Client Alert: The Federal Trade Commission Intent on Regulating “Commercial Surveillance”
The ANPR poses a series of open-ended questions about the need for new privacy rules in today’s “commercial surveillance economy,” an ever-expanding commercial ecosystem on the internet where businesses monitor consumers’ online activities and collect and monetize their personal data, often using automated and algorithm-based processes.
The ANPR seeks comments on a wide range of questions, including:
- The harm of commercial surveillance activities and lax data security practices on consumers and
children; - How the FTC should balance costs and benefits in regulating commercial surveillance and data
security; - Whether the FTC should commence rulemaking on commercial surveillance and data security, and what types of requirements the FTC should impose;
- How prevalent are algorithmic errors in automated decision-making systems and how the FTC may regulate automated decision-making systems and reduce the harmful effects of algorithmic errors;
- How widespread is algorithmic discrimination in automated decision-making systems and how the FTC should address algorithmic discrimination;
- Whether consumer consent remains effective or viable as a tool in regulating companies’ commercial surveillance and data security practices;
- How to improve effective notice, transparency, and disclosure of companies’ commercial surveillance practices; Consumer remedies; and
- How any rulemaking on commercial surveillance and data security should account for changes in business advertising models and commercial surveillance practices.
The FTC opened the ANPR with the concern that consumers share “a wide range of personal information about themselves to companies,” often without realizing they are doing so, and that an “elaborate and lucrative market” enables businesses to use this information to individually target goods and services to consumers. It then seeks public comment on harms relating to lax data security standards, including identity theft, fraud, and cyber-attacks on national critical infrastructure; the potential for abusive uses of consumer data, such as to automate the targeting of fraudulent products and services to vulnerable consumers, or enable stalking, cyber bullying, and distribution of harmful material; and harms to children, including from services that collect data about and are addictive to children. Additionally, the agency asks about practices that require consumers to share their data in order to get a service or that change privacy practices in material ways after a consumer has signed up for service. Furthermore, the FTC requests information about discrimination and inaccuracy in automated decision-making systems, including the algorithms that support them. Lastly, the commission asks questions reflecting its growing interest in “dark pattern” practices or efforts to manipulate consumers into sharing personal information.
The FTC adopted the ANPR on a 3-2 vote, with Commissioners Wilson and Phillips dissenting and arguing that Congress should regulate privacy through a comprehensive federal privacy law. In late July, the US House of Representatives Committee on Energy and Commerce sent the American Data Privacy and Protection Act (“ADPPA”) to the full House for a vote. If passed by both the House and Senate, ADPPA would establish the first comprehensive federal data privacy framework. FTC Chair Khan noted that if Congress adopts a federal privacy law, the commission will re-assess the need for
trade regulation rules on commercial surveillance and data security. Commissioners Slaughter and Bedoya issued statements supporting both FTC and Congressional action on privacy.
Comments to the ANPR will be due 60 days after the ANPR is published in the Federal Register. The FTC will host a virtual Public Forum on the ANPR, including both panel discussions and a public comment session, on September 8, 2022.
The ANPR is the first step in the FTC’s process for issuing trade regulation rules under Section 18(a) (1)(B) of the Federal Trade Commission Act.[1] Based on the public record developed in response to the ANPR, the FTC will decide whether—as is expected—to publish a Notice of Proposed Rulemaking (NPRM), proposing specific rules to regulate commercial data collection and data security practices. Any NPRM would be followed by a public comment period before adoption of final rules.
The ANPR poses a series of open-ended questions about the need for new privacy rules in today’s “commercial surveillance economy,” an ever-expanding commercial ecosystem on the internet where businesses monitor consumers’ online activities and collect and monetize their personal data, often using automated and algorithm-based processes.
