Enforcing a New Privacy Law

Who Should Hold Companies Accountable?

A push for comprehensive privacy legislation is in full force in Washington, D.C. Aside from the contents of a new law, legislators will need to decide on a key question: who should have the responsibility and power to enforce a new federal privacy standard?

The Federal Trade Commission (FTC), charged with policing unfair and deceptive business practices, is currently the primary federal agency responsible for protecting the privacy of commercial data. Additionally, the FTC enforces some specific privacy laws, including the Children’s Online Privacy Protection Act.

Congress has many options in determining the proper enforcement regime for a new privacy law. While it could leave the FTC’s authority untouched, many argue that Congress should either enhance the FTC’s enforcement powers or create a new agency—modeled after European data protection authorities—whose primary purpose would be protecting privacy. Congress could similarly empower states to take an active role in privacy enforcement, or it could strip states of their power altogether. It could also authorize individuals to bring lawsuits directly against companies through a private right of action.

Join our panel discussion for an exploration of how Congress should handle the privacy enforcement question.

Follow the conversation online using #enforceprivacy and following @OTI.

Lunch will be served.


David Medine

Former Special Counsel at the Consumer Financial Protection Bureau
Former Associate Director for Financial Practices at the Federal Trade Commission


Bob Gellman
Privacy and Information Policy Consultant

Elizabeth Banker
Vice President & Associate General Counsel, Internet Association

Yosef Getachew
Media and Democracy Program Director, Common Cause

Blake Bee
Program Counsel, Center for Consumer Protection
National Attorneys General Training & Research Institute
National Association of Attorneys General


Dylan Gilbert

Policy Fellow, Public Knowledge