congress to work together, with a sense of urgency and purpose, to [adopt national privacy legislation] in the current legislative session." Specifically, a bill that "deliver[s] consistent online privacy protections that apply uniformly across the country and to all companies in the internet ecosystem."

Video of FSF's 14th Annual Conference for Industry Panel Now Available!

The Free State Foundation's 14th Annual Conference (#FSFConf14) was held on May 6, in Washington D.C. In the days ahead, FSF scholars will have much more to say in recapping and responding to all of the fantastic insights into communications and competition policy offered by our conference participants. We are pleased that C-SPAN covered the conference. A video of the industry panel discussing hot topics in communications policy, moderated by Free State Foundation President Randolph May is now available on C-SPAN's website. The all-star panel features CTIA's Meredith Baker Attwell, NCTA's Michael Powell, Public Knowledge's Christopher Lewis, and USTelecom's Jonathan Spalter. Follow the link and check it out!

And thank you to C-SPAN!

FSF Files Comments on FTC and DOJ Merger Enforcement

On April 21, the Free State Foundation submitted comments to Federal Trade Commission and the Department of Justice in response to their Request for Information on Merger Enforcement. The comments were written by FSF President Randolph May, Senior Fellow Andrew Long, and Legal Fellow Andrew Magloughlin. FSF's comments recommend that the FTC retain a case-by-case merger review process that weighs the totality of the circumstances, including merger-specific efficiencies and other contextual factors such as market structure and dynamic innovation. 

FSF's comments focus on the lessons to be learned from the T-Mobile/Spring merger, since it "exemplifies the probative value of an efficiency-centered, case-by-case approach." The introductory section of FSF's comments explain:

As predicted, that merger already has led to substantial pro-consumer efficiencies, including expedited deployment of next generation 5G service, network quality improvements, and continued downward pressure on prices. It also has confirmed the folly of relying on narrow market definitions in complex, dynamic markets. Indeed, that no consumer harm resulted is likely because, viewed through the appropriate lens – that is, the broader "broadband market" rather than the outdated mobile-only market – the T- Mobile/Sprint merger did not constitute a "4-to-3" merger as some alleged. 

Additionally, FSF's comments stated that "any revised guidelines should not adopt presumptions of harm." As the comments explain: 

There is no clear empirical evidence that vertical mergers are harmful on net. But there are numerous examples where predictions of harm have not materialized, including the AT&T/Time Warner, Comcast/NBC Universal, and AOL/Time Warner mergers, combinations with which Free State Foundation scholars are very familiar. The inaccuracy of those often overheated pre-merger prognostications of harm confirms that a case-by-case approach remains preferable to presumptions of harm for vertical mergers. 

FSF's comments to the FTC and DOJ on merger enforcement is available here.

In Eyebrow-Raising Fashion, FTC Adopts New Policy Statement on Prior Approval Provisions

Last week, the FTC finally filled the vacuum it created this summer when, in a vote along party lines, it rescinded the 1995 Policy Statement Concerning Prior Approval and Prior Notice Provisions in Merger Cases (1995 Policy Statement). The new Policy Statement, perhaps unsurprisingly, heralds a worrisome return to, and expansion upon, pre-1995 practices shown to discourage pro-competitive transactions. Equally newsworthy, however, are the departures from traditional process associated with this agency action.

Prior to 1995, the Commission routinely required that consent decrees include an obligation that the combined entity provide advance notice of, and obtain prior approval for, subsequent transactions in the relevant product and geographic markets. The 1995 Policy Statement put an end to that practice.

However, and as I detailed in a July 23, 2021, post to the FSF Blog, at the FTC's July Open Commission Meeting, the agency's Democratic majority opted to rescind the 1995 Policy Statement. The two Republican Commissioners articulated their concerns about that decision.

Commissioner Noah Phillips characterized prior approval provisions as "a decade-long M&A tax on anyone who enters a merger consent" and decried the inconsistency of the majority's action with the intent of the Hart-Scott-Rodino Act of 1976 (HSR Act). He also argued that the resumed use of such provisions will create competitive disparities between those subject to consent decrees and those not so constrained – and, as a consequence, "lead to suboptimal transactions, create inefficiencies, and reduce overall consumer welfare."

