Next, members of the federal trade Commission Rebecca Slaughter and Christine Wilson on the agencies priorities and privacy concerns with new technologies. This event was hosted by the brookings institution. Welcome everybody here. Welcome to our cspan audience. Im cameron kerry, the distinguished visiting fellow at brookings and the center for technology and innovation. And i am pleased to continue our discussions on hashtag the privacy debate. Please feel free to live tweet on that. The federal trade commission a been very much at the center of that debate both as Congress Moves forward and as as a government, as a people deal with the policy issues of privacy. The commission has been very much in the spotlight with major cases, the Facebook Cambridge analytica settlement, youtube settlement, and a series of hearings on competition and Consumer Protection in the 21st century ear a lot of the focus on issue of data and privacy. So were fortunate to have with us today two commissioners, rebecca slaughter and Christine Wilson, both of whom have long backgrounds in public policy. Rebecca slaughter on the hill. Christine wilson previously as chief of staff at the commission, and both experienced in private law practice and other capacities. So just jump right into it. Just kind of begin, if we could, with an overview. Now i think, rebecca, you started in may of last year. Christine in september, the both of you are about a year on, had the experience of cases of hearings. How do you see the privacy landscape today . What do you see as the key issues as we go forward . Youre the Senior Commission on that panel so i defer to you. Almost 18 months of experience now. Thanks for having us. Its nice to be and its nice to be here with christine. This is an issue i know we both care about about and are excited for an opportunity to talk about together. So what are the key issues . Obviously this is an issue to which ive been giving a lot of thought from the perspective of enforcement which is different from a policy perspective that i had and lens i had for so long on the hill. So a few observations that are key in my mind now. The first is that i think we just use the term privacy, we may be unintentionally cabined ourselves to too narrow a universe of thought about the date issues that we are facing. Because privacy generally refers to the sharing of information that people would rather had shared. There are real harms that flow from that and thats a real set of values we need to protect. I think we cant separate those harms from the kinds of harms that flow from the use of that data to turn around and make decisions for people or about people or target manipulate information or harmful information to people. My first observation is that i have been thinking, trying to think a lot more about data abuses rather than the narrow frame of data privacy, because i dont want us to get to cabined into a universe that prohibits thinking about the full planet b of issues that we are encountering. Panoply the second observation i which it is really over noticing consent in this universe. Notice and consent as a framework that informs a lot of sec enforcement action and it makes a lot of sense. You tell people what youre doing with their data. You keep your promises. We can enforce where you buy or you dont. That sounds reasonable but for notice and consent to be meaningful, both notice and consent have to be meaningful. And in this space of data i dont think either our particularly. If we take notice, first of all, weve all seen this to texas by how long would take normal people or even very well educated people to read all the privacy policies they encounter in a year. Its months. People dont do it. And even if you tried to do it, you cant i tried to do it and i cant understand what it means what is being done with my data and a lot of cases, and i have the best tools at my disposal of basically anyone to do that analysis. So i dont think the notice is particularly meaningful, and consent isnt particularly mint for either because most options are take it or leave it. Even if take the time to read the Privacy Policy you cant turn around and say im fine with paragraphs one through eight, please make this edit tonight and then doubleclick consent. You just have to say yes. In fact, you often have to say yes to access the service that is necessary for your participation. I think we need to refrain the guideposts away from the concept of notice and consent, and think more about consumer expectation. What do consumers expect will be done with her data and whats reasonable from that framework. The last point i would make and then i will turn over to christine is, i think we need to be particularly sensitive to have these problems of data abuses and have challenges of notice and consent fall disproportionately on vulnerable populations. Thats important from a policymaking prioritization standpoint and its also important from our thinking about enforcement efforts. I think with those observations i will defer to christine. Thank you for having us. It is great to be here with her back and i think the folks here today will see that we agree on almost everything in this space. Not true on every issue. So my views on privacy and privacy legislation have changed over time. I i did mention the honor of having serving the chief of staff when he was chairman of the federal trade commission in 20012002, and at 2002, and at the beginning of that decade we were grappling with how to deal with privacy issues and it was a significant topic of discussion. We brought early cases like eli lilly and Microsoft Case where misrepresentations were made or poor data hygiene practices resulted in sharing of data in ways that consumers would not expect. Those were good cases for the ftc to bring. We also brought, we created the donotcall registry, and i think given the experience of the number of robocalls today we realize technology has outpaced the telemarketing sales rules. And in the same way there are developments that have outpaced some of the thinking that we did in those early days about how the ftc could be brought to bear. Frankly, we found the edges of the thorn in this area. I am in favor of