A view from DC: The FTC's next priorities

It has been more than 100 days since U.S. President Donald Trump's day-one designation of Andrew Ferguson to lead the Federal Trade Commission.

With a primary focus across the administration on downsizing and restructuring federal agencies, there have been few substantive data points so far about the new chairman's priorities on privacy. But Ferguson's public statements since taking the helm provide the beginnings of a roadmap.

Most notably, the chairman appeared yesterday on behalf of the agency before the Committee on Appropriations of the U.S. House of Representatives for a budget oversight hearing. There, he gave testimony on the FTC's competition and consumer protection priorities and, as he put it, "how we are restoring the agency's financial health and public credibility."

In his written statement, Ferguson covers in great depth the usual terrain of the agency's operations. Most of what is conveyed has been previously apparent in his extensive writings during his time on the Commission, but the testimony brings it all together and reveals, in its depth of analysis, the relative priorities of areas from privacy to AI enforcement to platform content moderation policies.

The written statement is also a relatively meaningful document because it represents the official views of the FTC, whereas other testimony, speeches, or written statements of Chairman Ferguson represent only his one viewpoint.

An even leaner FTC

In stark contrast to the usual beseeching tone of FTC chairs requesting money from Congress, Ferguson's testimony presented a confidence in his ability to pursue the FTC's priorities at any funding level. As chairs usually do, he boasted of the ability of the agency to punch above its weight, providing "remarkable value to the American public for relatively little cost."

Though recognizing the need for "adequate staffing" to properly pursue the FTC's joint missions, and the need for investment to pursue new enforcement priorities like those that would be created under the Take It Down Act, Ferguson also expressed his unconditional support for the president's deregulatory agenda. Specifically, he wrote, "The FTC is committed to maintaining a workforce that can deliver for the American people and carry out its mission while reducing the size of the agency in line with the President's vision."

The written testimony goes on to provide hard numbers on agency staffing, including revealing that the FTC has already reduced staffing to 1,221 full-time employees, a reduction of 94 personnel so far. Ferguson made clear that this is just the beginning. As he put it, "We anticipate reducing to a Full-Time Employee level that will be the lowest it has been in 10 years by using the Voluntary Early Retirement Act, the Voluntary Separation Incentive Program, and the Deferred Resignation Program, as well as potentially through a targeted Reduction in Force, if necessary."

In his oral testimony, Ferguson provided a ballpark goal of 1,100 personnel for the agency moving forward, which would represent a 15% reduction from prior levels. He also reiterated his hope that this number would be reached without resorting to the government's "reduction in force" layoff mechanism.

Emphasizing traditional consumer protection concerns

The FTC's mandate to fight fraud and other egregiously deceptive practices receives the greatest amount of attention in the oversight testimony. Ferguson spends more than four pages of the document reviewing the FTC's efforts to fight robocalls, combat fraud targeting older Americans, protect service members and veterans and halt deceptive billing and cancellation practices.

Three more pages review efforts to prevent financial misconduct and fight opioid recovery fraud and "other health-related misconduct," though without reference in either section to financial- or health-related privacy matters. On the other hand, Ferguson did express a strong interest in genetic privacy in his recent letter on the potential impact to consumers of the pending 23andMe bankruptcy.

The testimony turns to AI under a section titled "empowering innovation and addressing fraud in new fields." Here, the document echoes the public statements of Ferguson and other commissioners in promising a hands-off approach to AI governance, while continuing to reign in fraud and deceptive marketing claims about AI products.

On the fraud side, Ferguson highlights recent enforcement against get-rich-quick schemes that happened to be based around AI-powered products. Beyond this, the document cites the deceptive claims about "the world's first robot lawyer" in the DoNotPay settlement and the allegedly wildly deceptive marketing claims about detecting generative AI text in the recent Workado enforcement.

Ferguson's FTC makes clear it will continue to pursue similar matters around AI, even as it allows room for the emerging technology to deliver "significant opportunities for consumers, workers, and our economy."

Unlawful data security and privacy practices

Though data security and privacy receive their own section in the written testimony, there is a notable difference in how these areas of FTC enforcement are presented, and the section receives less than two-and-a-half pages of coverage.

