On theprivacydebate. Please feel free to live tweet on that. Its been at the center of the that debate as Congress Moves forward and as we as a government, a as people, deal with the policy issues of privacy. The commission has been very much in the spotlight with major cases, the Facebook Cambridge analytica settlement, youtube settlement, and a series of hearings on competition and Consumer Protection in the 21st century. Were focused to have with us today two commissioners, Rebecca Kelly slaughter and Christine Wilson, both of whom have long backgrounds in public policy. Becka slaughter on the hill, Christine Wilson previously as chief of staff at the commission and both experienced in private law practice and in other capacities. Want to just jump right into it, and just kind of begin if we could with an overview. You now, i think, becka, you started in may of last year, christine in september, both of you are about a year on. Youve had the experience of the cases, the hearings. How do you see the privacy landscape today . What do you see as the key issues as we move forward . Youre the senior commissioner on the panel, becka, so i defer to you. Almost 18 months of experience now. Thanks. Thanks for having us. Its nice to be here and its nice to be here with christine. This is an issue i know we both care a lot about and are excited to talk about this together. So what are the key issues . Ive been obviously this is an issue to which ive been giving a lot of thought from the perspective of enforcement which is different from the policy perspective that i had and lens that i had for so long on the hill. So a few observations that are key in my mind now. The first is that i think that when we just use the term, privacy, we may be unintentionally cabin ourselves to too narrow a universe of thought about the data issues that we are facing. Because privacy generally refers to the sharing of information that people would rather not have shared. And there are real harms that flow from that, and thats a real set of values we need to protect. But i think we cant separate those harms from the kinds of harms that flow from the use of that data to turn around and make decisions for people or about people or target manipulative information or harmful information to people. So my first observation is that itch been trying to think a lot more about data abuses rather than the narrow frame of data privacy, because i dont want us to get too cabined into a universe that prohibits thinking about the full panoply of issues that were encountering. The second big observation that i would share is i am really over noticing consent in this universe. You know, noticing consent is a framework that informs a lot of ftc enforcement action. It makes sense. You tell people what youre doing with their data. You keep your promises, and we can enforce where you lie or you dont. That sounds reasonable. But for notice and consent to be meaningful, both notice and consent have to be meaningful. In the space of data i dont think either are particularly. If you take notice first of all, weve all seen the statistics about how long it would take normal people or even very well educated people to read all the privacy policies they encounter in a year. Its months. People dont do it. Even if you try to do it, you cant under i try to do it and i cant understand what is being done with my data in a lot of cases. And i have the best tools at my disposal of basically anyone to make those to do that analysis. I dont think the notice is particularly meaningful. And consent isnt particularly meaningful either because most of these are take it or leave it. Even if you take the time to read the privacy policy, you cant take around and say im fine with paragraphs 1 through 8, please make these edits in 9 and i will consent. You just have to say yes. And often you have to to access a service thats necessary for your participation in society. So i think we need to preframe the guideposts away from the concept of notice and consent and think more about consumer expectations. What do consumers expect will be done with their data and whats reasonable from that framework . And then the last point ill make before i turn it over, i think we need to be particularly sensitive to how these problems of data abuses and how the challenges of notice and content fall disproportionately on vulnerable populations. Thats important from a policy making prioritization standpoint and how were thinking about enforcement efforts. So i think with those observations, ill defer to kris christine. Thanks. It is great to be here with becka, and i think the folks here today will see that we agree on almost everything in this space. So its good to be here. Not true on every issue. Right. Well dig down into that. Exactly. Exactly. So my views on privacy and privacy legislation have changed over time, as kim mentioned, i did have the honor of serving as chief of staff to the federal chairman commission, in 200 one and 2002. At the beginning we were grappling with how to deal with privacy issues. It was a significant topic of discussion as tim was dealing with confirmation hearings. We brought early cases like eli lilly and in the Microsoft Case where misrepresentations were made or poor data hygiene practices resulted in sharing of data in ways consumers would not expect. Those were good cases for the ftc to bring. We also created the do not call registry, and i think, given that the experience we have with robo calls today, we realize that technology has outpaced the telemarketi telemarketing sales role. And there are a o lot of developments that have outpaced some of the thinking that we did in those early days about how the ftcs authority could be brought to bear. Frankly i think we have found the edges of the authority in this area. So i am in favor of lighttouch reg lair regulation. And i had to grapple over the last several months with eventually embracing the need for federal privacy legislation. Theres a great paper by cyril ritter who explored different ways you can address harms and abuses, should it be exante or expost. Work be through his rubric helped me get