The ANPR seeks comments on a wide range of questions, including:
- The harm of commercial surveillance activities and lax data security practices on consumers and
children; - How the FTC should balance costs and benefits in regulating commercial surveillance and data
security; - Whether the FTC should commence rulemaking on commercial surveillance and data security, and what types of requirements the FTC should impose;
- How prevalent are algorithmic errors in automated decision-making systems and how the FTC may regulate automated decision-making systems and reduce the harmful effects of algorithmic errors;
- How widespread is algorithmic discrimination in automated decision-making systems and how the FTC should address algorithmic discrimination;
- Whether consumer consent remains effective or viable as a tool in regulating companies’ commercial surveillance and data security practices;
- How to improve effective notice, transparency, and disclosure of companies’ commercial surveillance practices; Consumer remedies; and
- How any rulemaking on commercial surveillance and data security should account for changes in business advertising models and commercial surveillance practices.
The FTC opened the ANPR with the concern that consumers share “a wide range of personal information about themselves to companies,” often without realizing they are doing so, and that an “elaborate and lucrative market” enables businesses to use this information to individually target goods and services to consumers. It then seeks public comment on harms relating to lax data security standards, including identity theft, fraud, and cyber-attacks on national critical infrastructure; the potential for abusive uses of consumer data, such as to automate the targeting of fraudulent products and services to vulnerable consumers, or enable stalking, cyber bullying, and distribution of harmful material; and harms to children, including from services that collect data about and are addictive to children. Additionally, the agency asks about practices that require consumers to share their data in order to get a service or that change privacy practices in material ways after a consumer has signed up for service. Furthermore, the FTC requests information about discrimination and inaccuracy in automated decision-making systems, including the algorithms that support them. Lastly, the commission asks questions reflecting its growing interest in “dark pattern” practices or efforts to manipulate consumers into sharing personal information.
The FTC adopted the ANPR on a 3-2 vote, with Commissioners Wilson and Phillips dissenting and arguing that Congress should regulate privacy through a comprehensive federal privacy law. In late July, the US House of Representatives Committee on Energy and Commerce sent the American Data Privacy and Protection Act (“ADPPA”) to the full House for a vote. If passed by both the House and Senate, ADPPA would establish the first comprehensive federal data privacy framework. FTC Chair Khan noted that if Congress adopts a federal privacy law, the commission will re-assess the need for
trade regulation rules on commercial surveillance and data security. Commissioners Slaughter and Bedoya issued statements supporting both FTC and Congressional action on privacy.
Comments to the ANPR will be due 60 days after the ANPR is published in the Federal Register. The FTC will host a virtual Public Forum on the ANPR, including both panel discussions and a public comment session, on September 8, 2022.
The ANPR is the first step in the FTC’s process for issuing trade regulation rules under Section 18(a) (1)(B) of the Federal Trade Commission Act.[1] Based on the public record developed in response to the ANPR, the FTC will decide whether—as is expected—to publish a Notice of Proposed Rulemaking (NPRM), proposing specific rules to regulate commercial data collection and data security practices. Any NPRM would be followed by a public comment period before adoption of final rules.
[1] 15 U.S. Code § 57a(a)(1)(B)
Footnotes
[1] 15 U.S. Code § 57a(a)(1)(B)
Related Capabilities
© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.
The ANPR poses a series of open-ended questions about the need for new privacy rules in today’s “commercial surveillance economy,” an ever-expanding commercial ecosystem on the internet where businesses monitor consumers’ online activities and collect and monetize their personal data, often using automated and algorithm-based processes.
The ANPR seeks comments on a wide range of questions, including:
- The harm of commercial surveillance activities and lax data security practices on consumers and
children; - How the FTC should balance costs and benefits in regulating commercial surveillance and data
security; - Whether the FTC should commence rulemaking on commercial surveillance and data security, and what types of requirements the FTC should impose;
- How prevalent are algorithmic errors in automated decision-making systems and how the FTC may regulate automated decision-making systems and reduce the harmful effects of algorithmic errors;
- How widespread is algorithmic discrimination in automated decision-making systems and how the FTC should address algorithmic discrimination;
- Whether consumer consent remains effective or viable as a tool in regulating companies’ commercial surveillance and data security practices;
- How to improve effective notice, transparency, and disclosure of companies’ commercial surveillance practices; Consumer remedies; and
- How any rulemaking on commercial surveillance and data security should account for changes in business advertising models and commercial surveillance practices.