Commissioner Christine Wilson explained how prior approval conditions create opportunities for "questionable exercises of enforcement discretion"; emphasized that, even with the 1995 Policy Statement in place, the FTC retained the ability to require prior notice and/or approval in consent decrees under warranting circumstances; and highlighted that "by rescinding the 1995 Policy Statement without providing further guidance, the Commission substitutes uncertainty for a policy that has worked for more than 25 years."

That void now has been addressed, but decidedly not in a manner to the liking of either Republican Commissioner.

On October 25, 2021, the FTC announced the adoption of a new Prior Approval Policy Statement (2021 Policy Statement). Per the Press Release, "merger enforcement orders will once again require acquisitive firms to obtain prior approval from the agency before closing any future transaction affecting each relevant market for which a violation was alleged, for a minimum of ten years." Prior to 1995, prior approval provisions remained in effect for a maximum of ten years.

In addition, per this expanded policy, the agency may require prior approval for:

• Transactions outside of the affected product and/or geographic markets when, based upon the application of a "non-exhaustive" list of subjective factors, it concludes that "stronger relief is needed";
• In instances where the parties abandon the proposed deal; and
• For the sale of divested assets by entities not involved in the challenged transaction.

Thus, the 2021 Policy Statement in significant ways is much more expansive than those practices in place prior to 1995.

Although there currently is a 2-2 split between Democratic and Republican Commissioners on the Commission, Chair Lina Khan and Commissioner Rebecca Kelly Slaughter were able to push through the 2021 Policy Statement with the assistance of a tie-breaking "zombie vote" cast weeks prior by former Commissioner Rohit Chopra.

However, that is not the only procedural anomaly that transpired.

While a Dissenting Statement from Commissioners Phillips and Wilson eventually was released, on October 29, 2021, it notably was not included in the initial announcement.

As a result, Commissioner Phillips took to Twitter to voice his displeasure:

The Commission issued this ill-advised policy without giving minority commissioners a promised opportunity to issue a simultaneous dissent, as has always been the practice. ⁦@CSWilsonFTC⁩ and I will issue a statement later, as planned. https://t.co/KkQLbFzdTy

— Noah J. Phillips (@FTCPhillips) October 25, 2021

Commissioner Wilson weighed in, as well:

Simply stunning.

Strong dissent forthcoming. https://t.co/bHFpxOJmOC

— Christine S. Wilson (@CSWilsonFTC) October 25, 2021

For more on Commissioner Wilson's general process-related concerns, please read "Congressional Testimony of FTC Commissioner Wilson Addresses Agency Processes, Section 13(b), and Federal Privacy Legislation," a July 2021 post to the Free State Foundation's blog.

Eventually, the official FTC Twitter account issued a mea culpa:

The Office of Public Affairs unfortunately issued the prior approval policy release prematurely and plans to update immediately upon receipt of the dissenting statement from minority Commissioners. We regret the error.

— FTC (@FTC) October 25, 2021

Nevertheless, in a footnote to their joint Dissenting Statement, Commissioners Phillips and Wilson reiterated that "[t]he policy at issue was announced without our participation, which is contrary to longstanding practice and the opposite of what was promised."

Moving to the substance of their objections, Commissioners Phillips and Wilson dismissed the 2021 Policy Statement as "yet another daft attempt by a partisan majority of commissioners to use bureaucratic red tape to weigh down all transactions – not just potentially anticompetitive ones – and to chill M&A activity in the United States."

In addition, they:

• Pointed out the various ways, noted above, in which the 2021 Policy Statement goes even further than pre-1995 practices;
• Detailed how the 2021 Policy Statement stands in conflict with procedures set forth by Congress in the HSR Act;
• Explained how "the majority oversells the benefits of its actions and significantly undersells the harms";
• Highlighted how this action further exacerbates the growing disparity between how the FTC and the Department of Justice review transactions; and
• Criticized the majority's failure to seek public input before finalizing the 2021 Policy Statement.

I urge you to read the Dissenting Statement of Commissioners Phillips and Wilson in its entirety. It can be accessed here.