comfortable with the need for federal privacy legislation in this area. Ultimately i think businesses need predictability and certainty. I think the vast majority of businesses want to follow the law, comply with the law. Right now i think theres a lot of gray areas. I think we all agree in the abstract principles of how to deal with Consumer Privacy and Data Security and theres accountability and Risk Management and transparency. But doing that in an informed way is very difficult without rightline rules and guidance from congress. So i think particularly with ccpa potentially coming online and gdpr online and other states looking at privacy legislation, businesses need that certainty and predictability. By the same token, i think consumers need more information. I think there is a significant owe passty with respect to consumer data. I dont think the average consumer understand all of the different kinds of data is collected and what is done with it, with whom it is shared, how it is monetized, how it gets transferred to third parties with or without safeguards for the protection of that information. And so there are significant information a symmetries, and i would love to see legislation that helps boost that transparency. I believe people can make decisions of which services to participate in. But without that full information about whats happening with their data, those decisions will not be informed. And then finally i think we need privacy legislation because there are lots of gaps that have emerged, given evolution in technology. So the fitbit that i wear collects health data but its not covered under hippa. There are many examples like that. I think its been a long process for me in the year that ive been at the commission and lots of conversations with becka and my other colleagues at the ftc who have been incredibly patient with me as im thinking through all of these issues. But i am now officially on the side of needing federal privacy legislation. So let me explore a little bit more on the content of that. You talked about some additional forms of transparency to increase Consumer Choice. Is that enough, or do you think theres more needed that to address how businesses handle the data beyond Consumer Choice . Absolutely. And i think becka was one of the first people that i heard say it in this way, but basically it is impossible essentially for consumers to make all of the decisions that they need to make. And so some onus to some extent needs to be on the businesses to handle the data they have with accountability and with applied risk assessments and that sort of thing. So i dont think transparency is the beginning and the end of federal privacy legislation. And i agree with becka that notice in choice, if at all, has a use only in pretty limited applications. Yeah. So in that vein, i mean one idea that keeps coming up is data ownership, Senate BankingCommittee Last week had a hearing on that subject. Is that simply another form of notice and choice . Is money thrown into the bargain . I will say, im not an expert on this issue. I havent studied all the proposals in detail. My initial reaction is to have a lot of anxiety about the idea if we pay people for their data we solve the problems that were seeing in privacy and data abuses. If, for among other reasons, data is valuable in aggregate. When many, many peoples data is collected from many, many sources and aggregated which means the marginal data from each piece is very small, so the amount that an individual consumer might realize, the monetary amount strikes me as small, and were talking about a universe where people are already giving up data without being paid, so wouldnt a consequence of this likely be that already Large Companies with more money pay people more to aggregate more data which raises serious questions in the competition space as well as in the privacy and Consumer Protection space . And im not sure what problem it solves. If were getting to the point where if were thinking about things through the lens that data is used in problematic ways, not just collected in problematic ways, facilitating collection by paying people may even exacerbate the use problems rather than solving them. I guess i have a slightly different take. In conversations that ive had with peter win at doj over the last several months, he and i have talked a lot about whether that concept of data ownership helps us get to the answer. If i go to target and buy ten items, who owns the list . I need those for my accounting and budgeteding but kaurgt needs those for revenues, the merchant bank, the acquiring bank needs the information. Who owns that data . And so im not sure that talking about data ownership gets us top answers that were looking for. Uhhuh. So let me you mentioned some other discussions youve been having among commissioners and with others. Let me ask you both a question that your colleague noah philips was raised, at brookings and a number of other forums. What is the harm that were trying to prevent . Commissioner wilson you want to lead off . I think it is a great question. It has a way of focusing the mind. What are the problems that we are trying to solve . We dont want to rush and create a vast legislative framework without thinking specifically about the harms that were attempting to address. And i think the ftc already has a vast set of precedent regarding harms that we view as cognizable and worthy of avoiding. So physical injury and you may want to talk about retina x. You made the announcement there but we made the announcement last week about stalker ware, and that is absolutely an appropriate use of our privacy jurisdiction. Financial injury, reputational, unwanted intrusion. We have a case in which computer rental companies actually installed cameras that could be remotely activated, and those were in peoples bedrooms. And so obviously the harms that were seeing to address are not limited to financial harms. There is a vast array of harms. The ftc cases provide a wonderful list and overview that the ftc has viewed as cognizable. I agree with all of that but i would build on it. Let me mention the stalker ware case