The FTC opened the ANPR with the concern that consumers share “a wide range of personal information about themselves to companies,” often without realizing they are doing so, and that an “elaborate and lucrative market” enables businesses to use this information to individually target goods and services to consumers. It then seeks public comment on harms relating to lax data security standards, including identity theft, fraud, and cyber-attacks on national critical infrastructure; the potential for abusive uses of consumer data, such as to automate the targeting of fraudulent products and services to vulnerable consumers, or enable stalking, cyber bullying, and distribution of harmful material; and harms to children, including from services that collect data about and are addictive to children. Additionally, the agency asks about practices that require consumers to share their data in order to get a service or that change privacy practices in material ways after a consumer has signed up for service. Furthermore, the FTC requests information about discrimination and inaccuracy in automated decision-making systems, including the algorithms that support them. Lastly, the commission asks questions reflecting its growing interest in “dark pattern” practices or efforts to manipulate consumers into sharing personal information.
The FTC adopted the ANPR on a 3-2 vote, with Commissioners Wilson and Phillips dissenting and arguing that Congress should regulate privacy through a comprehensive federal privacy law. In late July, the US House of Representatives Committee on Energy and Commerce sent the American Data Privacy and Protection Act (“ADPPA”) to the full House for a vote. If passed by both the House and Senate, ADPPA would establish the first comprehensive federal data privacy framework. FTC Chair Khan noted that if Congress adopts a federal privacy law, the commission will re-assess the need for
trade regulation rules on commercial surveillance and data security. Commissioners Slaughter and Bedoya issued statements supporting both FTC and Congressional action on privacy.
Comments to the ANPR will be due 60 days after the ANPR is published in the Federal Register. The FTC will host a virtual Public Forum on the ANPR, including both panel discussions and a public comment session, on September 8, 2022.
The ANPR is the first step in the FTC’s process for issuing trade regulation rules under Section 18(a) (1)(B) of the Federal Trade Commission Act.[1] Based on the public record developed in response to the ANPR, the FTC will decide whether—as is expected—to publish a Notice of Proposed Rulemaking (NPRM), proposing specific rules to regulate commercial data collection and data security practices. Any NPRM would be followed by a public comment period before adoption of final rules.
The ANPR poses a series of open-ended questions about the need for new privacy rules in today’s “commercial surveillance economy,” an ever-expanding commercial ecosystem on the internet where businesses monitor consumers’ online activities and collect and monetize their personal data, often using automated and algorithm-based processes.
The ANPR seeks comments on a wide range of questions, including:
- The harm of commercial surveillance activities and lax data security practices on consumers and
children; - How the FTC should balance costs and benefits in regulating commercial surveillance and data
security; - Whether the FTC should commence rulemaking on commercial surveillance and data security, and what types of requirements the FTC should impose;
- How prevalent are algorithmic errors in automated decision-making systems and how the FTC may regulate automated decision-making systems and reduce the harmful effects of algorithmic errors;
- How widespread is algorithmic discrimination in automated decision-making systems and how the FTC should address algorithmic discrimination;
- Whether consumer consent remains effective or viable as a tool in regulating companies’ commercial surveillance and data security practices;
- How to improve effective notice, transparency, and disclosure of companies’ commercial surveillance practices; Consumer remedies; and
- How any rulemaking on commercial surveillance and data security should account for changes in business advertising models and commercial surveillance practices.
