In the Bloomberg Law article “FTC’s Marriott Data Breach Order Echoes States’ Right to Delete,” partner Mauricio Uribe offered his perspective on Federal and state privacy law compliance, specifically with regard to the potential to unify data privacy principles, such as the consumer right to delete data.
The article focuses on the Federal Trade Commission’s recent draft settlement with Marriott International Inc., in which the hotel operator agreed to enact a right-to-delete policy for US customers. The settlement was based on an FTC investigation related to a series of data breaches between 2014 and 2020. In October 2024, the company released a statement confirming they will offer customers the option to submit data deletion requests.
Uribe maintained that in the case of consumer data breaches, it can be difficult for companies to determine the correct legal recourse given the lack of a unifying Federal data privacy law and variance in legislation by state. However, he said, “Given that Marriott was amenable to doing this, maybe this is a way for the FTC to somehow have the net effect of a federal mandate to incorporate this right to deletion that perhaps would’ve been otherwise impossible through the rulemaking process.”
Read the full article here.