was important. It was the first case against the stalker ware app. You could buy an app and install it on somebody elses phone. The app came with instructions on how to jailbreak the phone so the person would not know they were being tracked. Its not just creepy. It is lethal in a lot of circumstances for victims of domestic violence. Those are incredibly important harms that we need to talk about. But it is also very important to me that that not be the closed universe of harms. So lets think about children, for example. There was a study that came out recently that talked about the increase, the dramatic increase in teen suicide rates in the u. S. And theres a pretty notorious case in the uk of a young woman who took her own life at 14 after being the target of some online bullying but also material that was pushed to her that talked about how to commit suicide. Thats i mean, thats indescribably scary and damaging. Thats not a privacy violation in the same way we might have traditionally thought about it, but it is a real harm from data use, data targeting. I think about terrorist recruitment or recruitment for hate groups. I think about the targeting of man ip lawtive information to voters, to children. These are all real material harms. Whats really important to me in this debate is that we not fall into the trap of thinking we be able to quantify harm in order to find it cognizable. Its sometimes easy to quantify financial harm, although not always. A lot are not quantifiable and are still very, very real. One thing i think we as an agency needs to do and i Hope Congress will do is provide harms that they will do but not limit that. I think there are things we cant anticipate today that will emerge as problems and will continue to be and we need to have the flexibility to address emerging problems and not just the ones we are aware of right now. If i can just augment, i think in terms of thinking about harms that are not technically within the ftc jurisdiction but that concern us, i am very concerned about the impact on the Fourth Amendment of essentially developing this sense that nothing is private anymore. And so in Fourth Amendment law, the question is, was there a reasonable expectation of privacy that was violated . And if in the commercial arena, people have the sense that nothing is private anymore, how does that impact the Fourth Amendment jurisprudence, when a court, a judge, making a decision with respect to societal noermtz, was there a reasonable expectation of privacy . And you look at the commercial arena and there is none, then that has an impact. I am concerned about the erosion of Fourth Amendment protections. Not something that is within the ftcs jurisdiction. But we as society should be thinking about, providing bright line rules, privacy expectations, can help us reframe that discussion and tell us what is in and what is out of bounds and hopefully provide a little more guidance to the courts on Fourth Amendment issues. Yeah. Yeah. I mean, i think we deal with that to some extent by recognizing i think as you said, christine, that in a transaction, you have certain interests in your grocery list, but so do other people. And the question is, how do we balance those interests . And i think that gets us to what i think may have been a point of departure between you two in the facebook settlement, maybe not so much at point of departure on substance of things as much as ftc authority. But becka slaughter, you dissented from the decision because you wanted to see what you called meaningful limits on what facebook collects, uses and shares. Thats among other things, yes. Yes, among other things. But thats the one that leapt out at me. So can you flesh that out a little bit . What kinds of limits . So i will go back to the expectations principle that i started with. I think that for i think the framework for what people what Data Companies can collect about people should start with what people reasonably expect to be sharing with them. If i use a mapping app, i reasonably expect that company will need my location information. If i use a flashlight app, i do not expect that that company will need my information because it does not. So i think the first set of limitations should be, is the information youre checking reasonable and nez to provide the service that youre offering . And then second, are you using that data in a way that is connected to the service that you are offering . Or are you then going beyond what you are providing to use that data for other information . You know, in the case of facebook, my concerns involve the data that facebook collects about people beyond what they expect, including from third parties, and across behavior across the web, not just on the facebook platform and from nonfacebook users who dont anticipate they have any relationship with that company and therefore are sharing information with them. So i think those are all things that are really important to me. But instead of making our framework notice and choice, making our framework reasonable expectations of what is collected and how it is used, makes a lot more sense to bring us in line with not with consumers anticipation of how their data will be used and not putting the entire burden on them to make decisions that they dont have the information or the ability often to meaningfully make. And i do want to say in terms of the disagreement about the facebook outcome, ill let christine speak for herself, but fundamentally one of the points i was making in that case is that getting things in settlement negotiations is hard. There are maybe cases where there are things id love to see in a settlement that dont make it in and i support it anyway because i think its the best use of the agencys resources. In this particular case because of the magnitude of the case and its impact on the markets and the signal that it would send and the scope of the companys reach, i thought it was important for us to fight in court if necessary for the outcome we thought was important at the end of the day. But i will also be the first to recognize that thats not a maneuver thats guaranteed to achieve those