This is the week's free edition of The Wavelength.
At yesterday’s hearing, Republicans refused to support provisions to reverse a court ruling that had been part of the top Republican’s recent data privacy bill. In fact the bill the chair offered lifted the Federal Trade Commission (FTC) fix language verbatim from the ranking member’s bill. Republicans offered various explanations why they opposed giving the FTC power to punish past fraudulent and illegal conduct and to recover money stolen from consumers, including the by now standard talking points about process and transparency concerns under the leadership of FTC Chair Lina Khan. Moreover, they discussed the need for “guardrails” on FTC authority to seek monetary redress. Of course, the hearing occurred against the backdrop of a final confirmation vote on the nomination of a third Democrat on the FTC, which is expected to unleash aggressive agency action on a host of technology issues, including privacy generally, children’s privacy, and other issues. Nonetheless, the committee moved the FTC bill on a split vote.
Yesterday, the United States (U.S.) Senate Commerce, Science, and Transportation Committee marked up a number of bills, as amended including, the “FAIR Contributions Act” (S. 2427) , “Reese’s Law” (S. 3278), the “National MEP Supply Chain Database Act of 2021” (S. 3290), the “Network Equipment Transparency Act” (NET Act) (S. 3692), and the “Consumer Protection Remedies Act of 2022” (S. 4145). Regarding the last bill, the committee voted 14-14, meaning a petition to discharge will be needed to get the bill to the floor of the Senate.
Speaking of discharge petitions, the Senate confirmed Alvaro Bedoya as a Commissioner of the FTC, giving the agency a full complement of Commissioners with three Democrats and two Republicans. The vote was 51-50 with Vice President Kamala Harris breaking the tie. Bedoya’s nomination was also 14-14, meaning Senate Majority Leader Chuck Schumer (D-NY) had to use the cumbersome discharge petition procedure to get his nomination to a vote. This added weeks to the process. In any event, Bedoya gives Khan a third Democratic vote, meaning that so long as she, Bedoya, and Commissioner Rebecca Kelly Slaughter agree on matters before the FTC, they can push through the changes they want. For example, the agency has a potential rewrite of the Children’s Online Privacy Protection Rule (COPPA Rule) pending since a mid-2019 request for comments. Of course, the agency is also poised to use the Magnusson-Moss rulemaking process to promulgate trade regulations that would address data privacy, “data abuses,” dark patterns, and other wide spread activity Khan and others believes violate the FTC Act. If these regulations get promulgated and survive the inevitable court challenges, then the FTC would have a new suite of powers to police these practices. A good example of how Khan will use the agency’s powers is provided by her former boss, Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra who has moved quickly across a number of fronts. Last month, the CFPB announcedthat “it is invoking a largely unused legal provision to examine nonbank financial companies that pose risks to consumers.”
As I wrote earlier in the week, Chair Maria Cantwell (D-WA) issued a staff report on and a bill to restore the FTC’s historical use of authority granted under Section 13(b) of the FTC Act the Supreme Court of the U.S. (SCOTUS) struck down in AMG Capital Management, LLC v. FTC. In that case, SCOTUS found that term “permanent injunction” in 15 U.S.C. 53(b) (aka Section 13(b)) does not allow the agency to seek and receive “equitable monetary relief such as restitution or disgorgement.” For decades, the FTC has gone to court to ask for forms of equitable monetary relief like restitution or disgorgement so that bad actors are forced to return ill-gotten funds to the people they cheated or defrauded. The FTC also sought to use these powers in conjunction with illegal activity that happened in the past and was no longer ongoing.
However, even before SCOTUS took up the issue of Section 13(b), it was clear the issue would soon be before the court. As a result, some in Congress called for a preemptive fix that would moot any case like AMG Capital, including the then chair of the Senate Commerce Committee. In 2020, then Senate Commerce, Science, and Transportation Committee Chair Roger Wicker (R-MS), then Senate Majority Whip and Communications, Technology, Innovation, and the Internet Subcommittee Chair John Thune (R-SD), then Transportation and Safety Subcommittee Chair Deb Fischer (R-NE), and Senator Marsha Blackburn (R-TN) introduced the first version of the “Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act” (S.4626) that would moot AMG Capital before it got to SCOTUS had it been passed (see here for more detail and analysis.)
However, Wicker dropped this language from his revised 2021 data privacy bill, the “Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act” (S.2499) (see here for more detail and analysis) and most other Republican bills do not have this language. This may have been a sign that Republicans wanted Democrats to give way on one of their demands in order to get a Section 13(b) fix into a bill. I have long asserted that the Section 13(b) issue became a bargaining chip in U.S. data privacy legislation, and Wicker confirmed as much in his opening statement.