Privacy Recap: Senate Commerce Committee Holds Hearing on Data Privacy; Op-Ed Authors Oppose FTC Privacy Rulemaking

On Wednesday, September 29, 2021, the Senate Committee on Commerce, Science, & Transportation held its first hearing of the year on data privacy, "Protecting Consumer Privacy."

Witnesses included:

• Georgetown Law Professor David Vladeck, a former Director of the FTC's Bureau of Consumer Protection (written testimony)
• President of The App Association Morgan Reed (written testimony)
• Maureen Ohlhausen, a partner at Baker Botts and a former Acting Chair of the FTC (written testimony)
• Independent Researcher and Technologist Ashkan Soltani, who once served as the FTC's Chief Technologist (written testimony)

As one might expect, there was widespread agreement on the need to both pass a federal data privacy law and provide the FTC with greater resources.

The disagreements centered on the usual suspects – that is, preemption of state laws and a private right of action – along with (1) the amount of additional dollars to be allocated to the FTC, and (2) whether it would be appropriate for the agency to initiate a privacy rulemaking in the absence of congressional progress, an issue I touched upon in a Wednesday post to the FSF Blog.

In her Majority Statement, Chair Maria Cantwell (D - WA) emphasized the need to better empower the FTC, noting with approval that the Budget Reconciliation Act in its current form would make $1 billion available over ten years to establish and fund a new Privacy Bureau.

In his Minority Statement, Ranking Member Roger Wicker (R - MS) wrote that "the need for strong data privacy rules has become more urgent" over the past year and reiterated that he is "open" to a narrow private right of action that does not "stifl[e] innovation and marketplace competition or lead[] to unjustified financial windfalls for plaintiff attorneys."

In addition, he urged President Biden "to appoint someone – a specific person – among his senior staff to be a liaison to Congress on this issue and to prioritize the enactment of a data privacy law this year."

Finally, he voiced his objection to the possibility of an FTC rulemaking, asserting that "[o]nly Congress can develop longstanding data protections for consumers that meaningfully safeguard their personal information." (See below for more on this topic from Senator Wicker.)

A video archive of the hearing can be found here.

This was the first in a series of three Senate Commerce Committee hearings on data privacy and security. The next, entitled "Enhancing Data Security," will take place at 10 am EDT on Wednesday, October 6, 2021.

*    *    *

Also on Wednesday, the Washington Examiner published an op-ed by Senator Wicker, Representative Cathy McMorris Rodgers (R - WA), ranking member of the House Energy and Commerce Committee, and Republican FTC Commissioner Noah Phillips opposing a possible FTC rulemaking on privacy.

That same day, The Wall Street Journal (subscription required) reported that agency Chair Lina Khan is considering such a step.

The trio wrote that Congress has not granted the FTC "the authority to write comprehensive national privacy rules" and that "[a]ttempting to rewrite privacy law by executive fiat would be a blatant overreach that would almost certainly invite legal challenges."

They also argued that, as a matter of sound policy, "[a] national law must be the product of debate and compromise among the people's representatives."

The authors did, however, acknowledge that the FTC is the appropriate government entity to enforce a federal law once enacted, describing it as "the most effective privacy enforcer in the world."

FTC Commissioner Wilson Recruits Student Researchers to Inform and Inspire Efforts to Pass a Federal Data Privacy Law

Citing what she describes as "significant information asymmetries," Republican FTC Commissioner Christine Wilson long has advocated for a comprehensive federal data privacy law. In fact, she discussed that very issue in her keynote address at the Free State Foundation's Twelfth Annual Telecom Policy Conference in March 2020.

More recently, she partnered with Duke University on a research project designed to expedite the currently stalled legislative process.

To date, efforts to pass a federal privacy law have been stymied by partisan disagreements regarding two issues in particular.

One, whether a federal data privacy law should preempt similar state laws. As I have argued on numerous occasions, most recently in "Pressures Multiply for Congress to Act on Data Privacy," a Perspectives from FSF Scholars published earlier this month, it should.

