FTC Privacy Law and Policy Now Available on Amazon, at Cambridge, and Electronically on Kindle, eBook, and Play


“Chris Hoofnagle has written the definitive book about the FTC’s involvement in privacy and security. This is a deep, thorough, erudite, clear, and insightful work – one of the very best books on privacy and security.”
Daniel J. Solove, John Marshall Harlan Research Professor of Law, George Washington University, Washington DC
“A landmark work for anyone interested in privacy or consumer protection law.”
Paul M. Schwartz, Jefferson E. Peyser Professor of Law, Berkeley Law School
“This well-written, comprehensive history of the Federal Trade Commission shows once again the primary importance the agency has played in shaping the regulatory environment of the United States. It is essential reading for anyone who deals regularly with the FTC, and is a good primer for those coming in contact with the agency for the first time. Clear, thoughtful and engaging.”
Kirstin Downey, Editor, FTC:WATCH
“A timely and insightful analysis of the FTC as a key actor in protecting information privacy. The historical context provides a solid basis for Hoofnagle’s well-supported policy recommendations.”
Priscilla M. Regan, George Mason University, Virginia
“A welcome perspective on challenges facing a great agency designed to “rein in” the American market.”
Norman I. Silber, Hofstra University, New York
“Hoofnagle masterfully distills and concentrates the major steps in the development of the FTC’s consumer protection authority…This is a serious work of historical scholarship.”
Aaron Burstein, Partner, Wilkinson Barker Knauer LLP
“This book offers a fascinating, informed exploration into the dangers of the Internet and the problems and potentials of the FTC in effectively dealing with them. It is well worth our attention.”
William L. Wilkie, Aloysius and Eleanor Nathe Professor of Marketing Strategy, University of Notre Dame, Indiana
“Chris Hoofnagle has done an enormous public service by writing a comprehensive and critical guide to the Federal Trade Commission’s consumer protection efforts, which started over a century ago in reaction to a changing economy and industrialization. Invasive new technologies and influential internet platforms make the agency more relevant than ever, but it remains a mystery to most citizens and is often maligned by business interests. Those of us who care about privacy and fairness in the digital age must pay attention to the FTC’s crucial role in information policy, and we could not ask for a better primer than this incisive and informative book.”
Astra Taylor, author of The People's Platform
“Hoofnagle makes sense of the recent challenges to the FTC’s data security authority and suggests a long-term, structural strategy for addressing information-age security risks.”
Bruce Schneier, author of Data and Goliath: The Hidden Battles to Collect your Data and Control your World
“Chris Hoofnagle, UC Berkeley, has written an excellent book about the FTC and its approach to privacy. In part, it is an institutional history… I think the book also would make a great foundational text in a seminar on consumer law.”
Katie Porter, Professor of Law, UC Irvine
“This is a detailed, clearly written guide to the FTC, with specific attention to its privacy practices but including an extensive discussion of its overall history and jurisdiction…I learned a lot, and I’m going to recount some of the highlights…”
Rebecca Tushnet, Professor of Law, Georgetown
“Chris Hoofnagle has put together an impressive, authoritative and useful treatise on the law of consumer privacy in the U.S. and the role of the Federal Trade Commission.  This book is an excellent read for all those interested in consumer privacy, and should prove to be a valuable resource for years to come.”
Dee Pridgen, Professor of Law, University of Wyoming
…Through his analysis of the role played by the courts, Congress, and the Commission itself, he illustrates the doctrines and dynamics that have contributed to shaping this agency. This makes the book a valuable tool for European privacy experts who wish to better understand the US regulatory approach to privacy protection and understand how political and social forces have affected the powers given to the Commission.
Alessandro Mantelero, Professor of Private Law and of Innovation & International Transactions Law at the Polytechnic University of Turin
…Overall, Chris Hoofnagle’s Federal Trade Commission Privacy Law and Policy is a fascinating read and a treasure trove of useful references for further research.
Bilyana Petkova, Max Weber Fellow, European University Institute
2017Friday, April 14

DOC: No Records on Privacy Shield Removal Procedure

April 14th, 2017|

Back in November, I posted the Department of Commerce’s Privacy Shield checklist. The next logical step was to request DOC’s procedures for removal of companies from the Privacy Shield (submitted Dec. 1). Today, DOC-International Trade Administration responded with a “no records” response. It is not clear to me what date the search took place, and ITA is careful to say that their search did not include non-ITA Commerce elements. I’m following up on that.

2017Saturday, April 8

On Edward Balleisen’s Fraud: An American History from Barnum to Madoff

April 8th, 2017|

“…fraud is endemic to modern capitalism,” so said Professor Edward Balleisen at a National History Center talk on his excellent, comprehensive, thoughtful Fraud: An American History from Barnum to Madoff. We need histories of consumer protection. Balleisen provides one such history, focusing on the idea of fraud—specifically those wrought by businesses against consumers and investors. The concept of “fraud” is complex, it is defined differently through disciplinary lenses, and when we think about FTC privacy and many other consumer protection efforts, we are addressing conduct that is different from Balleisen’s focus. Yet, Balleisen’s book offers lessons for consumer protection more broadly and I learned a great deal from it.

Balleisen’s observation of the policy pendulum of anti-fraud efforts is most clearly stated on page 309, and anyone involved in modern debates on the FTC will recognize it:

Forceful antifraud tactics tended to generate complaints about autocratic governance that ran roughshod over individual rights and American values, which then prompted adoption of procedural protections, which in turn limited the effectiveness of administrative remedies. Post–World War II proceduralism deepened the democratic legitimacy of antifraud regulation, but at the cost of extending the rights of accused businesses, whether in criminal or administrative contexts.