light touch regulation, and i had to grapple over the last several months with eventually embracing the need for federal privacy legislation. Theres a great paper that export all the different ways you could address harmful abuses. Working through that rubric help make it comfortable with the core federal privacy legislation in this area. And ultimately i think businesses need predictability and certainty. The vast majority of states want to follow the law, comply with the lumbar right now theres a lot of great areas how to do that. I think we all agree on abstract principles of how to deal with Consumer Privacy and data security, accountability and risk management, transparency. But doing that and an informed way is difficult without bright line rules from congress and so i think particularly with coming online gdpr online and other states look at privacy legislation, businesses need that certainty and flexibility. By the same token i think consumers more information. I think there is significant opacity with respect to consumer data. I think the average consumer does not understand all of the different kinds of data that are collected and what is done with the data once it is collected, with whom it is shared, how it is monetized, how it gets transferred to third parties with her without safeguards for the protection of the information. So there significant information asymmetries, and i would love to see legislation that helps boost that transparency. I believe consumers can make informed decisions about which services to participate in and avail themselves of without the full information about whats happening with their data those decisions will not be informed. And then finally i think when you privacy legislation because there are gaps that have emerged given competition in tech delta. The fitbit that i wear collects health data but is not covered under hipaa. There are many examples of that. Its been a long process for me in the year ive been at the commission, and lots of conversations with rebecca and my other colleagues at the ftc will be incredibly patient with me as i am thinking through all of these issues. I am now from on the side of meeting federal privacy legislation. Let me explore more on the content of that. You talked about some additional forms of transparency to increase Consumer Choice. Is that enough, or do you think that is more needed to address how businesses handle the data beyond Consumer Choice . Absolutely. And i think that the was one of the first people i heard say in the way that basically it is impossible for consumers to make all the decisions they need to make so some onus needs the on the businesses to handle the data and with applied Risk Assessment and that sort of thing. I dont think transparency is the beginning and the end of federal privacy legislation, and i agree with rebecca that notice and choice, if at all, as a useful limited application. So in that vein, one idea that keeps coming up is data ownership, Senate BankingCommittee Last week had a hearing on that subject. Is that simply another form of notice and choice with money thrown into the market . Im not an expert on this issue. I havent studied all the proposals in detail but my initial reaction is i have a lot of anxiety about the idea that if we pay people for their data, we solve the problems we are seeing in privacy and data uses. For among other reasons, david is valuable in aggregate, when many, many people feel data is collected for many, many sources and aggregator, which means a marginal value of each piece of data is very small. So the amount that an individual consumer might realize, the monetary value the might realize by being paid for the data strikes me as small, and were talking about a universe where people are already giving up lots of data without being paid, so wouldnt a consequence of this likely be that already Large Companies with more money pay people more to aggregate more data which raises questions, serious questions in the competition space as well as in the privacy and Consumer Protections based . And im not sure what problem is solved. Because again if we are getting to the point where were thinking about things through the lens that data is used in problematic ways, not just collected in problematic ways, facilitating collection by paying people may even exacerbate the use problems rather than solving them. I have a slightly different take in conversations that ive had with peter when at doj over the last several months. He and i talked a lot about whether that concept of data ownership helps us get to the answer would want. If i go to turkey can i buy ten items items, who owns the list of items i purchased and for how much . I need those from an accounting and budgeting purposes but target needs those for inventory and revenue and accounting purposes, the bank needs the information. Who owns that data . Im not sure that talking about data ownership gets us to the answers that we are looking for. You mentioned some of the discussions we have been having with one commission and others. Let me ask you both the question your colleague Noah Phillips racer at brookings when he did a number of other forums. What is the harm that were trying to prevent . I think it is a great question here it is a way of focusing the mind, what are the problems were trying to solve . We dont want to rush and create a vast framework without thinking specific about the harms we are attempting to address. And i think the ftc already has a vast set of precedent regarding harms that we do as worthy of waiting. So physical injury and you may want to talk about we made the announcement last week about stalkerware. Financial injury, reputational injury, unwanted intrusion. We have a in which computer rental companies actually installed cameras that could be remotely activated, and those were in bedrooms. Obviously the harms that we are seeking to address are not limited to financial harm. There is a vast array of farmed and begin the cases provide a wonderful list and overview of the harms that it leaves. But i think, i agree with all of that, but i would build on it. First, let me mention the stalkerware case was an important one. It was a case