Alleging that the recent Twitter shake-up / melt-down may be diminishing security and allowing disinformation to flourish, a group of Senators asked the FTC in mid-November to investigate the company. The FTC and Twitter remain parties to a 2011 consent decree relating to Twitter security practices. This gives the federal watchdog a degree of oversight authority in matters that fall within the bounds of the consent decree.
WHY IT MATTERS
Most companies will not undergo a high-profile buyout by a billionaire with contrarian ideas about speech, platforms, security, or finance who proceeds to light up social and mainstream media with his drastic corporate changes. There are, however, still lessons any company can draw from this:
- Absent a federal privacy law, the FTC remains the closest thing the US has to a national privacy enforcer.
- Even without a federal law, the FTC appears increasingly willing to review privacy and security matters, and Congress seems increasingly ready to call upon the FTC. These actions require the FTC to review privacy missteps under the rubric of "unfair or deceptive trade practices," which is an incredibly broad standard to apply to an area that has so few actual rules.
- The FTC's pattern has been to go after companies that violate their own public statements (privacy policies, for example) and prior consent decrees. It pays to be careful about how you describe your company's approach to privacy and security.
- Many states have their own privacy or unfair trade practices laws that could also be used to investigate allegations that a company is lax or deceptive about privacy or security matters.