With two moves, the federal government bucked its reputation for moving at a glacial pace this week. First, the Federal Trade Commission dropped a blog post stating that “Browsing and location data are sensitive. Full stop.” Second, the House of Representatives’ Committee on Energy and Commerce moved forward with two bills in response to President Biden’s executive order to protect Americans’ data from foreign adversaries. In short:

(Source: Giphy)

The FTC Puts “Mass Data Collectors” On Blast

With a blog post and its recent enforcement actions, the FTC clarified its position on browsing and location data. Location data has been a sticking point for years because it surfaces where we live, where we commute, what medical facilities we visit, and so on. And browsing data feeds consumer segmentations, sometimes with disastrous results — such as for the editor who wrote an open letter after she suffered a stillbirth and couldn’t remove herself from the ad segment of pregnant women.

The FTC is supporting its stance with action: It slapped antivirus software provider Avast with a $16.5 million fine for reselling browsing data of customers using Avast’s third-party tracking blocker. It also fined location data brokers X-Mode and InMarket for selling location data without consent. The FTC blog post argues that, while none of these instances involved personally identifiable information, the vendors’ claims of data anonymization didn’t stand up under scrutiny. The data was still problematic because it revealed sensitive insights attributable to individuals. Stay tuned for more FTC action, as it has made its stance crystal clear: “Companies must do better,” it says in the blog.

TikTok And Data Privacy Bills March Forward

A week after President Biden’s executive order, the House Committee on Energy and Commerce passed two new bills: One aims to force ByteDance to divest TikTok or otherwise face a ban in the US; the second would make it illegal for data brokers to sell or share Americans’ sensitive data (directly or indirectly) with a foreign adversary’s government. In line with the executive order, sensitive data includes precise geolocation, browsing histories, biometrics and genetic information, and private communications.

As we noted with the executive order, these actions are primarily aimed at protecting national security and preventing foreign adversaries from accessing Americans’ data for nefarious purposes. And in an election year, concerns about national security and TikTok’s ability to spread misinformation have grown more acute. The two bills sailed through the committee with no detractors. They head to the House floor next.

Marketers Must Tread Carefully

Expect broad ripple effects from the FTC’s enforcement actions and these two bills. The bills have a long journey before they’re signed into law (cue Schoolhouse Rock! if you need a refresher), but they are already raising calls for reviving the American Data Privacy and Protection Act, which has been stalled in the House for years now. The committee chair reaffirmed her commitment to “comprehensive data privacy and security legislation.”

Don’t sit back and wait to see if these bills pass. Get your data house in order now to align with not just regulators but also your customers’ expectations:

  • Inventory what data you share and with whom. Countless companies have gotten flak for sharing data with Meta, Google, and other advertising partners. But the scope of risk is broader than that; factor in agencies, partners, and tech vendors, and map out data transfers. Partner with your security and risk team — if you aren’t sure how to approach them, check out our research for best practices.
  • Examine the user experience of your privacy practices. The FTC has made clear that it’s focusing on not just consent for data collection and sharing but also the ability to opt out. This is part of a broader trend: Google was fined in 2022 for a convoluted opt-out process, which we called a new era of privacy. Burying things in privacy policies and confusing language isn’t adequate and will drive customer frustrations and complaints.
  • Reshape your customer data strategy to focus on the data you actually need. Customer data is getting harder to acquire thanks to data deprecation. Rather than try to collect as much as you can and run into privacy and compliance headaches, identify the data points that you need to deliver benefit to the business and the customer.