A recent post on this blog by our partner Elizabeth Litten was quoted in the Dissenting Statement (the “Dissent”) of FTC Commissioner Maureen K. Ohlhausen in the Matter of Nomi Technologies, Inc., Matter No. 1323251. Ms. Ohlhausen disagreed with the views of the majority of the Commissioners in the Matter because she believed that
. . . by applying a de facto strict liability deception standard absent any evidence of consumer harm, the proposed complaint and order inappropriately punishes a company that acted consistently with the FTC’s privacy goals by offering more transparency and choice than legally required.
To buttress her viewpoint, Ms. Ohlhausen quoted as follows from Elizabeth’s post, which was referenced at footnote 9:
In response to the case’s release, one legal analyst [Elizabeth Litten] advised readers that ‘giving individuals more information is not better’ and that where notice is not legally required, companies should ‘be sure the benefits of notice outweigh potential risks.’
The takeaway from the FTC decision in Nomi and the Dissent appears to be that, in setting and publishing privacy policies, an organization should carefully consider whether adopting standards in excess of legal requirements is advisable if there is a reasonable possibility that the organization may find such standards difficult or costly to attain and maintain, thereby increasing the risk of regulatory scrutiny and sanctions.