Rather than starting with the FTC's bread-and-butter Section 5 enforcement accomplishments, which represent the majority of the agency's actions in privacy, the testimony is clear to focus on "unlawful" activities — by which it mostly seems to indicate business practices that violate explicit privacy laws and regulations such as the Children’s Online Privacy Protection Act or the Gramm-Leach-Bliley Act's Privacy Rule and Safeguards Rule.

Almost as an aside, the document mentions the FTC's Section 5 authority as "another privacy and data security enforcement tool," while immediately dropping a footnote that reads, "The Commission supports congressional efforts to create baseline privacy legislation that protects Americans online."

In contrast to the footnote-heavy approach in the rest of the document — the Ranking Member of the oversight committee, Steny Hoyer, D-Md., referred to it as "footnoted more than any other statement I've read as an opening statement" — the testimony does not cite to any example cases for general consumer privacy matters, even when generally reminding Congress of these activities.

Instead, these accomplishments are quickly summarized in a manner that reiterates the Chairman's stated goal of returning to the foundations of privacy enforcement, highlighting deception and using the phrase "substantial injury" rather than unfairness. "Where companies have misrepresented their data collection and use practices to consumers, or where data practices have caused substantial injury to consumers, the Commission has brought law enforcement actions." Substantial injury is one of the requirements of an unfairness charge, but it is also the most instrumental factor in most of Ferguson's disagreement with certain charges brought in recent privacy cases, such as the slate of 2024 location privacy matters.

Kids and teens at the forefront

In a return to footnotes, the privacy section of the written testimony is dominated by an overview of the agency's work to protect children and teens.

Though it mostly focuses on COPPA enforcement, calling it "some of the Commission's most valuable work," the continued emphasis on teens is notable, given that the FTC must rely on general Section 5 authority to focus on the privacy risks faced by users from 13 to 17 years old.

After reviewing recent relevant actions, the testimony reiterates that "protecting children and teens online is similarly of paramount importance to the Trump-Vance FTC."

The section closes by stating that the "Commission is also dedicated to exploring other ways the FTC can protect children and support families." It cites the twice-delayed workshop on the attention economy scheduled for 4 June, promising that invited experts will discuss, "concrete solutions to protect kids online, including age verification and parental consent requirements."

The other FTC commissioners

The FTC chair sets the agenda of the agency and has significant discretion when it comes to its day-to-day administration, but the FTC is structured to be led by five commissioners. Any major decision requires the approval of a majority of the sitting commissioners. With that in mind, the views of the other commissioners also have some bearing on the priorities of the FTC in the coming years.

Seated behind Ferguson during the hearing was Mark Meador, the newest appointed commissioner. Meador comes from a competition background. His public statements on privacy — and even consumer protection more broadly — have been relatively sparse, though he was questioned about privacy issues during his confirmation hearing, at one point mentioning that protecting the online privacy of children and teens is one of his "most important missions."

For her part, Commissioner Melissa Holyoak, the third Republican leading the agency, agrees that continuing to protect the privacy of children and teens is paramount. She highlighted this and other priorities in her keynote address at IAPP's 2025 Global Privacy Summit. Her speech, which you can view in its entirety on the IAPP site, also ran the gamut of other FTC privacy issues, showing continued interest in a "flexible, risk-based approach" to privacy enforcement, even as she highlighted the new more hands-off approach to AI technologies.

The FTC currently hosts only three out of its usual five commissioners after the president fired the two remaining Democratic commissioners in a move that is subject to an ongoing legal battle. Alvaro Bedoya and Rebecca Slaughter also appeared at the IAPP Summit this year, interviewed on a panel hosted by The Verge podcaster Nilay Patel. They discussed the lawsuit at length, their views on the proper role of an independent FTC, and the future of accountability for Big Tech. The IAPP has posted a video of the full discussion, or you can listen to the episode of Decoder.

Please send feedback, updates and tea leaves to cobun@iapp.org.

Cobun Zweifel-Keegan, CIPP/US, CIPM, is the managing director, Washington, D.C., for the IAPP.