Cemre Apaydın


Privacy Policies And Prohibition Unfair Competition Of Companies Under FTC Decisions

A privacy policy is a statement in privacy law that declares a firm's, company's or website's policy on gathering and releasing information about a visitor or a consumer. A privacy policy is a legal document that explains the company's obligations and practices for meeting the GDPR1's requirements. The policy is important because it shows that what personal information will be collected and how that personal data will be processed by the company.

The privacy policy of a company is an agreement. So, if the company violates its own policy than there will be consequences, it will have sanctions accordance with the decisions made by Government. One of the most important sanctions is the decision of companies to violate the prohibition of unfair competition.

The Federal Trade Commission ("FTC") was established in 1914 by the Federal Trade Commission Act (the "Law")2. FTC under the law; It prohibits unfair competition methods, unfair acts and practices that affect trade.

When a company violates its privacy policy, FTC may specify them for an illegal trading practice. Federated states or the federal government may fine them. The FTC decides by claiming that a company that violates the privacy policy is illegal.

Whereas companies tell consumers that they will protect their personal information, FTC can apply law enforcement to ensure that companies meet these promises. FTC has initiated legal action against organizations that violate consumers' privacy rights or cannot protect security for sensitive consumer information or cause substantial consumer injury. In most of these cases, FTC accused defendants of violating Chapter 53, which prohibits unfair and deceptive acts and practices in trade. In addition to the FTC Law, FTC also enforces other federal laws regarding consumer privacy and security.4

In the United States ("the US"), states have different privacy laws, so the FTC sets them a general standard. In accordance with this standard, there are 5 basic principles that are stated as fair information practice codes that should be included in all privacy policies. The 5 basic principles are listed below.

  • Notice / Awareness
  • Selection / Confirmation
  • Access / Participation
  • Integrity / Security
  • Enforcement / Corrections

If companies' privacy policies do not comply with these standards or if they violate their policies that comply with these standards, they will face unfair competition sanctions by the FTC.

In accordance with section 5 of the Federal Trade Commission Act, FTC has the power to prevent "persons, partnerships or companies" from using "unfair competition methods in trade and with unfair or deceptive action or practices". Although this law does not authorize FTC to protect privacy directly, it is thought to ban some privacy violations based on deception in recent years. For example, if a company makes a written promise to comply with certain practices on the website or any other company literature (this written word may be defined as a privacy policy) and later violate or fail to comply with section 5 of the FTC Act. It is considered. "An unfair and deceptive practice" as defined by the FTC involves only a breach of an old written contract (such as a privacy policy). In this context, if the company violates the privacy policy published in written form, FTC may define this action as unfair competition.5

On July 24, 2019 FTC made a historic decision about violating privacy policy to Facebook. FTC imposed $5 billion penalty, that is the largest ever imposed on any company for violating consumers' privacy and almost 20 times greater than the largest privacy or data security penalty ever imposed worldwide6.

As a result, violations of companies' privacy policies can be described as unfair competition within the framework of certain criteria and standards, but penalties can be imposed on companies for this action. Privacy policies are such an agreement between companies and its own websites' consumers and visitors. The other main idea is privacy policies are made by companies, the policy is contained the company's own rules, practices and expedients. The company should not violate its own rules. If it violates, then it is fair to judge that it is making unfair competition and to impose fines because it misjudges the visitors and gets unfairly compete to other companies.


1. 2016/679 (General Data Protection Regulation)

2. https://www.ftc.gov/about-ftc

3. 15 USC § 45 (a) (2)

4. https://www.ftc.gov/news-events/media-resources/protecting-consumer-privacy/privacy-security-enforcement

5. https://epic.org/privacy/internet/ftc/Authority.html

6. https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.