A few months after SCOTUS struck down the historical use of Section 13(b), House Democrats passed the “Consumer Protection and Recovery Act” (H.R.2668) with only two Republicans voting with the majority and 205 Republicans opposing.
In her opening statement, Chair Maria Cantwell (D-CA) stated:
§ In the last couple of years, we have seen the explosion of fraud and scams trying to take advantage of the COVID 19 pandemic to rip off consumers. Whether it's selling fake cures, counterfeit N-95 masks, or promising big payoffs to work from home. A report issued last week by this committee that we authored found that in 2021 alone, consumers reported to the FTC losing more than 5.8 billion to fraud and deceptive practices and it's not getting any better. That's why we introduced legislation to restore the FTC’s authority to go to court and obtain redress for consumers who've been scammed out of their hard-earned money, or for small business owners who've been locked out of competitive marketplaces.
§ Ensuring the FTC can protect consumers from bad actors has always been a bipartisan pursuit. In fact, Senators Wicker and Blackburn introduced originally this legislation as part of the 2020 Safe Data Act. The one thing, and the broad range of stakeholders can agree on, is that the authority should be restored to the FTC. Some stakeholders want Congress to place greater restrictions on a court’s ability to refund money to consumers from bad actors, but we are just looking to restore the authority that worked well for more than 40 years.
It bears note that Cantwell and staff do not have hard statistics on which to base their claim that fraudulent activity has gotten worse. Moreover, there is implicit linkage between more fraud and the removal of the FTC’s ability to quickly force bad actors to give ill-gotten funds back to the wronged. This may be the case for some entities, but I suspect scam artists and fraudsters were not tracking AMG Capital through the courts in the hopes that the FTC would have fewer tools with which to punish them. As expected, Cantwell mentioned that Wicker and Blackburn’s bill had a fix for Section 13(b) but stopped short of saying that her bill, S.4145, used the exact same language. I suppose Senatorial civility requires the use of inference as opposed to directness. In any event, Cantwell did not mention that Thune and Fischer, both of whom are still on the committee, also sponsored this language. Speaking of operating by inference, Cantwell noted that “some stakeholders” did not want the FTC to have the same powers as before AMG Capital without naming anyone like the U.S. Chamber of Commerce, which has argued that “Congress should take a holistic look at this statute and should not rush to grant or expand authority.”
Ranking Member Roger Wicker (R-MS) noted SCOTUS unanimously struck down the FTC’s reading of Section 13(b) and noted the first version of the SAFE DATA Act contained language that would have provided the agency with the authority to seek injunctions for past bad acts and obtain a range of monetary redress. He said this “was done in good faith to reach a bipartisan compromise in federal data privacy legislation.” Wicker provided an update of sorts on the state of data privacy legislation by way of saying negotiations are ongoing. He said that “regrettably the committee has not made progress on data privacy and states are acting to fill the void.” Wicker then proceeded to make familiar claims that Khan is ignoring the law, precedent, and tradition, notably by eliminating “longstanding bipartisan policy statements,” the “use of so-called zombie votes,” “the exclusion of minority commissioners from investigations,” the revision of rules without public input, and reduce transparency in the agency’s processes. He then decried the lack of a committee oversight hearing. Wicker declared that for all these reasons, “clear guardrails” are needed for 13(b) legislation consistent with Congressional intent that forecloses the possibility of overstepping. He said S.4145 lacks meaningful guardrails that would protect legitimate businesses from undue harassment. Wicker added Congress does need to ensure ill-gotten gains are returned to consumers but should “take a measured and bipartisan approach” to authorities needed to protect consumers “rather than rushing through” a practice that was unanimously struck down by SCOTUS. Wicker ended on a hopeful note, asserting that there is enough time for the committee to agree on Section 13(b) and data privacy among other issues.
First, SCOTUS did not strike down the practice of agencies seeking and obtaining equitable monetary relief and injunctions for past alleged violations. Rather, the court said the words “permanent injunction” in Section 13(b) did not imply that the FTC could ask for that relief from a court. If Congress were to explicitly add those powers to the FTC Act, it would not violate AMG Capital. Second, Wicker wants “guardrails” but has not, to my knowledge, proposed such guardrails.
However, Republicans on the House committee of jurisdiction offered amendments to that chamber’s 13(b) bill that may shed light on what “guardrails” look like, including reducing the period of time into the past the FTC can seek monetary redress for consumers from ten to five years and requiring the FTC to conduct an “economic analysis” before seeking disgorgement. At the full committee markup a Republican amendment was offered:
§ My amendment would clarify that the FTC can seek restitution and disgorgement in cases involving unfair or deceptive acts or practices, where a reasonable person would have known the potential violation under consideration was unfair or deceptive.
