U.S. Federal Trade Commission Chairman Jon Leibowitz announced on Monday that David C. Vladeck, director of the FTC’s Bureau of Consumer Protection, is leaving the Commission on December 31, 2012 to return to the Georgetown University Law Center.
The news did not come as a surprise — Vladeck had been on leave from Georgetown since 2009. But it does mark a significant milestone in the Commission’s consumer protection work, especially in the area of information privacy and security.
Vladeck came to the Commission from Georgetown, where he co-directed the law school’s Institute for Public Representation. Before that, he had spent nearly 30 years with the nonprofit Public Citizen Litigation Group, including 10 years as its director.
He arrived at the Commission saying that he was not afraid to litigate. That has certainly proved true. During Vladeck’s tenure, the Commission brought numerous information privacy and security cases, including high-profile enforcement actions against Sears, Facebook and MySpace.
The Commission also is currently in litigation with Wyndham Worldwide Corp. in the U.S. District Court for the District of Arizona, in a case that promises to test the Commission’s Section 5 authority as it applies to information security practices. This case is the first in more than a decade of FTC privacy and security actions to go to court, and is likely to have a significant impact on the Commission’s Section 5 enforcement authority in the future.
Despite Vladeck’s background in litigation and his willingness to engage in aggressive enforcement, his most lasting legacy may be built on two other significant contributions: the modernization of information policy at the FTC and heightened engagement of the United States with European and other national regulators.
Under Vladeck, the Bureau of Consumer Protection led a multi-year initiative, including three wide-ranging workshops and two reports, to create a comprehensive framework for protecting privacy. The final report, “Protecting Consumer Privacy in an Era of Rapid Change”, issued by the Commission in March 2012, stressed practical steps for moving beyond over-reliance on notice and choice (while also containing recommendations to make consumer choice easier and simpler) by making privacy protection more substantive and better integrated into products and services.
Vladeck’s bureau has also hosted workshops on a wide variety of subjects. Many focused on online privacy and, the Commission adopted new rules protecting children’s privacy.
On the international front, Vladeck was instrumental in launching the Global Privacy Enforcement Network (GPEN), a network of privacy enforcement authorities from 11 countries that promotes information sharing and international assistance in enforcement of privacy laws.
In October 2010, the 32nd International Conference of Data Protection and Privacy Commissioners in Jerusalem determined that the FTC had the requisite authority and independence to qualify for membership. The decision has been a long time coming. Just one year earlier, the U.S. application had been rejected at the international conference in Madrid. The commissioners in Jerusalem cited a number of reasons for their change of heart, including the sustained engagement of Vladeck.
The significant developments in privacy and security enforcement, policy and international engagement brought about during Vladeck’s tenure at the FTC are likely to prove a lasting legacy given the importance of these issues for the commissioners (particularly Commissioners Julie Brill and Maureen Ohlhausen, Vladeck’s colleagues in the Bureau of Consumer Protection), industry, privacy advocates, and the public.