against stalkerware app. You could buy an app and install it on somebody elses song and the app can basically with instructions on how to jailbreak the phones so the person would not be able to delve that they were being tracked. Its not just creepy. It is lethal in a lot of circumstances for victims of domestic violence. Those are incredibly important harms we need to talk about. It is also very important to me that not be a closed universe of harms. Lets think about children for example. There was a study that came out recently that talk about the increase, the dramatic increase in teen suicide rates in the u. S. Theres a notorious case in the uk of a young woman who took her own life at 14 after being the target of some online bullying but also material that was pushed to her the talked about how to commit suicide. Thats indescribably scary and damaging. Thats not a privacy violation in the same what we might have traditionally thought about it. But it is a real harm to use data targeting. I think about terrorist recruitment or recruitment for hate groups. I think about the targeting of manipulative information to voters, children. These are all real the true harms. Whats really important to me in this debate is that we not fall into the trap of thinking we need to be able to quantify harm in order to fight it its easy to quantify financial are but in the data privacy case not always. A lot of harms are not quantifiable and are still very, very real. One thing i think we as an agency need to do and Hope Congress will do is provide help or guidance about the types of harms we think are important but not limited that. I also think there are things we cant anticipate today that will emerge as problems and continue to be problems and we need to make sure we have the flexibility to address emerging problems and not just the ones we are aware of right now. I think in terms of, i think you harms that are not technically evident but that concern is, i am very concerned about the impact on the Fourth Amendment of essentially developing this sense that nothing is private anymore, and so in Fourth Amendment law the question is, was there a reasonable expectation of privacy that was violated. And if in the commercial arena people have the sense that nothing is private anymore, how does that impact the Fourth Amendment jurisprudence with a court, a judge making a decision with respect to societal norms, was there a reasonable expectation of privacy, and you look at the commercial arena and is none, then that has an impact. I am concerned about the erosion of fourth amended protections. Its not something that is within the ftc jurisdiction i think something we as a society should be thinking about through privacy legislation providing rules about did use and abuse, privacy protections and expectation can help us refrain that discussion and tell us what is in and what is out of bounds. And hopefully provide a little more guidance to the courts on Fourth Amendment issues. I think we deal with that to some extent by recognizing, i think as you said, that in a transaction you have certain interests in your grocery list, so do of the people, and the question is how do we balance those interests . I think that gets us to what i think may been a point of departure between you two in the facebook settlement, maybe thats a much a point departure of substance of things as much as ftc authority, but becca slaughter, you dissented from the decision because you wanted to see what you called meaningful limits of what facebook collects, uses, and shares. Among other things, yes. Yes, among other things, but thats the one that is left out on me. Can you flesh that out a little bit . What kinds of i will go back to the expectations principal that i started with. I think that the framework for what Data Companies can collect about people should start with what people reasonably expect to be sharing with them. If i use a mapping out, i reasonably expect that company will need my location information. If i use a flashlight app, i do not expect that company when they buy information because it does not. I think the first set of limitation should be, is the information you are collecting reasonable and necessary to provide the service you are offering . And then second, are you using that date in a way that it is connected to the service yourer offering, or are you then going beyond what you are providing to use that data for other information . Indicates a facebook, my concerns involve the data that facebook collects of people beyond what they expect, including from third parties in a cross behavior, across the web, not just on the facebook platform and from nonfacebook users who dont anticipate that any relationship with that company and are sharing information with them. I think these are all things that are really important to me but instead make a framework notice and choice, making a framework reasonable expectation, what is collected and how it is used makes a lot more sense to bring us in line with not putting with consumers anticipation of how the data will be used and not putting the entire burden on them to make decisions that they dont have the information or the ability often to meaningfully need. I do what is in terms of a disagreement about the facebook outcome, i will let christine speak for herself, but fundamentally one of the point i was making in the case was getting thinks in settlement negotiations is hard, right . There may be cases where there thinks i i would love to see ia settlement that dont make it in at the end of the and i support the settlement in way because its the best use of the agencies resources. In this particular case because of the magnitude of the case and its impact on the markets and the signal that it would send and the scope of the companies reach, i thought is important for us to fight in court if necessary for the outcome that we really thought was important at the end of the day. But but i will also be the firso recognize thats not a maneuver that is guaranteed to achieve those outcomes at the end of that but i thought the transparency i came with opencourt litigation at the potential to finding of liability at the end of litigation would