outcomes at the end of the day. But i thought the transparency that came with open Court Litigation and the potential of finding at the end of the litigation would be more effective in helping to uncover the behavior that we thought was problematic to begin with. With respect to the viewpoints, i dont disagree with beckas points about seeking, how it would be desirable to impose limitations on the collection and use and sharing of information. There was a significant question about whether the ftc within its Current Authority has the ability to do that. We are asking congress to provide those guidelines and to legislate accordingly. But i do not feel that it was appropriate to legislate for an entire industry through this settlement. And so we had lots and lots of conversations, very cordial and collegial and actually enlightening behindthescenes conversations about facebook. And frankly it was a struggle for me to destroyed whether to vote in favor of the settlement or to pursue litigation. I am very sympathetic to the benefits of litigation to the transparency that that would bring, ultimate i was convinced that consumers needed assistance today. And the relief that we got was very real and mainingful relief. Mark zuckerberg now has to essentially has to enter into representations every quarter that he and his company are abiding by the constraints and the obligations of the order and the early reports back indicate that in fact the focusing of the mind, which is what we sought when we included that requirement in the order, is taking place and is having the desired effect. Facebook has already suspended tens of thousands of apps. Early reports indicate that there are many other changes that are taking place behind the scenes. And i look forward to be able to talk about those publicly at the appropriate time. But the early reports indicate that in fact beyond the mon terri relief, there is very real change because of this order and that is ultimately what led me to vote in favor of a settlement as opposed to litigation, even though i agree absolutely with beckas points about the benefits of litigation, my concern, it is a long and drawnout process that may or may not grant the kinds of relief in the end that we were able to extract here today for the immediate benefit of all facebook users. So that sounds a little bit like what you talked about earlier, that youre bumping up against the limits of your authority. Thats exactly right. What i will just say, i think it is important in some of these cases and its true in capa cases too, the listmits of our authority, if we dont litigate we dont know what it is. It is important for us to not impose on ourselves limits in the law. And in areas where we have limited litigation experience which is true on order enforcement and true on capa remedies. I think it is difficult for us to assess. We have to apply our best judgments and read the statutes and think about what we in good faith believe to be the limits of our authority. But i am not convinced that those limits exist in the law. And i dont think that we know that thats always the case until we go through court. And then if we do go through court and find those limits are there, i think it also helps us in making our case to congress about the limbtations of the law. Basically my answer is i think we can do both. I think we can talk to congress and explain where we see constraints today and push the envelope where we think its appropriate and in the interest of consumers at the same time. Lets talk about that here. So what do you see as the c constaints today and in order to do the job youve talked about being needed in privacy and lets call it data protects or information privacy, and what do you see as the constraints today . Whats the authority that you need . So ill start with where christine started. She talked about the comfort that she has developed with Rule Making Authority. I had substantially more comfort than she does. This is an area where i think its particularly important for the reasons christine talked about. I find it frustrating to hear businesses complain that they dont know what is expected of them but also those same businesses complain they dont want the ftc making rules telling them what is expected of them. I think in the area of Data Protection, more and more of those businesses are saying, youre right, it would be helpful to have clear rules of the road spelled out in a parts paytor rooer notice making process that lets us know whoa what we need to do. Related to Rule Making Authority, we do not as a general matter at the ftc have the authority to seek monetary relief for first instance violations. So we can get disgorgement sometimes or we can get redress for consumers, although that authority is also under attack in the courts right now. But in the case of privacy, thats very hard. Its very hard to measure what is an appropriate disgorgement amount, to measure consumer harm and tailor a number to that. It would be more effective to be able to have Civil Penalty Authority for first instance violation. We have that as a general matter under capa because its connected to a rule. The reason we could get a civil penalty in the facebook matter was because they were already under order for violating the ftc act. I dont think thats in the best interest of society for us to have to slap someone on the wrist once before we can create a financial deternlt penalty. The fact that we see case after case after case of privacy and data abuse violations tells me we do not have a broad enough detent effect right now with the authority that we have. I agree with becka on the need for Civil Penalty Authority. I do think that it would be a useful deterrent in that area. We disagree on the breadth of Rule Making Authority that should be granted to the federal trade commission. I think capa actually provides a useful analogy here. We had talked preefbtsly about roles for Congress Versus roles for the ftc. I think it is up to congress to sketch out the rights that consumers have and the obligations that the businesses should be subject to. And there are lots of models out there that have been