OAKLAND – California Attorney General Rob Bonta today urged the Federal Trade Commission (FTC) to adopt robust protections against commercial surveillance and data security practices that harm consumers. The California Department of Justice (DOJ) has engaged in extensive consumer privacy enforcement and has developed a deep fund of knowledge concerning commercial surveillance and data security practices through its enforcement of the California Consumer Privacy Act (CCPA), the only operative comprehensive privacy rights framework in the country, among other consumer protection laws. In a letter to the FTC, Attorney General Bonta draws on this experience to identify key areas for federal regulatory action and urges the FTC to use its regulatory authority to define and prohibit additional forms of unfair and deceptive acts and practices related to data privacy protection.
“California’s first-in-the-nation privacy law provided Californians with groundbreaking rights over their personal information – and it’s past time that consumers nationwide were provided with similar protections,” said Attorney General Bonta. “Consumers deserve to know that their data is protected and their privacy respected. I urge the FTC to look to California’s example, and establish much-needed, commonsense consumer privacy protections.”
California has long been at the forefront of consumer privacy regulation and enforcement, giving consumers more control over their data and personal information through the CCPA and requiring additional protections for patient privacy as part of the Confidentiality of Medical Information Act. Most recently, California enacted the California Age-Appropriate Design Code Act, which requires businesses to consider the best interest of child users and to default to privacy and safety settings that protect children’s mental and physical health and wellbeing. Through DOJ’s recent privacy investigations, rulemaking, and enforcement actions, such as settlements with Sephora and Glow, DOJ has developed unique insights into commercial surveillance and data security.
In today’s letter, the Attorney General draws on this experience to recommend that the FTC promulgate regulations that establish critical privacy protections, including:
A copy of the comment letter can be found here.