Contributed by Kayla O’Connor, Middleboro, Massachusetts, 3L Roger Williams University Law School

I chose to write my privacy law paper on the FTC and its seemingly limitless enforcement authority. Specifically, I argued that the FTC’s lack of clear regulations makes it difficult, if not impossible, for companies to be sure that their data protection systems are sufficient to protect them from FTC enforcement actions and the related penalties. I likewise asserted that the FTC’s failure to promulgate such regulations could ultimately prompt some companies to abandon best data protection practices altogether, as such practices can be expensive to implement, and they still do not seem to shield businesses from unwanted FTC involvement.

I was inspired to pursue this topic after we discussed the FTC’s recent enforcement actions against Wyndham Hotels and LabMD, both of which have since contested the FTC’s enforcement authority in the areas of data and privacy protection, and have argued that the FTC’s lack of enforceable regulations infringes on companies’ right to due process. Interestingly enough, these are the first two companies to challenge the FTC in such a manner, and though it is still unclear whether they will prevail, it is my sincere hope that these two cases will at least prompt the FTC and/or the federal government to implement more structured, workable privacy regulations that companies can follow, and in doing so, can be sure that they will not be subject to FTC enforcement actions.