As the U.S. Federal Trade Commission is settling into its new regime under Chair Andrew Ferguson, concrete details about how the agency will balance digital regulation and innovation are emerging.
At the opening general session of the IAPP Global Privacy Summit 2025, U.S. Federal Trade Commissioner Melissa Holyoak sought to paint a clearer picture of the agency's priorities moving forward. She said the advancement of technology fueled by the use of consumer data can ensure users have more personalized experiences, however, those practices lead to increased challenges for regulators.
Notably, Holyoak also emphasized the need for enforcement against organizations that sell the sensitive data of Americans to foreign adversaries and that the agency plans to work closely with the U.S. Department of Justice to enforce its new rule preventing the transfer of sensitive data to countries of concern.
Holyoak added that the FTC's leadership under Ferguson "will take a more balanced approach" to data privacy matters. While the FTC will continue its efforts to advance privacy enforcement, the agency will also aim to promote innovative technology.
"The commission must balance the risks and harms of data misuse against the benefits to consumers and competition," Holyoak said. "Striking this balance correctly is essential, not only to protect consumers' privacy interests, but also to promote competition and foster a predictable regulatory environment that fosters growth and innovation."
FTC priorities
Among the top items on the FTC's agenda is carrying out a philosophical shift in its enforcement stance.
Holyoak said the agency should continue to use its enforcement powers to "protect American sensitive personal data from being sold in bulk to foreign adversaries in malicious sectors." She warned data sold to foreign adversaries poses a threat to national security along with the privacy of consumers.
The FTC could work to combat these threats through its existing regulations while also potentially partnering with the DOJ through the department's recent rule restricting sensitive personal data transfers to foreign adversaries.
According to Holyoak, the Commission could potentially protect the sale of consumers sensitive identifiable information using theProtecting Americans' Data from Foreign Adversaries Act, banning companies from "selling, licensing, transferring, disclosing, or providing access to American sensitive personal data that they do not collect directly to entities controlled by foreign adversaries," said Holyoak.
Holyoak said the agency must also focus on protecting privacy with existing regulations passed by U.S. Congress, including the Children's Online Privacy Protection Act, and "avoid stretching" legal authorities under Section 5 of the FTC Act.
Children's privacy
The FTC recently published its final amendments to its COPPA Rule, adding provisions to further protect minors online.
The updates raise new requirements for online services with a wide variety of users, where the targeted audience or content is not necessarily aimed at children. Organizations with mixed audiences must enlist safeguards, verifying users' age to ensure the personal information of individuals under 13 years old is not collected and processed.
The amendments also require organizations to obtain parental consent disclosures for children's personal information, highlighting the FTC's efforts to provide parents with the resources to protect children's data, and control what data companies can collect.
Holyoak said the amendments aim to ensure parents have "meaningful choices to protect their children, not mere fig leaves to insulate the operator from liability for design choices that expose kids to sexual predators, obscene content, violence or other such harms."
In addition to the COPPA rule update, Holyoak said the FTC should continue its efforts to protect children's privacy by considering organizational obligations for age verification systems. She proposed the introduction of age verification framework similar to Utah's App Store Accountability Act, which requires app stores to obtain parental consent and verify that users are over age 18 before they can download specific content.
Holyoak said it is crucial the FTC continues "this important work and that we use all available statutory tools to protect children and teens."
AI enforcement
U.S. intentions to support digital innovation align with the goal to lead the global artificial intelligence landscape. The FTC has a role to play in achieving that leadership, according to Holyoak. She said the agency "will promote AI growth and innovation, not hammer it with misguided enforcement actions or excessive regulation."
"But we must also study the issues surrounding the development of AI, the emerging risk to consumers and evolving AI markets," she added.
Concerns around AI developers' use of vast amounts of data to train AI will be a focus for the agency. In addition to analyzing data use, the FTC aims to determine how AI technology and data consent options impact companies' ability to compete in the digital market.
Holyoak said the FTC will continue to allow companies to grow within the digital economy while ensuring consumers' information remains safeguarded "by taking a flexible, risk-based approach to privacy enforcement that balances potential privacy harms, consumer expectations, legal obligations, business needs and competition."
Lexie White is a staff writer for the IAPP
