Top Intel Privacy Lawyer Says FTC Needs More Enforcement Power

Intel's associate general counsel and global privacy officer David Hoffman said at a Federal Trade Commission hearing on Wednesday that the agency needs to expand in order to enforce forthcoming data privacy laws.

April 10, 2019 at 02:35 PM

4 minute read

By Dan Clark

The original version of this story was published on Corporate Counsel

In a continued effort to push federal legislation governing data privacy, Intel associate general counsel and global privacy officer David Hoffman testified Wednesday before the Federal Trade Commission saying the organization does not have the resources to adequately enforce any forthcoming data privacy laws.

The FTC has been doing a series of hearings to look at the state of information privacy. The agency invited Hoffman because of his role in crafting draft legislation and sparking a discussion on what should go into any kind of federal data privacy law.

“I was honored to receive the invitation to testify,” Hoffman said ahead of his testimony. “What I really want to communicate is that the FTC doesn't have the adequate authority, resources or ability to have an enforcement focus to do the job that needs to be done right now.”

In his testimony, he said the agency is “hamstrung” by its inability to engage in Administrative Procedure Act rulemaking, which would offer it an avenue to “implement agile, flexible and clear rules to guide businesses as they innovate.”

Hoffman said he would like the FTC to be the agency given the enforcement power of any kind of data privacy law that is passed. He said one idea he would support is to take enforcement out of the FTC's bureau of consumer protection and then create a new bureau for data privacy.

Whatever bill does become law, Hoffman said, it should supersede state laws on data protection like the California Consumer Privacy Act, which will begin to take effect in 2020. Hoffman said innovation will be stifled if companies have to comply with 50 different state laws.

“It's the lack of harmonization and clarity of what is going to be imposed when you have 50 different states that are going to put their own requirements in place,” Hoffman said. “It doesn't make any sense on how organizations are going to know what processes to implement.”

Hoffman said he planned on telling the FTC that self-regulation has also been proven to not work. He said in self-regulatory situations the codes of conduct created do not have robust enough requirements to prevent the kinds of harm consumers face.

“We always thought there was such great promise in self-regulatory seal programs where people could look for the seal and know their privacy is protected there,” Hoffman explained. “It turns out privacy is much more complicated and the seal program could never really be effective.”

Right now, several bills have been introduced seeking to give the federal government authority to create rules and punish companies. Sen. Marco Rubio, R-Florida, introduced legislation earlier this year addressing the matter. His bill, the American Data Dissemination Act, would allow the FTC to come up with rules that govern how companies handle data. Sen. Ron Wyden, D-Oregon, has also introduced two bills to give the federal government authority over how data is collected and disseminated by corporations.

Despite political divisiveness, Hoffman said he believes there will be a bill passed on data privacy that will give the FTC the teeth to enforce it.

“I think it's highly likely that we will see a bill passed by the end of 2020 that will do that,” Hoffman said.