data privacy
Subscribe to data privacy's Posts

Intelligently Evolving Your Corporate Compliance Program

All companies—big and small—are collecting a tsunami of data. The US Department of Justice (DOJ) has now challenged corporate America to harness and analyze that data to improve corporate compliance programs by going beyond the risk profile of what has happened to better understanding the risk profile of what is happening. But where to begin? Artificial intelligence, which is already used to assist in the review and production of documents and other materials in response to government subpoenas and in corporate litigation, is invaluable in proactively reviewing data to identify and address compliance risks.

Key Takeaways

  • DOJ expects compliance programs to be well resourced and to continually evolve.
  • DOJ wants companies to assess whether their compliance program is presently working or whether it is time to pivot.
  • DOJ uses data in its own investigations and it expects the private sector to rise to the occasion and analyze its own data to identify and address compliance risks.
  • The data is there—mountains of it—and the key is to find an efficient way to analyze that data to improve the compliance program.
  • Artificial intelligence is an important tool for solving the challenge of big data and identifying and remediating compliance risks effectively, quickly and regularly, in conjunction with further periodic review.

Click here to read our full alert.




FTC Merger Review Likely to Incorporate Analysis of Privacy Issues

The Federal Trade Commission (FTC or the Commission), along with the U.S. Department of Justice, can challenge mergers it believes will result in a substantial lessening of competition – for example through higher prices, lower quality or reduced rates of innovation.  Although the analysis of whether a transaction may be anticompetitive typically focuses on price, privacy is increasingly regarded as a kind of non-price competition, like quality or innovation.  During a recent symposium on the parameters and enforcement reach of Section 5 of the FTC Act, Deborah Feinstein, the director of the FTC’s Bureau of Competition, noted that privacy concerns are becoming more important in the agency’s merger reviews.  Specifically she stated, “Privacy could be a form of non-price competition important to customers that could be actionable if two kinds of companies competed on privacy commitments on technologies they came up with.”

At this same symposium, Jessica Rich, director of the FTC’s Bureau of Consumer Protection, remarked on the agency’s increasing expectations that companies protect the consumer data they collect and be more transparent about what they collect, how they store and protect it, and about third parties with whom they share the data.

The FTC’s Bureaus of Competition and Consumer Protection fulfill the agency’s dual mission to promote competition and protect consumers, in part, through the enforcement of Section 5 of the FTC Act.  With two areas of expertise and a supporting Bureau of Economics under one roof, the Commission is uniquely positioned to analyze whether a potential merger may substantially lessen privacy-related competition.

The concept that privacy is a form of non-price competition is not new to the FTC.  In its 2007 statement upon closing its investigation into the merger of Google, Inc. and DoubleClick Inc., the Commission recognized that mergers can “adversely affect non-price attributes of competition, such as consumer privacy.”  Commissioner Pamela Jones Harbour’s dissent in the Google/DoubleClick matter outlined a number of forward-looking competition and privacy-related considerations for analyzing mergers of data-rich companies.  The FTC ultimately concluded that the evidence in that case “did not support the theories of potential competitive harm” and thus declined to challenge the deal.  The matter laid the groundwork, however, for the agency’s future consideration of these issues.

While the FTC has yet to challenge a transaction on the basis that privacy competition would be substantially lessened, parties can expect staff from both the Bureau of Competition and the Bureau of Consumer Protection to be working closely together to analyze a proposed transaction’s impact on privacy.  The FTC’s review of mergers between entities with large databases of consumer information may focus on: (1) whether the transaction will result in decreased privacy protections,i.e., lower quality of privacy; and (2) whether the combined parties achieve market power as a result of combining their consumer data.

This concept is not unique to the United States.  The European Commission’s 2008 decision inTomTom/Tele Atlas examined whether there would be a decrease in privacy-based competition [...]

Continue Reading




FTC Commissioner Brill Comments on Potential Reforms in Data Privacy Enforcement

On February 18, 2015, Commissioner Julie Brill spoke to students at the Tuck School of Business at Dartmouth concerning the Federal Trade Commission’s (FTC’s) recent data privacy and security enforcement, as well as the FTC’s interactions with international regulators in this area.  In her prepared remarks, Commissioner Brill described ways she hopes the FTC and other regulators can improve their current data privacy enforcement regimes to “develop practical, effective, and interoperable frameworks that will allow data to be adequately protected.”

Commissioner Brill addressed the skepticism of those who believe the United States is the “Wild West” of data privacy, by highlighting the FTC’s enforcement of Section 5 of the Federal Trade Commission Act.  However, she made clear that the U.S. “consumer privacy and data security framework can and should be improved.”  She specifically endorsed President Obama’s proposed legislation as described during a recent visit to the FTC.  These legislative proposals include strengthening the FTC’s existing data security enforcement tools by authorizing the FTC to obtain civil penalties from companies that break the law.  Further, the White House and the FTC seek legislation that would provide consumers with greater transparency concerning how their data is collected and used by data brokers.

In addition to her comments concerning methods to improve the U.S. data security regime, Commissioner Brill described ongoing discussions with foreign data security regulators, especially those in Europe, concerning the global flow of personal data.  Like their counterparts in the U.S., European regulators are in the process of drafting a new regulation to heighten data security protections and address the dynamic new ways companies are using personal data.  As they modify their own data security frameworks, the FTC and foreign regulators are engaged in a dialogue concerning the interoperability of their data privacy laws.  Both groups recognize the importance of the flow of data to their respective economies, but each seeks to protect the interests of consumers and companies under their own laws.  Commissioner Brill is “optimistic” that agreements will be reached to promote the interoperability of the data privacy regimes.

As more companies create products that will collect and transmit personal data, there will likely be significant changes to the data privacy regimes attempting to protect consumers from harm.  To avoid potential regulatory action, any company that collects, uses or shares consumers’ personal data should ensure that there are protections in place to secure personal data from breaches or hacks.  In addition, companies should promote transparency by providing clear statements about their data collection and use to consumers.




BLOG EDITORS

STAY CONNECTED

TOPICS

ARCHIVES

Ranked In Chambers USA 2022
US Leading Firm 2022