used, simple and a number of different organizations have advanced frameworks. And the tricky part obviously is to disstill those into essentially, you know, the daily practice of business. And so how do we take accountability and risk assessments and transparency and create essentially understandable and transparent o obligations for businesses that they can abide by. And then for the ftc to fill in with narrow apa rule making as appropriate. So congress for example in capa said we believe it is important for children under the age of 13 to have their parents give verifiable parental consent before websites can collect their information. And then the ftc came along and did a narrow rule making and said heres how that vir feeble parental consent could be on taind. I think thats a nice balance. In terms of other authority, i think the federal trade commission should receive jurisdiction over common carriers and nonprofits. Schools and hospitals are checking very sensitive information. And i think those should be subject to ftc privacy authority, as should commercial businesses. Id love to see a rollback of the nonprofit exemption. I think as congress is creating a bill, it would be wonderful if they take into account the need to preserve incentives for competition and innovation. Privacy is important. So is competition. And so if there are ways that legislation can be crafted that will create the incentives to continue innovating American Ingenuity is an amazing thing, how do we continue to foster that . Perhaps a few areas of disgrooemt, i think we should have federal preemtion. I think consumers need to know what their rights are when they cross state lines. The internet doesnt stop at boundaries. I would support federal rules. I think we dont need more legislation in the courts. We need to provide businesses with guidance about what is and is not appropriate. One of the challenges i think in the liveprivacy arena particularly in using the Unfairness Authority has been the consumer harm standard. It sort of goes to that question of what the harms are. So thinking in terms of what legislation might do, if congress spells out some boundaries on collection, you know, youve got to have, lets say, as i pro prosed, a reasonably articulable fwasis for checking the data, boundaries on use, boundaries on the sharing, and then says violation of these is a violation of section five, does that provide you with enough authority . I think absolutely. I think thats the hope and the expectation at least on my part, that congress will provide more clarity about the rights and obligations that consumers and businesses have. Absolutely. And i think to the extent, kim, your question is, would it be a problem if the ftc had to identify particular harms in any enforcement action . I think it is a problem to have to do that with particularity, because a lot of the harm that can flow from data abuses is not immediately identifiable. It is not clear today. So take identify theft as an example. If my data is stolen today, i dont know whether it is going to be used to steal my identity or open a line of credit in my name in three years. I know it could be and thats a real harm and it could be used in various other ways. But needing to prove that link is a burden the government cant meet. Rapid and i think it would be counterproductive to set up a Regulatory Regime that is intended to protect consumers but is functionally unenforceable by the government. Shes right, we dont entirely agree about preechlgs and private right of action. I think on the latter point, one thing id say is that i have a lot of anxiety about closing access to court rooms for real people in every circumstance, but particularly where the ftc has been so systematically under funded and state attorneys general are underfunded, that unless you pair Enforcement Authority with dramatic astronomical increases in resources, theres no way youre going to capture the universe of problems. So making sure that enforcement is possible, not just in the context of what are the standards, but also who can do it and who has the resources to do it, is really important to me. And thats one of the questions we got at the oversight hearing. Would we support giving state a. G. s the authority, and i completely agree that it would be helpful. But i also hope that we get more resources. Well, i am so on the resources, you both i think have drawn comparisons to some of the Data Protection authorities overseas which ive orders of magnitude, greater numbers to bring to the problem. One of the proposals in a couple bills in congress is to create a new bureau. Lets say a bureau of Data Protection. Which would allow to you sort of combine some of the Technical Expertise of the tech nolgists across both the privacy and Data Protection issues and the competition issues. Is that something that makes sense . Or should it be parceled in the existing buckets . The first thing id say is that i think we need more tech nolgists generally. We put an economist on every case we bring. I have seen vanishingly view cases in my admittedly short tenure that wouldnt have also benefited from the eyes of a tech nolgist. I think how you do it, there are a lot of good options. The one thing i will say is i think the ftc is the right place for new authority to be located rather than having a dpa for exactly the reason you just pointed to. One of my concerns about independent dpas that deal with Data Protection is they dont have the Competition Authority and the competition lens. And i think it would be to the broader societal deficit for us to not be able to apply that lens and that thinking to the kinds of issues that were seeing in the digital space. Because i think a lot of them sound in both competition and Consumer Protection at the same time, one area that i think the ftc is working on improving and can continue to improve is having a little more cross pollination between our areas and where we have cases that implicate both areas, i know we both ask a lot of questions of the staff about how the staff on the other side see these questions. And thats just really important to have that lens to