The growing list of states with their own, inconsistent statutes – which currently includes California (both the California Consumer Privacy Act and the California Privacy Rights Act), Virginia (the Virginia Consumer Data Protection Act), and Colorado (the Colorado Privacy Act) – unreasonably complicates companies' compliance efforts and creates chaos for consumers.

Two, whether it should provide for a private right of action. It should not. Generally speaking, class-action lawsuits benefit attorneys, not consumers. Case-by-case enforcement by the FTC is the better approach.

Unable to find common ground on these questions, lawmakers have made no observable progress of late. However, the fact that the Senate Commerce Committee is holding a hearing today titled "Protecting Consumer Privacy," the first of its kind this year, perhaps offers a glimmer of hope.

Given the failure to date of Congress to pass privacy legislation, there have been repeated calls for the FTC to commence a rulemaking. On September 20, a group of Democratic Senators led by Richard Blumenthal (CT) wrote to FTC Chair Lina Khan urging her to do just that.

Notably, and in specific response to the lack of legislative momentum, at one point Commissioner Wilson herself reluctantly expressed her support for an FTC privacy rulemaking, a statement that I highlighted in a July 2021 post to the FSF Blog.

But in light of a pattern of agency actions that Commissioner Wilson troublingly regards as an "abrupt departure from regular order" – including, most recently, the September 15th decision along party lines to withdraw the Vertical Merger Guidelines that were issued in 2020, to which she and fellow Republican Commissioner Noah Phillips responded with a co-authored Dissenting Statement – she has had a change of heart.

In an Oral Statement submitted to the House Commerce Committee's Subcommittee on Consumer Protection and Commerce in July of this year, she wrote the following:

In recent months, I had become more receptive to a [Magnuson]-Moss rulemaking on privacy to address the information asymmetry between the providers of goods and services and their users. But the Commission recently voted along party lines to pare back procedural safeguards and limit opportunities for public input during agency rulemakings. Given these changes, I am less inclined to support a Mag-Moss rulemaking on privacy. Federal privacy legislation remains the optimal solution.

In an attempt to facilitate that "optimal solution," Commissioner Wilson several months ago partnered with Duke University's Professor David Hoffman, along with students from its law school and Sanford School of Public Policy, to produce "a resource for legislators" – specifically, research-driven insight into how other federal statutes have addressed these two sticking points.

The fruits of that effort, which focused on both federal statutes (ten on the topic of preemption, six regarding remedies) and the European Union's General Data Protection Regulation (GDPR), have been made available publicly here.

In a keynote address delivered at "Exploring Options: Overcoming Barriers to Comprehensive Federal Privacy Legislation," a related event held on September 21, 2021 (video available here), Commissioner Wilson offered her perspective on these findings.

While acknowledging that the research revealed that "federal statutes that preempt an entire field of law are rare," Commissioner Wilson argued that the more common approach — where Congress "establish[es] a federal floor and allow[s] states to pass more stringent laws" — is not well suited to "fields like … the Internet that transcend state and national borders."

Given that:

1. "[T]he very nature of the Internet makes it likely that the most stringent state standard will become the de facto national standard," and
2. A primary regulatory objective should be to ensure that businesses are subject to consistent obligations,

Commissioner Wilson suggested that a better way forward would be to ensure that those rights and responsibilities established at the federal level are sufficiently robust on their own: "If the [federal] law provides strong rights and imposes appropriate standards and obligations on businesses, as well as robust and accessible remedies, more stringent state laws should not be necessary."

She also indicated that, given the dynamic and constantly evolving nature of the online experience, she would support "vesting the FTC with carefully tailored rulemaking authority … to facilitate updating key definitions and provisions over time."

With respect to remedies, Commissioner Wilson began with the point that a strong privacy law, one that empowers and adequately funds the FTC's efforts, would undercut one of the primary arguments as to why a private right of action may be necessary – that is, the perception that current levels of enforcement are inadequate.

She also highlighted research demonstrating that "abusive class action practices increase costs for businesses – while providing little in the way of redress for consumers, changed business practices, and deterrence."

Stepping back, Commissioner Wilson then made the foundational recommendation that "we … broaden the conversation" beyond solely whether or not to include a private right of action to "focus on establishing a constructive remedial framework."