be more effective in helping to change the behavior that we uncovered as problematic to begin with. With respect to a viewpoint i dont disagree with her points about seeking, how would be desirable to impose limitations on the collection and the sharing of information. There was a question about whether the ftc was within its Current Authority has eagerly to do that. We are asking congress to provide those guidelines and to legislate accordingly but i did not feel that it was appropriate to legislate for an entire industry through this settlement. And so we had lots and lots of conversations very cordial and collegial and enlightening and very helpful about facebook. Frankly it was a struggle for mn favor of the settlement or to pursue litigation. I am very sympathetic to the benefit of litigation to the transparency that would bring. Ultimately, i was convinced that consumers needed assistance today, as a relief that we got was very real and meaningful relief. Mark zuckerberg now has two essentially enter into sarbanesoxley type representations every quarter that he and his companies are abiding by the constraints and the obligations of the order, and the early reports back indicate that, in fact, the focusing of the mind which is what we saw when we included that requirement in the order is taking place and is having the desired effect. Facebook has already suspended thousands of apps. Early reports indicate that are many other changes that are taking place behind the scenes, and i look forward to being able to talk about those publicly at the appropriate time. But the early reports indicate that, in fact, beyond the monetary relief there is very real change that is occurring because of this order. And so that is ultimately what led me to vote in favor of a settlement as opposed to litigation, even though i agree absolutely with her point about the benefits of litigation. My concern is the long and drawn out process that may or may not grant the kind of relief that we were able to extract here today in the immediate benefit for all facebook users. This sounds like what you talked about earlier that you are pumping up against limits of your authority. Thats exactly right. What i will just say, i think its important in some of these cases and its true in coppa cases, the limit of our authority if we dont litigate in some cases we dont know what they are. It is really important for us not to impose on ourselves limits that dont exist in the law and in areas where we have limited litigation experience, which is true on order enforcement and Civil Penalties and its true on coppa. Coppa remedies. I think it is difficult for us to assess. We have to apply our best judgment to read the statutes and think about what we in good faith believe to be the limits of our authority but im not convinced those limits exist in the law at the dont think we know thats always the case into macarthur court. Court. And then if we do go through court and find those limits are there, it also helps us in making a case to congress about the limitations of the law. So basically my edge is i think we can do both. I think we could talk to congress and explain where we see constraints today and pushed the envelope where we think its appropriate and an interest of consumers at the same time. Lets talk about that here. What do you see as the constraints today in order to do the job that you have talked about being needed in privacy and lets call the Data Protection, information privacy, and what do you see as the constraints today . Whats the authority that you need . I will start with where christine started. She talked about the comfort she has developed with Rulemaking Authority. I have substantially more comfort in the first instance with rulemaking than she does, this is an area where its particularly important for the reasons that christine talked about. I find it frustrating to hear businesses complain that they dont know what is expected of them but also those same businesses complain they dont want the ftc making rules world telling them what is expected of them. And i do think any area of Data Protection, more and more of those visits are saying youre right, it would be helpful to have clear rules of the road spelledout in in a participaty notice and comment rulemaking process that lets us know what we need to do and how we need to do it. Thats the first thing. Related to Rulemaking Authority, we do not as as a general matter at the ftc have the authority to seek monetary relief for first instance violations. So we can get disgorgement sometimes or we can get redress for consumers, although that authorities also under attack and court right now. But in the case of privacy thats very hard, very hard to measure what is an appropriate disgorgement amount. Its hard to measure consumer harm and tailor a number to that in order to seek redress and it would be much more effective i think from a deterrent perspective to be able to Civil Penalty Authority for first instant violation. We have that as a general matter under coppa because it connected to a rule. The reason we could get a civil penalty in the facebook matter was because they were already under order from violating the ftc act. I dont think thats in the best interest of society for us to have to slap someone on the wrist once before we can create a financial deterrent penalty. And the fact that we see case after case after case of privacy and data abuse violations tells me that we do not have brought in a deterrent effect right now with the authority that we have. So i agree with becca on the need for Civil Penalty Authority. I do think it would be useful deterrent in this area. I think again we disagree on the breadth of Rulemaking Authority that should be granted to the federal trade commission. I think coppa provides a very useful analogy here, and we talked about rules for Congress Versus rules for the ftc. I think it is up to congress to sketch out the rights that consumers have any obligations that businesses should be subject to. There are lots of models out there that have been used, simple, and number of different organizations advanced framework. The difficult part is to instill those into essentially the daily