The FTC opened the ANPR with the concern that consumers share “a wide range of personal information about themselves to companies,” often without realizing they are doing so, and that an “elaborate and lucrative market” enables businesses to use this information to individually target goods and services to consumers. It then seeks public comment on harms relating to lax data security standards, including identity theft, fraud, and cyber-attacks on national critical infrastructure; the potential for abusive uses of consumer data, such as to automate the targeting of fraudulent products and services to vulnerable consumers, or enable stalking, cyber bullying, and distribution of harmful material; and harms to children, including from services that collect data about and are addictive to children. Additionally, the agency asks about practices that require consumers to share their data in order to get a service or that change privacy practices in material ways after a consumer has signed up for service. Furthermore, the FTC requests information about discrimination and inaccuracy in automated decision-making systems, including the algorithms that support them. Lastly, the commission asks questions reflecting its growing interest in “dark pattern” practices or efforts to manipulate consumers into sharing personal information.
The FTC adopted the ANPR on a 3-2 vote, with Commissioners Wilson and Phillips dissenting and arguing that Congress should regulate privacy through a comprehensive federal privacy law. In late July, the US House of Representatives Committee on Energy and Commerce sent the American Data Privacy and Protection Act (“ADPPA”) to the full House for a vote. If passed by both the House and Senate, ADPPA would establish the first comprehensive federal data privacy framework. FTC Chair Khan noted that if Congress adopts a federal privacy law, the commission will re-assess the need for
trade regulation rules on commercial surveillance and data security. Commissioners Slaughter and Bedoya issued statements supporting both FTC and Congressional action on privacy.
Comments to the ANPR will be due 60 days after the ANPR is published in the Federal Register. The FTC will host a virtual Public Forum on the ANPR, including both panel discussions and a public comment session, on September 8, 2022.
The ANPR is the first step in the FTC’s process for issuing trade regulation rules under Section 18(a) (1)(B) of the Federal Trade Commission Act.[1] Based on the public record developed in response to the ANPR, the FTC will decide whether—as is expected—to publish a Notice of Proposed Rulemaking (NPRM), proposing specific rules to regulate commercial data collection and data security practices. Any NPRM would be followed by a public comment period before adoption of final rules.
[1] 15 U.S. Code § 57a(a)(1)(B)
Footnotes
[1] 15 U.S. Code § 57a(a)(1)(B)
Related Capabilities
© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.
News and Insights
Podcasts
Partner Laurel Loomis Rimon Discusses Fintech Enforcement, Debanking, and Regulatory Risk on Fintech Layer Cake Podcast
Partner Laurel Loomis Rimon was featured on the Fintech Layer Cake podcast, where she discussed how fintech enforcement and prosecution actually work in practice, and what exposes fintechs and banks to regulatory risk.
July 15, 2026
Publications
Supreme Court Clarifies Scope of Private Rights of Action Under the Investment Company Act, Private Equity Law Report
Partners Charles Riely, Todd C. Toral, and Martin Glass authored a guest article for Private Equity Law Report examining the US Supreme Court's June 11, 2026, ruling on the scope of private rights of action under the Investment Company Act of 1940.
July 14, 2026
Publications
Emily Loeb Discusses Congressional Oversight Preparedness in Bloomberg Law
Partner Emily Loeb, co-chair of Jenner & Block's Congressional Investigations Practice, spoke with Bloomberg Law article about how companies can prepare for potential oversight exposure ahead of this fall's midterm elections.
July 7, 2026
Publications
In New York Law Journal, The True Lender Doctrine and the OppFi Decision
Partners Jeremy Creelan, Michael Ross, Megan Poetzel, and Laurel Loomis Rimon, and Associate Molly Oberstein-Allen authored an article for the New York Law Journal examining the "True Lender" doctrine in light of a May 2026 California decision that provides the most detailed judicial framework to date for evaluating bank-nonbank lending partnerships.
July 1, 2026
Event
Partner Michael Vernick to Speak at NACUA's 2026 Annual Conference
On July 1, Partner Michael Vernick will speak on a panel at the National Association of College and University Attorneys (NACUA) 2026 Annual Conference in Nashville.
July 1, 2026