In that vein, she cited "Breaking the Privacy Gridlock: A Broader Look at Remedies" by Jim Dempsey, Chris Hoofnagle, Ira Rubinstein, and Katherine Strandburg, when making the following three points:

1. Remedies should be tied to policy goals,
2. No one remedy can successfully promote even a simple goal and therefore an effective law should include multiple remedies, and
3. Intermediaries and third parties play a powerful role.

Asserting that "an 'all or nothing' approach will not serve the goals of privacy legislation," Commissioner Wilson suggested that alternative enforcement proposals be given serious consideration, including those that involve:

• A supervisory authority and/or third-party intermediaries, or
• A private right of action "in limited circumstances [with] substantive and procedural limits," exclusively "for specific, highly sensitive types of data," or providing only for injunctive relief.

In conclusion, she stated the following: "Ideally, the remedies contained in privacy legislation will turn on the kinds of injuries consumers may suffer."

At the same time, she teed up the question as to how the standing test set forth by the Supreme Court in its 2021 Transunion, LLC v. Ramirez decision might impact the options available to Congress.

Privacy Recap: Biden Nominates Bedoya to FTC, House Commerce Committee Proposes $1B for New Privacy Bureau

It's not yet Wednesday, and already it's been an eventful week with respect to the FTC and data privacy.

First, President Biden on Monday nominated Alvaro Bedoya to be the third Democrat to serve as a Commissioner at the FTC. The official announcement by the White House states that "[h]is research and advocacy focus on the idea that privacy is for everyone" and touts his work on facial recognition technology.

Mr. Bedoya is a visiting law professor at Georgetown Law, where he serves as the founding director of the Center on Privacy & Technology.

Republican Commissioner Noah Phillips tweeted that "Alvaro would bring a bright and thoughtful voice and a depth of experience working across the aisle on privacy to the FTC."

Second, the House Committee on Energy & Commerce yesterday began a full committee markup of the so-called Build Back Better Act, a series of legislative recommendations for budget reconciliation.

Today, lawmakers are expected to consider Subtitle O, which would appropriate $1 billion over the next ten years to fund a new Privacy Bureau at the FTC "to accomplish the work of the Commission related to unfair or deceptive acts or practices relating to privacy, data security, identity theft, data abuses, and related matters."

News reports suggest Republican opposition to this proposal, including its hefty price tag, which totals nearly three times the agency's budget for fiscal year 2021: $351 million.

At the same time, politicians from both sides of the aisle continue to agree on the persistent and distinct need for federal privacy legislation.

In the Politico piece linked to above, a Republican committee aide speaking anonymously emphasized the importance "of passing actual legislation with real privacy protections for all Americans."

Likewise, Democratic Senator Maria Cantwell (WA) tweeted that the proposal is "an important step for protecting consumers," but also that she "will continue to fight for a federal privacy and data security law that protects consumers and creates certainty for businesses."

In a recent Perspectives from FSF Scholars, "Pressures Multiply for Congress to Act on Data Privacy," I listed the mounting pressures on Congress to adopt a comprehensive federal data privacy regime, which include the following:

• Three states (California twice, Virginia, and Colorado) so far have passed inconsistent laws that unnecessarily create costly headaches for businesses and confusion for consumers.
• The European Union (EU) has in place the General Data Protection Regulation (GDPR) and, in August, China adopted the Personal Information Protection Law.
• Cyberattacks, including one involving the information of over 50 million consumers discovered in August by T-Mobile, call out for a comprehensive data privacy regime.
• The lack of a federal data privacy law impedes efforts to reestablish a privacy shield for personal data transfers from the EU to the U.S.

I therefore suggested that legislation along the lines of the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act, reintroduced this session by Republican Senators Roger Wicker (MS) and Marsha Blackburn (TN), might serve as a promising starting place.

Relatedly, in a December 2019 piece for the Free State Foundation entitled "Federal Privacy Legislation: Bipartisan Discussions Devolve into Dueling Drafts." I compared an earlier iteration of the SAFE DATA Act favorably to the Consumer Online Privacy Rights Act, rival legislation cosponsored by Senator Cantwell.