FTC, FCC Differ on Privacy Enforcement
The first case involves Primus Telecommunications and a violation of the FCC's no-call rule. Primus hired Spanco Telesystems to make calls pitching international long-distance service. Primus said it had a system to prevent telemarketing calls to numbers on the no-call registry, but something went wrong. Either Primus or Spanco or both screwed up. Whatever happened, Primus deserves some credit for stopping the calls the minute it heard of the FCC investigation.
The FCC has specific statutory authority to establish rules governing unwanted telephone solicitations, and the violation was clear. The investigation, which took at least nine months, resulted in the usual consent decree, announced in September. Primus did not admit any wrongdoing, agreed not to do it again and made a "voluntary" contribution of $400,000 to the Treasury. Consumers got nothing.
Gateway eventually changed its policy to allow disclosure to "reputable companies" whose products or services consumers might find of interest. I always laugh at that incredibly misleading statement. Lists are for sale to just about anyone willing to pay the price.
Gateway sold some customer information collected under the first policy as well as information collected under the amended policy. The violation of the original policy was clear enough so that even the FTC could recognize it. In the consent decree, Gateway admitted to no wrongdoing and promised not to do it again. Gateway also agreed to give the Treasury the $4,608 it earned from renting consumers' information. Consumers got nothing.
It's time to compare and contrast these actions. I'll wait a minute for you to form your own conclusions before I offer my own.
First, the FCC took its action to enforce a rule issued under express statutory direction. It is useful for everyone to know what the rules are. The no-call rule may be full of loopholes, but it does mostly tell people what they can and can't do.
The agency with clear statutory authority and a specific rule (FCC) extracted a substantial penalty. The agency with a weak statute and no rule at all (FTC) has only a popgun, and it is afraid or unwilling to really penalize anyone.
Second, I don't know how long the FTC case took, but the FCC took at least nine months. I am going to guess that the FTC action took a long time as well. Both cases involved clear violations. How long would it take either agency to complete an investigation if the violation were not so stark? Both agencies have lots to do, and neither is likely to pursue privacy cases that promise a tough fight.
Third, I can't fully assess the FCC fine because the consent decree did not explain it. I want to know how many improper calls were made and how much business Primus received as a result of the campaign. Primus paid a substantial but not overwhelming price for its violation. Still, it was enough to have hurt, and the amount seems punitive.
This type of FTC privacy enforcement is a joke because it has no teeth. If the rare enforcement action doesn't hurt, then the deterrent effect is zilch and little has been accomplished. It's as if a bank robber's only penalty was that he had to give back the money he stole. Fourth, consumers got nothing in both cases. Consumers rarely get anything from federal administrative privacy actions. However, both agencies issued press releases patting themselves on the back.
I won't ask whether you reached the same conclusions that I did. If you made it all the way to the end of the column, you deserve a passing grade in this exam.