Vladimir J. Semendyai · June 2016
84 Geo. Wash. L. Rev. Arguendo 51
The Federal Trade Commission (“FTC”) has long had authority to bring enforcement actions against “unfair or deceptive acts or practices in or affecting commerce” under section 5 of the Federal Trade Commission Act. In the last two decades, the FTC has used that authority to enforce data privacy and security in the digital age, constantly increasing its expertise in the area and the breadth of its enforcement. In their latest article, The Scope and Potential of FTC Data Protection, Professors Hartzog and Solove argue that this is a good thing. They contend that the FTC should not only be allowed to continue its enforcement actions, but that it should expand its role as the linchpin of the American data security framework. Others, however, believe the FTC’s approach to data protection enforcement raises some constitutional fair notice concerns.
Until very recently, all companies targeted by the FTC for unfair data security practices had chosen to settle. This choice resulted in many consent orders and draft complaints, but few actual adjudication decisions. Professors Hartzog and Solove argue that these settlement documents are nonetheless the same as products of the traditional common law method and similarly provide adequate fair notice under the Due Process Clause.
This Note responds to their argument and contends that reliance on the FTC’s settlement documents for fair notice is improper because the documents share very little substance with actual judicial decisions and are more analogous to contracts. Reliance on these documents, however, is not necessary because fair notice is already present in the FTC’s enforcement approach, which relies on the reasonableness standard. This Note argues that under that approach, companies have constitutional fair notice because they only need to follow the data-security industry’s best accepted practices for their circumstances in order to meet their duty of care. In addition, courts have long been familiar with applying the reasonableness standard in other contexts, most notably in tort law. Rather than tying fair notice to settlement documents that are inadequate for that role, looking to the reasonableness standard is the proper approach to the FTC’s enforcement actions because it balances fair notice with the FTC’s need to remain flexible in the ever-changing technological arena.
Read the Full Note Here.