practice of business. So how do we take accountability and Risk Assessment and transparency and create essentially understandable obligations for businesses that they can abide by. And then for the ftc to fill in with narrow rulemaking is appropriate. So congress for example, in coppa said we believe its important for children under the age of 13 to have their parents give verifiable rental consent before websites can collect their information. Didnt the ftc came along and did a narrow rulemaking that said here is how that needs to be verifiable parental consent could be obtained and given. I think thats a a nice balance between the role for congress and the role for the ftc. In terms of other authority, i think the federal trade commission should receive jurisdiction over common carrier. For example, schools and hospitals are collecting very sensitive information, and i think though should be subject to ftc Privacy Authority as should commercial businesses. I would love to see a rollback on nonprofit exemption. I think as congress is creating the bill it would be wonderful if they take into account the need to reserve incentives for competition and innovation. Privacy is important, and so is competition. If there are ways that legislation can be crafted that will create the incentives to continue innovating, American Ingenuity is an amazing thing, how do we foster that while at the same time providing protections for consumers privacy. And then perhaps a couple of areas of disagreement. I think we should have federal preemption. I think consumers and businesses need to know what their rights and obligations are as they crossed state lines. The internet, national boundaries, and so i would support a federal preemption. And then i think the private right of action would be incredibly difficult. I think we dont need more legislation. We need to provide businesses with guidance about what is and is not appropriate. One of the challenges i think in the privacy arena, particularly and using the unfairness authority, has been the consumer harm standard, and that goes to the question of what the harms are. So thinking in terms of what legislation might do, if congress spells out some boundaries on the election, propose a reasonable articulable basis for collecting the data, boundaries, they use a boundaries and sharing, and then violation of these is a violation of section five. Does that provide you with enough authority . I think absolutely that is hope and expectation at least on my part, that congress will provide more clarity about the rights and obligations that consumers and businesses have. Absolutely. And i think to the extent, cam, your question is would it be a problem if ftc had to identify particular harms in any enforcement action, i think it is a problem to have to do that with particularity because a lot of the harm that can flow from data abuses is not immediately identifiable. It is not clear today. So take Identity Theft as an example. If my date is stolen today, i dont know whether it is going to be used to steal my identity or open a line of credit in my name in three years. I know that it could be. Thats a real harm and it could be used in various other ways, but meaning to prove that link is a burden government cant meet at a think it would be counterproductive to set up a Regulatory Regime that is intended to protect the consumers but is functionally unenforceable either the federal government. I will just piggyback off of what christine said. Shes right that we dont entirely agree about preemption and private right of action. I think on the latter point, one thing i would say is i have a lot of anxiety about closing access to court and surreal people in every circumstance. Particularly where the ftc has been so systematically underfunded and state attorneys general are so systematically underfunded that unless you pair Enforcement Authority with dramatic, like astronomical increases in resources, theres no way you can capture the universe of problems. So making sure that enforcement is possible not just in the context of what are the standards but also who can do it and who has the resources to do it is really important to me. Thats one of the questions weve got to deal with the courts, giving state ags the authority to enforcement of privacy and legislation and i agree that it would be helpful but i also we get more resources. So on the resources, you have both i think have brought comparison to some of the Data Protection authorities, overseas, which orders of magnitude greater numbers to bring to the problem. One of the proposals in a couple of bills in congress is to create a new euro. Bureau, a bureau of Data Protection which would allow you to sort of combine some of the Technical Expertise of the technologists across both the privacy and Data Protection issues and the competition issues. Is that something that makes sense, or should it be parceled in the existing markets . I think we need more technologists generally. We put an economist on every single case that we bring, competition or Consumer Protection, and ive seen very few cases in my short tenure that wouldve benefited from the eyes of technologist. But i think organizationally how you do it, i think there are a lot of good options. One thing i will say is i do think the fcc is the right place for new authority to be located rather than having a dpa exacta for three you pointed to, cam. One of my concerns about independent epas that facilitate protection is they dont have the Competition Authority or the competition lens. It is, i think would be to the broader societal deficit for us to not be able to apply that lens and that thinking to the kinds of issues we are seeing in the Digital Space because a lot of them are sound and competition and Consumer Protection at the same time. We could have more cross polarization between our two traditionally siloed areas and where we have cases that implicate both areas, i know christine and i both asked a lot of questions about the staff how the staff on the other side see these questions, and thats just really important to have that lens to make sure that we are thinking through some of the innovation issues that are implicated