make sure that we are thinking through some of the innovation issues that are implicated in these questions. And i think a lot of it ends up being a follow the money question right in competition and privacy, where the dollars are flowing, why, how are they being used . And we can apply that analysis from both the Consumer Protection and a competition standpoint. So i would echo essentially all of what becka has said. I think in the first instance it would be it would all serve the american taxpayer and prudent enforcement to create a Different Agency to enforce privacy laws. I think the federal trade commission has been thinking about these issues for an incredibly long time. It has moved up the learning curve in terms of incredible sophistication regarding enforcement of the issues, listening to all of the different stakeholders about the interplay of the tensions and the different interests at stake and how to balance them. It has held workshops and conferences and round tables. It has issued many reports that are very insightful and helpful as we seek to enforce in a very nuanced way in a way that preserves privacy while also flourish. And so, i agree with becca that, first of all, any privacy legislation should give authority to the ftc. Second, that our Enforcement Authority on both sides of the house benefits from the interplay of the Consumer Protection issues. I was at the fordham conference a few weeks ago where heads of authorities were talking from around the world and that was a general sentiment. That each side informs the other. So, for agencies that have had or are looking forward to having both competition and Consumer Protection authority, they believe that there is a helpful reinforcement on and an alignment of missions. Finally, i would agree with becca that i am relatively agnostic about how we structure that new expertise within the agency. I think we do need more resources. When you look at the incredible growth in the economy and the essential stagnation of the number of ftes we have at the ftc, it becomes clear weve been outpaced and outmanned. And to protect Consumer Privacy and other consumer interests more resources would be useful. I want to hammer that point because something i wouldnt have appreciated and didnt appreciate until i got to the ftc is when you look from the outside at an enforcement decision you think leaves something to be desired, the part of the analysis you dont see is the staff and the commissioners grappling with the question of, well, if we pushed for more in this case, what are we giving up . What are we not doing instead . Those decisions, even if i dont ultimately agree with them at the end of the day come from the sense of, well, this is good enough and we want to let this company go. They come from a sense of, we have obligations across our mission area to protect consumers and if we put more into this case well be leaving full cases on the table in other areas. So, again, you can disagree, and i have disagreed with that decision in particular cases, but understanding that analysis really comes from hard looks at budget and employee numbers and resource management. Is something i hadnt appreciated until i was on the inside of those conversations. And i think as much its easier to judge on the outside when you dont have a window into what are the other cases you might be giving up to move forward here. One more question before we go out to the audience. You talked about competition and privacy and sort of points of overlap or of divergence between the two. What do you see as sort of the relationship, the role of privacy in competition policy and vice versa . Our colleague, noah phillips, talks about this issue a lot, too. What he tends to say is competition privacy is important but competition is really, really important. We have to think carefully about how any new privacy regime would affect competition. I think were both with him. And then he goes into, therefore, we should not have a new privacy regime. And im like, thats where you lost me. Im much closer to where christina is, we have to think about it carefully. I said earlier, follow the money, but a lot of this, to me i think advertising is the heart of both of these questions. Data collection is fundamentally about facilitating advertising. And advertising Digital Advertising markets are raising a lot of competition questions, too. I think looking at that with eyes on both sides is a valuable thing. I would love to explore that more. Maybe the audience will have more questions on that. Please, stand and wait for the microphone so that everybody here and on cnn can hear the question. So, woman on the aisle first. And then the gentleman behind her. Did you want me to stand as well . Yes, please. Thanks. Thank you, commissioners, for being here. Hopefully you can speak to given the courts recent ruling on restoring Internet Freedom order and the remand on public safety, how you are thinking about the responsibilities of Internet Service providers as it regards dns and catchings, since thats what they identified as an argument for the service classification. On a more general level and maybe becca has more specifics, but they welcome the mozilla case. We have had authority over the isp, broad bands since they began to compete in the marketplace. We have brought a number of cases that sounds in the bundle of rights and obligations that get wrapped up into Net Neutrality and to continue moving up the learning curve on this front, we a hearing on broadband issues that weve held over the last year. We issued a 6b study to collect information from isps regarding the way in which they collect and use and protect consumer information. So the ftc alone had the jurisdicti jurisdiction. It was removed under the open Internet Order and then it was restored to us. And we are back on the beat and looking forward to protecting sxurmz and preventing any Consumer Protection violations in this space. Perhaps, surprisingly, i disagree with christine. I think Net Neutrality is a really good example of where the ftcs authority and lack of aparule making imposes substantial decisions, visavis, where the ftc