Skip to main content


On June 6, 2018, in LabMD, Inc. v. Federal Trade Commission (LabMD III), the U.S. Court of Appeals for the Eleventh Circuit vacated a Federal Trade Commission order that required a small medical laboratory to maintain a reasonable data security program following a data breach. The case presented the Eleventh Circuit with the opportunity to clarify the FTC’s data privacy and security enforcement powers under Section 5 of the FTC Act. The court, however, only addressed this issue briefly in dicta, and instead held that the order was unenforceable because it was overly-broad. This Comment argues that Eleventh Circuit’s decision introduces further confusion about the scope of the FTC’s enforcement authority and meaningfully constrains the FTC’s approach to data privacy and security remediation.


File nameDate UploadedVisibilityFile size
6 Sep 2022
430 kB



  • Subject
    • Administrative Law

    • Commercial Law

    • Consumer Protection Law

    • Privacy Law

    • Science and Technology Law

  • Journal title
    • Boston College Law Review

  • Volume
    • 60

  • Issue
    • 9

  • Pagination
    • E. Supp. II.-149

  • Date submitted

    6 September 2022