in these questions. And i think a lot of it in some being a follow the money question. Competition privacy, right, where the dollars are flowing, why are they flowing there, how are they being used . And we can apply that analysis from both the Consumer Protection and the competition standpoint. So i would echo essentially all of what becca said. I think in the first instance it would be, it would illserved the american taxpayer and enforcement to create a Different Agency to enforce privacy laws. I think the federal trade commission has been picky about the station for an incredibly long time. It has moved up the learning curve in terms of incredible sophistication regarding enforcement of the issues, listening to all of the different stakeholders about the interplay of the tensions and how to balance them. It is held workshops and conferences and roundtables that have issued many reports that are very insightful and helpful as we need to enforce in a very nuanced way going forward, ina way that preserves privacy while also allowing competition to flourish. I agree with becca that, first of all, any privacy legislation should give authority to the ftc, and second, that are Enforcement Authority benefits from the interplay of the competition and Consumer Protection issues. I was at the fordham conference a few weeks ago where authorities were talking from around the world and that was the general sentiment, that each side informs the other agencies that have had or are looking forward to having close competition and Consumer Protection authority. There is helpful reinforcement and an alignment of missions. Finally i would agree with becca that im relatively agnostic about how we structure that new expertise within the agency. I think we do need more resources when you look at the incredible growth in the economy, the essential stagnation of the number of ftcs we have at the ftc, it becomes very clear that we have been outpaced and outmanned, and to protect Consumer Privacy and other consumer interests, more resources would be helpful. I like to hammer that point because its something i would not have appreciated and didnt appreciate before i got to the ftc is that when you look from outside as enforcement decision that leads to something to be desired, part of that analysis you dont see is the staff and the commissioners grappling with the question of if we went back and pushed for more in this case, what are we giving up . What are we not doing instead . Some of those decisions, even if you dont openly agree with him at the end of the day, dont come for my sense of well, this is good enough and want to let this company go. They come from a sense of, we have obligations across our mission area to protect consumers, and if we put more into this case we will be leaving for cases on the table in other areas. So again you can disagree and have disagreed about that decision in particular cases, but understanding that that analysis really comes from hard looks at budgets and employee numbers and resource management, is something i had not appreciated until it is on the inside of this conversation and i think its much easier to judge on the outside when you dont have a window into what other of the cases that you might be giving up to move forward here. One more question before we go out to the audience. You talked about competition and privacy and sort of point of overlap or divergence between the two. What do you see as the relationship, the competition policy and vice versa . I will associate myself with her remarks. Our colleague Noah Phillips talks about this issue a lot and what he tends to say is competition, privacy, competition is really important and we have to think carefully about how in your privacy regime would affect compensation. So far i think were still with him but he tends to go into therefore we should not have a new privacy region and thats one like lost and much closer christine is weird to think about, think about it carefully. Again i said early follow the money. A lot of this to me i think advertising is the heart of both of these questions. Data collection is fundamentally about facilitating advertising, and advertising, Digital Advertising market are raising a lot of really important competition questions and i think looking at that with eyes on both sides is it really valuable thing to begin. I would love to explore that more but lets go to the audience for questions. Please stand and wait for the microphone so that everybody here and on cspan can hear the question. Moving on the island first, and then the gentleman behind her. Do you want me to stand as well . Yes please. Thanks. Inside cypress get it. Thank you, commissioners, for being here. Hopefully, you can speak to, given the courts recent ruling on restoring Internet Freedom order and the remand on public safety, how you are thinking about responsibilities of Internet Service providers as it regards to caching since thats an argument for the Information Service classification. To continue moving up the learning curve on this front, we held a hearing on broadband issues within the rubric of the hearings that weve held the last year and information weve collected information and the way that they collect consumer information. So the ftc had the jurisdiction that it was under the open Internet Order and it was restored to us and we are back on and looking forward to protecting consumers and to preventing any competition violations or consumer violations, Consumer Protection violations in this space. Perhaps, unsurprisingly i disagree with christine and did not welcome the decision expand for the remand portions which i thought were important. Look, i think that Net Neutrality is a good example of where the ftcs authority and lack limitations visa vees where the ftc can be and has been in the past and so, i think i dont think that weve seen the end of this particular movie and i think it all continued to play out as states consider how to grapple with these issues. Perhaps congress how to grapple with the issues, but i think theyre complicated and im concerned that our ability to address problematic practices that affect consumers is really not is really limited by the ftc