has been in the past and can be. I dont think weve seen the end of this particular movie and i think it will continue to play out as states learn how to grapple with these issues, perhaps Congress Considers how to grapple with these issues. But i think theyre complicated and im concerned that our ability to address problematic practices that affects consumers is not is really limited by the ftc act as opposed to more of the substantive protections that the ftc act as opposed to more substantive protections that the fcc could provide. Gentleman in the pink hurt. Im carl with com daily. When chopra testified last week he brought up issues about regulatory capture. I was skurs, do either of you have concerns about regulatory capture at the agency . I have disagreed with some of the Big Decisions weve had in the past few years, but the basis i will say very sincerely, i never thought the agency was captured by any particular company or agency. As i said, i thought there was some good faith disagreements about the right way to resolve cases. One nice thing about being a generalist agency rather than an industryspecific agency, i think it does make us less subject to capture. I think we go broad across the economy and that means we dont tend to have the same narrow focus on particular industries that other agencies get that is to our benefit and the benefit of the consumers. We should alwaysen on the lookout for regulatory capture or other capture. We should have public serve ants who serve the public. That is their first and best and only obligation. So, its something im sensitive to, but it is not just, candidly, something i have seen evidence of. Taken into act with the rule that we have and we do have sufficient flexibility to build in guardrails for new technologies as they emerge. As far as what the outcome will be, i think that will be prejudging that neither becca nor i would want to venture into. I agree with that. I do i have questions about verifiable parental consent is the only guardrail we need for children. I understand how it can be valuable. As a parent, i appreciate the concept. Im not sure that it captures a whole universe. Im very concerned for children in the Digital Divide space where children who come from families with fewer resources, who parents may be less available because theyre working 15 different jobs, i want to make sure that we are not depriving those children and community of protections that better resourced parents are able to provide their children. So i think and im not sure thats entirely captured by copa at this point. I have an open mind about the rulemaking. I think its a good example when we have Rulemaking Authority that allows us flexibility, we can make sure our rules and guidance is up to speed with technology and refresh them more frequently than the legislative process, perhaps, gets refreshed. I think we should be honest and transparent about where boundaries of our authority lie and call them out if we think theyre problematic. Thank you, commissioners for being here and im glad brookings was able to host you. I want to go back to the point that was made around vulnerable populations. In particular, im curious if the ftc is something to start thinking about online bias and discrimination and the role theyll play with emerging technologies, will the oe passty make it harder where theres levels of disparate impact. Just curious that privacy legislation is now taking on this conversation in a very meaningful way in terms of algorithmic bias, targeting marketing and emerging Technology Tools do that and amplify stereotypes and discrimination . Have you thought about that and what jurisdiction youll have over that and how youll actually make determinations of that impact. The federal trade commission has looked at these issues, particularly in its report on big data and so the ftc has long been thinking about and grappling with these issues and has brought cases where the thrust of the business conduct may be to deprive consumers of credit or the ability to get an apartment and have acted in a way that causes unfortunate outcomes. Becca may have more. Yeah, i think thats right. I think its something we need to continue to focus on because, exactly as you say, as some of these decisions become hidden behind algorithms and are more opaque, it is all the more important that we shine lights on them, uncover them where they exist and Pay Attention to them. To me, this is both about thinking about general practices and whether theyre acceptable and making sure that we prioritize our enforcement efforts to reflect an understanding that this kind of harm is real and material to real people. When i talked about data abuses at the beginning and decisions that are made for people, one of the things i was referring to, although i didnt say it explicitly at the time was biased algorithmic decisionmaking that, as christine said, can go to housing, to credit, to job applications, go to all kinds of things that make an enormous difference in access to opportunity for real people. And thats the upshot of the hud case against facebook, which is concerning. Were coming up against time. Lets take any questions that are out there remaining. I see one here on the aisle, over there. Any other takers . Going, going, gone. Lets bundle the questions and you can give any wrapup comments you want to make. Other than with respect to limited resources, can you comment on some of the Lessons Learned and the very, very slow Government Agency response to cutting out spam and robocalls . Lets have this one here, because its closer and around to this side. Thank you. When several states have already drawn up their own legislation on the privacy data, whats your expectation at the federal level which will be coming up next year . And then over here on the aisle. Thank you. Laura hoffman, american medical association. Im curious with some of the topics weve talked about today, there has been discussion about, you know, how certain types of information may be used against people and im wondering if in federal legislation you think theres value in describing certain types of information as