§ It would also add economic guardrails to the Commission when seeking restitution or disgorgement, by ensuring the FTC has a sound basis for seeking such monetary relief.
§ My amendment also seeks to address our concern with the statute of limitations by granting the FTC a five-year retroactivity.
None of these policy changes were added to H.R.2668, which along with the text of S.4145 suggest Senate Democrats will not be any more receptive.
Third, Wicker voiced his concerns about FTC Chair Lina Khan and how she is running the agency. The two Republican Commissioners have said much the same and there have been numerous leaks from long-time agency staff dismayed about the changes Khan and her senior staff have made. This seems to be additional reason to defer a 13(b) fix and to make sure it is tightly circumscribed to avoid what Wicker and others would claim is misuse. And so, limiting the agency’s powers under Khan and ensuring that that the agency does not harass businesses seem to be policy goals more important than allowing the FTC to quickly seek and receive injunctive relief and monetary redress. One wonders if Democrats give on the sticking points for a data privacy bill, if Republicans would agree to the Section 13(b) language before the committee.
In his remarks, Lee made claims about illegal and “dangerous” the FTC has taken under Khan’s leadership, including allegations that the FTC acted illegally when, among other examples, it rescinded self-imposed limitations on the Magnusson-Moss rulemaking method. He claimed that this exceeded the intent of Congress in placing limits on the agency’s rulemaking authority. However, if an agency adds requirements on a process established in U.S. law, longstanding precedent says the agency can remove those requirements whenever it wants. Lee went on to offer S.3140 as amendment, but the committee rejected it on party-lines 14-14.
Senator Jerry Moran (R-KS) offered an amendment to end the practice at the FTC of so-called “zombie votes” under which departed Commissioner Rohit Chopra’s votes have been used on business after he left the agency. In response to repeated criticism from Republicans and the two Republican FTC Commissioners, the FTC released a 1984 policy implemented under Republican leadership at the agency based on the fact the FTC Act is silent on whether the votes of departing Commissioners can count. As a result, the FTC adopted the policy that “the votes of a departing Commissioner always count, except in instances where they are displaced by the votes of his or her successor.” Moran’s amendment would change the FTC Act to end this practice:
The committee adopted the amendment by voice vote. Cantwell said she would work with Moran on perfecting this language.
The United Kingdom’s (UK) House of Commons announced that “Product Security and Telecommunications Infrastructure Bill” “is now due to have its report stage (at which point Members can offer amendments) and third reading on Wednesday 25 May 2022.” This is a bill “to make provision about the security of internet-connectable products and products capable of connecting to such products; to make provision about electronic communications infrastructure; and for connected purposes.”
The G7 Digital Ministers issued a Joint Declaration “on cyber resilience of digital infrastructure in response to the Russian war against Ukraine.”
The European Council “agreed on a negotiating mandate for the 2030 policy programme ‘Path to the Digital Decade’” as proposed by the European Commission.
Hong Kong’s Office of the Privacy Commissioner for Personal Data (PCPD) issued“Guidance on Recommended Model Contractual Clauses for Cross-border Transfer of Personal Data” (Guidance) and provided two sets of Recommended Model Contractual Clauses (RMCs) to cater for two different scenarios in cross-border data transfers, namely (i) from one data user to another data user; and (ii) from one data user to a data processor.”
A class action lawsuit was filed against data broker Otonomo “for unlawfully tracking automobile drivers’ locations and movements without their permission or consent” under the California Invasion of Privacy Act. The lawsuit follows a 2021 Vice expose of Otonomo’s practices.
United States (U.S.) Senator Michael Bennet (D-CO) introduced the “Digital Platform Commission Act,” “the first-ever legislation in Congress to create an expert federal body empowered to provide comprehensive, sector-specific regulation of digital platforms to protect consumers, promote competition, and defend the public interest.”
The European Council and Japan agreed on “EU-Japan Digital Partnership in order to advance cooperation on a wide range of digital issues to foster economic growth and achieve a sustainable society through an inclusive, sustainable, human-centric digital transformation based on our common values.”
The United Kingdom’s (UK) Department for Digital, Culture, Media & Sport and Office for Artificial Intelligence published research “to understand the R&D commercialisation process related to Artificial Intelligence in the UK.”
United States (U.S.) Senate Commerce, Science, and Transportation Committee Ranking Member Roger Wicker (R-MS) wrote President Joe Biden urging him to nominate a Director of the Office of Science and Technology Policy (OSTP) because the White House office’s “leadership will be encumbered by the lingering allegations of misconduct against [former OSTP Director] Dr. Lander and the senior leadership that still remains at OSTP.”