act as opposed to some of the more substantive protections of the ftcs as opposed to what the ftc can provide. The gentleman. Im with com daily. When chopra testified last week, he talked about regulatory capture. Do any of you have regulatory capture at the agency . I have disagreed with some of the Big Decisions weve had in the past few years, but i would say i never thought that the agency was captured by any particular company or agency. As i said, i thought there were some good faith disagreements about the right way to resolve cases. One nice thing about being generalist agency rather than specific industry agency, it makes us less subject to capture. We go broad across the economy and we dont tend to have the same sort of narrow focus that other particular agencies get and thats to our benefit and to the benefit of consumers so we should always be on the lookout for regulatory capture or other capture. Right . We should have Public Servants who serve the public. Thats their first and best and greatest and only obligation, thats something that im sensitive to. Its not candidly something that ive seen evidence of. And i agree. Other question . Over here. Up front. Thanks. Steven with the only Family Safety institute. The childrens Online Privacy protection act is 20 years old. Is it up to what it was originally designed for, what is a reason for the online review. To ensure that recent technologies are taken into account with the rule that we have and we have position flexibility to build in guardrails for new technology as they emerge and as far as what the outcome would be, i think thats prejudging and neither becca nor i would want to venture into. I agree with that. I do think that i have some questions about whether verifiable parental consent is really the only guardrail that we need for children. I understand how it can be valuable and as a parent, i appreciate the concept, but im not sure that it captures the whole universe and im very concerned for children in the Digital Divide space where children who come from families with fewer resources, whose parents may be less available because theyre working 15 different jobs, i want to make sure that were not depriving those children and those communities of protections, that a that better resourced parents are able to provide their children. So, i think i think and im not sure thats entirely captured by coppa at this point. I have a different idea of the rule making, when we have rule making that allows us flexibility it can make sure that we can refresh them perhaps more than the latest could be refreshed, but boundaries of our authority lyonne a call them out if we think theyre problematic. Nicole. Thank you for being here and im glad that brookings was able to host you. I want to go back to vulnerable populations. Im curious in the ftc will look at bias discrimination. Will the opacity make it harder to identify where theres level of disparate impact. And curious now that privacy legislation is taking on this conversation in a meaningful way in terms of algorithmic bias and how you actually make determinations of that impact . I would just note at the baseline that the federal trade commission has looked at these issues, particularly in its report on big data and so, the ftc has long been thinking about and grappling with these issues and has brought cases where the thrust of the business conduct may be to deprive consumers of credit or the ability to get an apartment and have acted in a way that causes unfortunate outcomes, but becca may have more . Yeah, i think thats right, but i think its something that we need to continue to focus on because exactly as you say, as some of these decisions become hidden behind algorithms and are more opaque, it is more important that we shine lights on them and uncover them where they exist and Pay Attention to them and to me, its both about thinking about general practices and whether theyre acceptable and making sure we prioritize our enforcement efforts to reflect an understanding that this kind of harm is real and material to real people. When i talked about data abuses at the beginning and decisions made for people, one of the things i was referring to, although i didnt say it explicitly at the time was bias algorithmic decision making, which as christine said could go to jobs, housing, applications, all the things that make enormous difference to opportunity for real people. And thats the upside of the ca case so were coming up against time so lets take any questions that are out there remaining. I see one here on the aisle over there. Any other takers . Going, going gone here on the left. So, and you know, you can take bundles of questions, and you can give any wrapup comments you want to make. Other than with respect to limited resources, could you comment on some of the Lessons Learned in the very, very slow Government Agency response to cutting out spam . And robo calls . This one over here, this is closer and then around to the side. Thank you, ddtv. My question is when several states have already drawn up their own legislation on the data privacy protection, so, whats your expectation for the federal level what will be coming up next year . And then over here on the aisle. Laura hoffman american medical association. Im curious with the topics of today and how certain types of information may be used against people and to what effect and essentially, im wondering if in federal legislation you think theres value in describing certain types of information as particularly sensitive. Obviously, Health Information is considered sensitive by many and to the point earlier, it wouldnt be covered that data wouldnt be covered by hipaa, but theres a lot more information now that it would be considered Health Information. Would it be helpful for the ftc to have information such as Health Information have additional protections or should we be speaking more about the harms and impact that any type of information being used inappropriately. Commissioner wilson and commissioner slaughter, you can respond to those and take us to the finish line. It is it robo calls render your phone useless. Theyre killing the technology of telephone, its infuriating. We bring