"Data is the lifeblood of a lot of innovation now," conceded Terrell McSweeny, commissioner at the Federal Trade Commission (FTC), as she called for a more important conversation about "data ethics by design": planning to protect consumer privacy before data is collected and before any analytics are even considered.

Speaking today at the U.S. Chamber of Commerce on the future of consumer privacy and data security, McSweeney touched on self-regulation, Big Data, and next steps for the new U.S.-EU data sharing accord (the Privacy Shield). She observed that, while lots of government conversations about Big Data analytics and the Internet of Things are about their benefits, the FTC's responsibility is to look at the potential detriment and risks. Such risks include discrimination using Big Data analytics, and gaps in the law to deal with it, "especially if" the subjects of that date "are in a protected class," like women or minorities. The biggest grey area she identified was the extent to which such discrimination might be happening because of the types of tools being used to segment individuals.

"The FTC is primarily an enforcement entity, not a regulator," and, is not "trying to write a set of broad regulations around a sector." For 25 years, over more than 100 cases, McSweeny said the FTC has promoted consumer privacy and security through smartly targeting unfair or deceptive acts or practices -- violations of Section 5 of the FTC Act. However, America hasn't yet "achieved perfect protection" for consumers just yet. That is why the commissioner thinks that consumers would be better off with a comprehensive data security and privacy law. There are a wide range of technologies and practices, but consumers, she said, need basic standards. Of course, "the devil is in the details," as MRA has also pointed out in past debates over comprehensive data privacy legislation. McSweeny said that security standards may look different between smart toasters and advanced cars, so good strong self regulation is an important part of the consumer protection equation, too, at least in the meantime.

McSweeny also discussed the newly announced U.S.-EU Privacy Shield, the trans-Atlantic commercial data sharing agreement designed to replace the defunct Safe Harbor. The FTC has had to defer to the Department of Commerce as the lead negotiator, but the FTC has been involved, making the case to Europeans about "how seriously the FTC takes the agency's responsibility." The American "alphabet soup" of sectoral privacy laws can be confusing to foreigners, the commissioner said. The FTC will be involved in the last phase of securing Privacy Shield to make the case for FTC's enforcement role and history of success.

Asked by a member of the audience about any particular industries that the commissioner thought others could learn from in the privacy and security space, she replied that "I like to work with hackers... but I prefer to call them security researchers."