She may only be a freshman U.S. Senator, but she is directly challenging the Federal Trade Commission (FTC).

On July 9, she asked FTC Chairwoman Edith Ramirez (one of the top 10 government players in consumer privacy in 2014) a series of piercing questions about an FTC complaint against Amazon. The agency formally launched a lawsuit against Amazon the next day for charging parents for app purchases made by their children without consent. Similar legal action against Google remains up in the air.

While Fischer’s letter may have forced the FTC’s hand in the timing of its suit, her most important questions involve one particular way that the agency compels companies to settle privacy and data security disagreements: long-term consent decrees.

In the tech sector, Fischer said, "companies from start-ups to established industry leaders operate in a fast-moving and competitive environment that requires significant investment." She warned that enforcement actions when a market is in a “nascent stage would constitute a de facto tax on innovation that threatens future growth and opportunity.”

Further, Fischer worries “that pressuring companies into sweeping, multi-decade consent orders reflects an attempt by the Commission to gain by enforcement what has been withheld by Congress - namely, unchecked regulatory control over the technology sector."

The FTC already has broad authority over much of the American economy. Most importantly, the agency exercises authority over consumer privacy and data security under Section 5(a) of the FTC Act, which declared “unfair or deceptive acts or practices in or affecting commerce” to be “unlawful.” (15 U.S.C. Sec. 45(a)(1)). That authority includes the survey, opinion and marketing research profession (as demonstrated last year in an FTC settlement with research company Compete), which is why MRA ranked the FTC as the top legal concern for survey, opinion and marketing researchers in 2014.

Fischer asked specifically:

  • "What aspects of Amazon's current policies or practices have convinced the Commission that twenty years of extra-statutory oversight and control over the company is necessary?" And,
  • "How does the Commission exercise its authority during a typical twenty-year consent order?"

Can marketplaces change dramatically over the course of 20 years? To answer that, think about how many research companies 20 years ago sampled cell phone users, ran online panels, conducted social media research, or used location data analytics. Twenty years ago, there was barely any commercial Internet worth mentioning. Now, it is the focus of the market.

Would a consent decree limiting your company’s research practices and requiring FTC approval for alterations potentially hinder your company’s growth and adaption? Would your company be able to effectively and efficiently offer new products and services to your clients (internal or external) if a regulatory agency held veto power?

Twenty years is longer than most companies will be in business. Could a lengthy consent decree with the FTC further shorten the average company’s lifespan?

MRA generally agrees with Sen. Fischer that "it is critically important that the FTC focus its priorities on resolving actual, concrete harms to consumers." We look forward to further discussion between the senator and the agency on the issue of their consent decrees, which may help answer some of her (and our) questions.

Sen. Fischer also weighed in on data security legislation back on January 8:

"We must take great care, though, not to make the problem worse. Smart policy that results from an open, collaborative process with input from businesses, consumers, and security experts is the answer – not fresh reams of red tape. We should seek to streamline our data security laws to provide clarity and consistency."