While initially this action appears to be a routine deception case, it is potentially more significant for what the Commission published along with the complaint and consent order. In a departure from most prior cases, two Commissioners (Olhaussen and Wright) published statements dissenting from the decision to bring an action, prompting the Commission majority also to issue a statement of support of its decision.
The issuance of the Commissioners’ statements in this case may signal two possible trends. First, the two dissenting commissioners seem increasingly willing to express public disagreement about the policy direction some FTC actions are taking, even at a time when the Commission’s efforts in the privacy and data security space are under particular scrutiny. See, e.g., Dissenting Statements regarding the Commission’s IoT Report from Commissioner Maureen K. Ohlhausen and Commissioner Joshua D. Wright. Second, the commissioners’ decision to respond to the dissents and more fully articulate their rationale may be a direct response to criticism levied against the Commission, in cases such as in Wyndham, for relying too heavily on orders and consent decrees to communicate their expectations regarding data security standards. Hence, the Commission may now choose to take a more proactive and explicit approach to explaining the rationale behind its decisions both in the privacy and data-security space. Whether this more fulsome public discussion becomes routine remains to be seen, but it may be a wise move on the part of the Commission to take the opportunity to explain its analytical process.
As additional evidence of this enhanced guidance, the Commission technologist, Ashkan Soltani, also posted a discussion of this case and some of the concerns with the underlying technology. He noted that identifiers such as the MAC address can reveal a person’s location, where he lives and works, and places he has recently visited. In his discussion, Soltani acknowledged the potential value of gathering these IDs but also flagged the controversial and sensitive nature of the information they can convey. For more information see Privacy trade-offs in retail tracking.
With the FTC’s fall workshop on November 16, 2015 addressing cross-device tracking, there is likely to be more to come on these technologies and their uses.