On June 6, 2018, in LabMD, Inc. v. Federal Trade Commission (LabMD III), the U.S. Court of Appeals for the Eleventh Circuit vacated a Federal Trade Commission order that required a small medical laboratory to maintain a reasonable data security program following a data breach. The case presented the Eleventh Circuit with the opportunity to clarify the FTC’s data privacy and security enforcement powers under Section 5 of the FTC Act. The court, however, only addressed this issue briefly in dicta, and instead held that the order was unenforceable because it was overly-broad. This Comment argues that Eleventh Circuit’s decision introduces further confusion about the scope of the FTC’s enforcement authority and meaningfully constrains the FTC’s approach to data privacy and security remediation.
Julia Whall, Policing Cyberspace: The Uncertain Future of Data Privacy and Security Enforcement in the Wake of LabMD, 60 B.C.L. Rev. E. Supp. II.-149 (2019), https://lawdigitalcommons.bc.edu/bclr/vol60/iss9/12