Privacy & Information Security Law Blog

The Federal Trade Commission (“FTC”) recently announced that the agency had sent letters to more than a dozen technology companies, including those providing cloud computing, data security, social media, messaging apps and other online services. The letters remind companies of their obligation to protect American consumer data despite pressure from foreign governments to weaken data privacy and security protections. The letters also warn that companies may violate the FTC Act if they censor American consumers based on the requests of foreign powers.

The letters remind companies that they are required to comply with the FTC Act’s prohibition against unfair and deceptive practices despite pressure to comply with foreign laws and demands. The letters provide the following examples of how companies may engage in deceptive or unfair practices in violation of the FTC Act in seeking to comply with the laws or demands of a foreign government:

• If a company promises consumers that it encrypts or otherwise keeps secure online communications but adopts weaker security due to the actions of a foreign government.
• If a company fails to prominently disclose that the company adopted weaker security measures due to the actions of a foreign government, which may constitute an omission of material information.
• If a company weakens the security of Americans’ communications to placate foreign powers that do not have Americans’ best interests at heart and that might seek to surveil or otherwise hurt Americans.

FTC Chairman Andrew Ferguson wrote that he is “concerned that these actions by foreign powers to impose censorship and weaken end-to-end encryption will erode Americans’ freedoms and subject them to myriad harms, such as surveillance by foreign governments and an increased risk of identity theft and fraud.”