Internet of Things Report: The FTC Overstepped its Agency Rulemaking Authority

  • Magdalena Gathani


In January 2015, the Federal Trade Commission (“FTC” or “Commission” or “agency”) issued a series of best practices on a very novel phenomenon, the Internet of Things (“IoT”). For example, the Commission informed companies that they should implement “security by design” by building security into their products at the outset as companies design their products. (Federal Trade Commission, 2015). The Commission also pronounced that companies should delete data after the data served its purpose in order to mitigate the harm associate with a data breach. Similar best practices span across various industries and businesses that the FTC regulates. (Federal Trade Commission, 2015). The FTC is not the only government agency that has been engaging in this new approach to rulemaking. In fact, “regulation through best practices has increased sevenfold in the past ten years in the federal government alone, touching every aspect of administrative law”.