Who Should Enforce Privacy Protections?

The Federal Trade Commission’s $5 billion settlement with Facebook over the company’s deceptive privacy practices made a big splash, raising questions about the role the FTC should play in enforcing US privacy laws. While some observers criticized the FTC for not going far enough, others felt the record fine demonstrated the FTC’s willingness to set new precedents for punitive actions—and its unique ability to serve as the cop on the beat. But that isn’t the end of the conversation. As Congress drafts legislation to protect individuals’ privacy, it should also consider how it wants those privacy protections enforced. While the FTC has long safeguarded privacy through various federal laws on specific issues, such as children’s privacy and credit information—as well as its Section 5 authority over unfair and deceptive practices—legislators have other avenues for protecting privacy. Some of these possible enforcement mechanisms were discussed at a recent event hosted by New America’s Open Technology Institute.