all the cases we can against the people that wcaght, hiding out in a foreign country, and thats good and important work and im really glad we do it. It is a tiny, tiny fraction of the problem because most of the people spamming your calls are also criminals trying to steal your money and dont really care about the business sanction of the telemarketing sales rule. We should go after people violating the telemarketing sales rule for sure, but what i actually think has become very clear in the case of both spam, but particularly robo calls is that these are problems that demand a technological solution and if i were the queen of the universe, i would put those the power and the onus on the carriers to do that filtering. I pay for my cell phone service. They get value from allowing robo callers to use their lines. But that value is going to disappear when people stop using phone lines because they become a dead letter. So i think that the responsibility, and i think it is important to clarify that they have the legal capacity that it is allowed to better and more aggressive blocking, but also the onus should be on the carriers to stop a lot of that. And as becca says, weve brought many cases. Weve got, i think at latest count, 500 companies and 400 individuals. 1. 4 billion in judgment. We work with carriers to help trace back over multiple networks where the robo calls are originatinoriginating, but difficult to identify and to bring them to justice and some sort of assistance from the carriers, which i think theyre working on, would be wonderful and i, too, would really appreciate that. Its fully whackamole right now. We cant whack all the moles. We cant whack a fraction of them. And question from the ama representative, i think there are certain categories of information that require heightened sensitivity and awareness with respect to their treatment. I think we have a number of examples already in the law, so hipaa for health care had, and for Financial Data and coppa for children, all should have heightened security and awareness and other geo location, and Genetic Information that could fall within health care in the content of communications. Dtt has a draft bill that identifies a number of these areas and there are other model bills out there that do the same. I think the interesting thing is that you can take several pieces of data that would not standing alone be viewed as sensitive, but then aggregate them and reach an incredibly sensitive result as is the case for, you know, diapers and pregnancy test and figuring out someone and notifying the parents through advertisement which is problematic. So, i think absolutely, thats something that should be addressed. And then the other question, i think, was about the federal privacy legislation and ill leave that to becca, our residential congressional expert. By being a congressional expert what ive learned is that my ability to prognosticate what is possible is extremely limited and maybe theres a reason i dont work in congress anymore, but here is what i will say. I think we have the necessary conditions to get to a federal law. I am hopeful that they become the sufficient conditions. I think that my experience in drafting legislation is that people often come to the table and say, i know youre offering me this, but i want this. And good faith staffers and members have to say your choice is not between this and this, its between what im offering you, and the status quo. And particularly, as more states consider legislation, i think the status quo may get more or less appealing to different sides of the debate depending what we see in state legislation. So, reminding oneself that you dont get to have your perfect legislation, thats not how legislating works, if you achieve something that gets goals and principles you care about, thats a really important, thats a really important thing to do. Im hopeful that well get there. I will say i know the people who are working on this are working incredibly hard in exceptionally good faith and theyre the smartest and brightest ive had the pleasure of working with. So i have a lot of confidence the right ingredients are there and that in their hands, im hopeful they will produce an excellent result. Absolutely, well, good advice for stakeholders all around. This has been an informative ap and collegial discussion. Thank you for being here and please join me in thanking commissioner wilson and slaughter. [applaus [applause]. [inaudible conversations] [inaudible conversations] here is a look at whats live tuesday on the cspan network. On cspan, the house is back at 10 a. M. Eastern for general speeches with legislative business at noon. On the agenda is the bill that would impose sanctions on turkey for its recent incursion into syria and other actions. On cspan2, the Senate Returns to continue work on a 2020 spending bill that covers several agencies, including agriculture, transportation, and housing. And on cspan 3, the head of boeing is on capitol hill at 10 a. M. Eastern to testify about safety concerns related to the boeing 737 max aircraft which saw the entire fleet grounded this year after two fatal crashes. Later in the day a house judiciary subcommittee looks at how immigration policies are affecting veterans and their famili families. This week, the house is expected to consider a resolution affirming the ongoing impeachment inquiry against President Trump and any additional steps the house might take as part of the investigation. The House Rules Committee is meeting wednesday to go over the measure setting up possible floor debate and a final vote in the house as early as thursday. As always, well have live gavel to gavel coverage on cspan. Senator Charles Grassley spoke on the Senate Floor Monday about former secretary of state clintons use of a private email server. He spoke about his continuing investigati investigation. In march of 2015 i began our long investigation into secretary clintons use of nongovernment email for official business. Since then i have written hundreds of letters, held hearings, and discussed my findings and concerns right here on the senate floor. After all, the publics business ought to be public. Today we can add more