The United Kingdom’s House of Commons’ Digital, Culture, Media and Sport Committee started an Inquiry: Connected tech: smart or sinister? that “will examine the impacts of the increasing prevalence of smart and connected technology and what needs to be done to ensure it is safe and secure for its users.”
Tweet of the Day
“Unattributed attack ads targeting Labor on Chinese-language WeChat fuel fears of election misinformation” By Anne Davies and Wing Kuang — The Guardian
“Facebook Promised to Remove “Sensitive” Ads. Here’s What It Left Behind” By Angie Waller and Colin Lecher — The Markup
“Twitter’s top lawyer long weighed safety and free speech. Then Elon Musk called her out.”By Elizabeth Dwoskin, Cat Zakrzewski, Will Oremus and Joseph Menn — Washington Post
“UK must protect child influencers from exploitation, MPs say” By Dan Milmo — The Guardian
“San Francisco Police Are Using Driverless Cars as Mobile Surveillance Cameras” By Aaron Gordon — Vice
“I gave Instagram photos of my baby. Instagram returned fear.” By Geoffrey A. Fowler — Washington Post
“Zoom’s New AI Tool Spurs Criticism From Privacy Rights Groups” By Brody Ford — Bloomberg
“India's ongoing outrage over Pegasus malware tells a bigger story about privacy law problems” By Laura Dobberstein — The Register
“TikTok’s Work Culture: Anxiety, Secrecy and Relentless Pressure” By Georgia Wells, Yoree Koh and Salvador Rodriguez — Wall Street Journal
“U.S. lawmakers to open chips, China bill negotiations” By David Shepardson — Reuters
“China Orders Government, State Firms to Dump Foreign PCs” — Bloomberg
“Didi, Lenovo founders go private on China social media, join retreat from spotlight” By Josh Ye — Reuters
“Should Facebook be criminally liable for interfering with Australia’s lawmaking process?” By Julia Powles and Hannah Smith — Rappler
“Leaked Memo Reveals Apple’s Anti-Union Talking Points for Store Managers” by Lauren Kaori Gurley — Vice
§ 12 May
o The United States (U.S.) Federal Trade Commission (FTC) and U.S. Department of Justice will hold a listening forum on firsthand effects of mergers and acquisitions: technology.
o The United States (U.S.) House Appropriations Committee’s Commerce, Justice, Science Subcommittee will hold a hearing on the Department of Commerce’s FY 2023 budget request with Secretary of Commerce Gina Raimondo.
o The United States (U.S.) House Intelligence Committee’s Defense Intelligence and Warfighter Support Subcommittee will hold a closed hearing on the Fiscal Year 2023 Military Intelligence Program Budget Hearing.
§ 15-16 May
o The United States-European Union Trade and Technology Council will meet in France.
§ 19 May
o The United States (U.S.) Federal Communications Commission (FCC) will hold an open meeting with this tentative agenda:
§ Combatting Illegal Robocalls. The Commission will consider a Report and Order, Order on Reconsideration, and Further Notice of Proposed Rulemaking addressing foreign-originated and other illegal robocalls from multiple angles. (CG Docket No. 17-59; WC Docket No. 17-97)
§ Expanding Broadband Service Through the A-CAM Program . The Commission will consider a Notice of Proposed Rulemaking seeking comment on a proposal by the ACAM Broadband Coalition to achieve widespread deployment of 100/20 Mbps broadband service throughout the rural areas served by carriers currently receiving Alternative Connect America Model support, and proposing targeted modifications to the Commission’s rules to improve the efficiency and efficacy of the high-cost program. (WC Docket Nos. 10-90, 14-58, 09-197, 16-271, RM-11868)
§ Modernizing Priority Services for National Security and Emergency Response. The Commission will consider a Report and Order that would update and streamline its rules providing priority provision and restoration of service for national security and emergency response users. (PS Docket No. 20-187)
§ Updating FM Radio Directional Antenna Verification. The Commission will consider a Report and Order to allow applicants proposing directional FM antennas the option of verifying the directional antenna pattern through computer modeling. (MB Docket No. 21-422)
§ Enforcement Bureau Action. The Commission will consider an enforcement action.
§ 24 May
o The President's National Security Telecommunications Advisory Committee (NSTAC) inside the United States (U.S.) Department of Homeland Security will hold a meeting with this agenda: “(1) Classified threat briefing and discussion, which will provide NSTAC members the opportunity to discuss information concerning threats to NS/EP communications with senior Government intelligence officials; and (2) potential NSTAC study topics discussion.”
§ 16-17 June
o The European Data Protection Supervisor will hold a conference titled “The future of data protection: effective enforcement in the digital world.”