particularly sensitive . Obviously, Health Information is considered sensitive by many. And to christines point earlier, fitbit wouldnt be covered that daut that wouldnt be covered by hipa but theres a lot more information that would be considered Health Information. Would it be helpful to the ftc to have certain types of information, such as Health Information, have additional protections or should we be thinking more about the harms and impacts that any type of information being used inappropriately would have . So commissioner wilson, commissioner slaughter, the floor is yours to respond to those and take us to the finish line. Ill start with robocalls and spam because i hate this stuff. I mean, like, it is robocalls render your phone useless. Theyre killing the technology of phones. Its infuriating. We bring cases against all the people we can reach within the law. Within the u. S. , right, theyre not hiding out in a foreign country, and thats good and important work. Im glad we do it. It is a tiny, tiny fraction of the problem. Most of the companies most of the people who are spamming your call are also criminals trying to steal your money and dont really care about the business sanction of the telemarketing sales rule. We should go after people violating the telemarketing sales rule for sure. But what i actually think has become very clear in the case of both spam, but particularly robocalls, is these are problems that demand a technological solution. And if i were the queen of the universe, i would put both the power and the onus on the carrie carriers to do that filtering. I pay for my phone. I think the responsibility, and i think its important to clarify that they have the legal capacity, that it is allowed to do better and more aggressive blocking but the onus should be on the carriers to stop a lot of that. And as becca says, weve brought weve brought many cases. Weve got, i think at latest count, 500 companies and 400 individuals, 1. 5 billion in judgments. We work with carriers to help trace back over multiple networks where the robocalls are originating, but it is very difficult to identify and to bring them to justice. Some sort of assistance from the carriers, which i think theyre working on, would be wonderful. Its fully wham amole right now. We cant even whack a fraction of them. With regard to the question from the ama representative. I do think there are certain categories of information that are that require heightened sensitivity and awareness with respect to their treatment. I think we have a number of examples already in the law, so hipa for health care, grem leech blily for Financial Data and copa for children, i think all of those are areas that should require heightened protection and awareness. I think there are others. Geolocation information, Genetic Information dh could fall within health care, and the content of communication. Cdt has a draft bill that provides a number of these areas, identifies a number of these areas. And there are other model bills out there that do the same. I think the interesting thing is you can take several pieces of data that would not standing alone be viewed as sensitive but then ago gate them and reach an incredibly sensitive result. As is the case for diapers and pregnancy test and figuring out someones pregnant and then notifying the parents through advertisements, which is problematic. So, i think, absolutely, that is something that should be addressed. The third question, i think, was about the prospects for federal privacy legislation. Ill leave that to becca who is our Residential Congress at expert. By being a congressional expert what i have learned is my ability to prognosticate what is possible is extremely limited and maybe theres a reason i dont work in congress in anymo. Heres what i will say. I think we have the necessary conditions to get a federal law. I hope they become the sufficient conditions. I think that my experience in drafting legislation is that people often come to the table and say, i know youre offering me this, but i want this. Good faith staffers and members have to say, your choice is not between this and this. Its between what im offering you and the status quo. And particularly as more states consider legislation, i think the status quo may get more or less appealing to different sides of the debate, depending on what we see in state legislation. So, reminding onesself that you dont get to have your perfect legislation. Thats not how legislating works. If you can reach something that achieves important goals and protect the principles that you care about, thats a really important thats a really important thing to do. Im hopeful well get there. I will say that i know the people who are working on this are working incredibly hard in exceptionally good faith and theyre among the smartest and brightest people i have ever had the pleasure working with. So, i have a lot of confidence the right ingredients are there and that in their hands im hopeful they will produce an excellent result. From her lips to gods ears. Absolutely. Well, good advice for stakeholders all around. This has been an informative and collegial discussion. Thank you all for being here. Please join me in thanking commissioner wilson, commissioner slaughter. [ applause ] today the Smithsonian Institution holds an installation ceremony for their new secretary, lonnie bunch. Live coverage on cspan. Cspans campaign 2020 coverage continues live today with president ial candidates in iowa and mississippi. Starting at 7 30 p. M. Eastern on cspan, the democratic president ial contenders speak at the liberty and justice celebration in des moines. Featured speakers include senator michael bennett, former Vice President joe biden, senator cory booker, governor steve bullock, mayor pete buttigieg, secretary july oncastro, representative john delaney, senator kamala harris, senator amy klobuchar, representative beto orourke, senator bernie sanders, tom steyer, au Elizabeth Warren and andrew yang. President trump holds a Campaign Rally with supporters in mississippi. Watch cspans campaign 2020 coverage live today at 7 30 p. M. Eastern on cspan and at