My copy of Balleisen’s book is heavily marked up. So here are two key questions answered by the book and some other reflections–

Why, despite our rich information environment and seeming greater accountability brought about by technology and institutions, do frauds still persist, largely in five basic forms (pump and dump, pyramid scheme, bait and switch, advanced fee frauds, control fraud)?

  • There are businesses committed to fraud. The proceduralism described by Balleisen allowed committed fraudsters (Holland Furnace, Fritzel Television) to slow down intervention.
  • Committed fraudsters keep a “squawk” fund to “cool of the mark” by paying the consumers who do complain.
  • Especially in areas where products/services are new and norms do not yet exist, new market entrants have more space for deception.
  • Concerns about the pace of innovation and creating breathing room for it makes tolerance for fraud a part of a dynamic economy.
  • A turn to individualism in the 1970s caused […]
2017Saturday, March 25

D-Link Updates

March 25th, 2017|

The seal has been lifted on the complaint in the D-Link case. This document highlights the previously redacted portions in yellow.

Yesterday (April 3, 2017), D-Link filed a motion to dismiss that includes the initial hearing transcript.

2016Wednesday, November 16

On Kenneth Rogoff’s The Curse of Cash

November 16th, 2016|

Professor Kenneth Rogoff’s Curse of Cash convincingly argues that we pay a high price for our commitment to cash: Over a trillion dollars of it is circulating outside of US banks, enough for every American to be holding $4,200. Eighty percent of US currency is in hundred dollar bills, yet few of us actually carry large bills around (except perhaps in the Bay Area, where the ATMs do dispense 100s…). So where is all this money? Rogoff’s careful evidence gathering points to the hands of criminals and tax evaders. Perhaps more importantly, the availability of cash makes it impossible for central banks to pursue negative interest rate policies—because we can just hoard our money as cash and have an effective zero interest rate.

What to do about this? Rogoff does not argue for a cashless economy, but rather a less cash economy. Eliminate large bills, particularly the $100 (interesting fact–$1mm in 100s weighs just 22 pounds), and then moving large amounts of value around illegally becomes much more difficult. Proxies for cash are not very good—they are illiquid, heavy, or easily detectable. And what about Bitcoin?—not as anonymous as people think. Think Rogoff’s plan is impossible? Well, India Prime Minister Modi just implemented a version of it, eliminating the 500 and 1,000 rupee notes.

As you might imagine, Rogoff’s proposal angers many privacy advocates and libertarians. His well written, well informed, and well argued book deserves more than its 2 stars on Amazon.

My critique is a bit different from the discontents on Amazon. I think Rogoff’s proposal offers a good opportunity to think through what consumer protection in payments systems might look like in a less-cash world—this is a world I think we are entering. Yet, Rogoff’s discussion shows a real lack of engagement in the payments and especially the privacy literature. For Rogoff’s proposal to be taken seriously, we need to revamp payments to address the problems of fees, cybersecurity, consumer protection, and other pathologies that electronic payments exacerbate.

The Problem of Fees

One immediately apparent problem is that as much as cash contributes to crime and tax evasion, electronic payments […]

2016Sunday, October 23

On the “Coalition for Better Ads”

October 23rd, 2016|

Behold the newest self-regulatory group, the “Coalition for Better Ads,” which claims that it will, “improve consumers’ experience with online advertising. The Coalition for Better Ads will leverage consumer insights and cross-industry expertise to develop and implement new global standards for online advertising that address consumer expectations.” How? They will:

  • Create consumer-based, data-driven standards that companies in the online advertising industry can use to improve the consumer ad experience

  • In conjunction with the IAB Tech Lab, develop and deploy technology to implement these standards

  • Encourage awareness of the standards among consumers and businesses in order to ensure wide uptake and elicit feedback

    The Coalition will draw upon consumer research in shaping the standards.

What are “better” ads? Certainly more secure ads would be welcome, in the sense that modern web advertising is not a billboard but rather code that can introduce insecurity. But what about privacy? Wouldn’t it make sense for ads to be more respectful of users privacy? How about advertisers’ use of data brokers to merge data online and off–something that NAI promised would not happen back in 2000?

These are dangerous questions to ask. So dangerous, that the fearless leaders of Facebook wouldn’t even ask them. Recall last month when Facebook announced it would circumvent ad blockers? Facebook’s Andrew Bosworth wrote:

For the past few years at Facebook we’ve worked to better understand people’s concerns with online ads. What we’ve heard is that people don’t like to see ads that are irrelevant to them or that disrupt or break their experience. People also want to have control over the kinds of ads they see.

Well, I think those conclusions are correct. Obviously no one wants disruptive ads–the emergence of the popup blocker is testimony to that. And if you are going to have advertising, you might as well have relevant ads. The elephant in the room is privacy–how did a company that tracks people on about 40% of the public web, intermediates the conversations, and tracks them physically not raise privacy issues? The answer is that Facebook didn’t ask about privacy.

Turning to the Coalition for Better Ads, it did not […]

2016Saturday, September 17

FTC PL&P Reviewed in ICON

September 17th, 2016|

I am honored and delighted to have my book reviewed by EUI’s Bilyana Petkova, who wrote in part:

…the work of Hoofnagle stands out by offering both a welcome description of the applicable law and a broad contextual framework…Chris J. Hoofnagle takes over fifteen years of experience in American consumer protection, information, and privacy law and converts them into an absorbing, in-depth institutional analysis of the agency.
Overall, Chris Hoofnagle’s Federal Trade Commission Privacy Law and Policy is a fascinating read and a treasure trove of useful references for further research.

The full cite is: Bilyana Petkova, Book Review: Federal Trade Commission Privacy Law and Policy, 14(3) Int J Constitutional Law 781–783 (2016) doi:10.1093/icon/mow053

Load More Posts