June 18, 2026, 19:41 GMT | Comment
US Federal Trade Commission Chairman Andrew Ferguson said his agency is poised for a surge in data privacy enforcement cases in the second half of this year. Speaking with MLex from his office in the agency's headquarters, Ferguson said reporters covering the FTC are going to "have a hard time keeping up with the number of cases we're gonna be bringing." Ferguson also discussed how the FTC could expand its personnel and computing capacity to take on a larger privacy enforcement role if Congress passes the proposed SECURE Data Act, which would elevate the role of the FTC in national privacy enforcement.
Compared to state privacy enforcers in places like Texas and California, the US Federal Trade Commission has hardly been a hotspot in the filing of new enforcement cases this year. But the FTC's chairman says that is about to change.
"I think in the second half of 2026, you're going to have a hard time keeping up with the number of cases we're gonna be bringing," FTC Chairman Andrew Ferguson told MLex this week.
Ferguson, who recently marked his 500th day leading the FTC, declined to discuss any current investigations in detail. But in discussing current privacy legislation before Congress, for which the FTC is providing technical assistance without taking a formal position on the bill, Ferguson said he has begun thinking about how the agency would have to grow its privacy enforcement efforts if that bill, the SECURE Data Act, were to pass.
Introduced in late April (see
here), the controversial Securing and Establishing Consumer Uniform Rights and Enforcement over Data Act would install the FTC and state attorneys general as the lead US privacy enforcers while largely preempting existing state privacy laws and blocking private class-action litigation.
Passage of the bill is anything but certain, particularly in an election year. But Ferguson told MLex that if the bill, or a bill like it, were to pass out of Congress, he would likely establish a third enforcement arm of the FTC alongside the existing Bureau of Competition and the Bureau of Consumer Protection to oversee privacy enforcement.
"As I generally understood this bill, I would probably end up creating a third bureau and move the privacy work that is currently done in BCP into a new Privacy Bureau, which would not only be to enforce this law but other privacy-related laws that we enforce today, like the many COPPA cases I brought in the last 18 months," Ferguson said, referring to enforcement of the Children's Online Privacy Protection Act. "I would move that over there as well and have a privacy-specific group."
As he did in securing an additional $10 million for enforcement of the Take It Down Act that prohibits the posting online of nonconsensual sexualized deepfake images created using artificial intelligence, Ferguson said he would be prepared to aggressively lobby Congress for funding for personnel and computer infrastructure the FTC would need to expand its privacy enforcement efforts.
"If a bill were to move, the main thing is I would be at the table being like, if the administration supports it, so do I," Ferguson said, thumping his desk for emphasis. "I need money, because I will need people, and I will need IT infrastructure to make this thing work."
Speaking in his office at FTC headquarters in Washington, Ferguson said that aggressive approach worked for the Take It Down Act. The FTC launched enforcement of the new law in May, writing to a dozen websites advising them of their obligation to comply with the law's requirement to remove such images within 48 hours of a request (see
here).
"I went to the Hill and said this bill is awesome. You want me to enforce it? I will need the resources, which I presently do not have. And Congress heard me and got it done," the chairman said. "The First Lady deserves a huge shoutout on that too, because she was echoing for Take It Down to the Hill that we want good enforcement, which means the FTC needs resources, and that's what happened."
Ferguson's comments to MLex reflect some of his most extensive public thoughts in recent months about the FTC's role in privacy enforcement, which has been dominated in 2026 by the actions of state enforcers such as
Texas Attorney General Ken Paxton. With newly filed litigation and investigations against
Netflix,
Meta Platforms, Snap,
Discord,
Roblox and other tech companies, Paxton has arguably been the most aggressive data protection enforcer in the United States this year (see
here).
Meanwhile,
California Attorney General Rob Bonta in May won a $12.75 million settlement with General Motors — the largest penalty ever under the state's comprehensive privacy law — to resolve allegations that it illegally sold drivers' personal information, including driving and location data, to data brokers (see
here).
And across the country, both Republican and Democratic attorneys general are taking on social media giants Meta Platforms,
TikTok, Snap and
YouTube over the allegedly addictive design of their platforms. Following a $375 million verdict won by the State of New Mexico in March (see
here), Tennessee's attorney general is due to take on Meta in Nashville on July 20 in the second addictive design trial brought by a state.
The FTC's privacy enforcement pace has slowed dramatically since a surge of enforcement at the end of the Biden administration, when the FTC wrapped what was arguably the most active two years of privacy enforcement in its history with a flurry of settlements against a long list of companies (see
here).
Ferguson said, however, that the FTC's low profile on privacy enforcement will soon change. About two dozen US states have now passed their own comprehensive privacy laws. But Ferguson, who served as Virginia's solicitor general from 2022 to 2024 before joining the FTC, said he believes online privacy is best handled at the federal level.
"I do think coming from a state that had its own privacy law that we enforced, it is better, all things being equal, for commerce that is so uniquely interstate — like the flow of information and consumer data — that there be a federal law that has preemptive effect, so that consumers know that their rights are the same everywhere and businesses know the obligations to which they are subject, no matter where they're conducting business," the FTC chairman said.
Please email editors@mlex.com to contact the editorial staff regarding this story, or to submit the names of lawyers and advisers.
Tags
Sections:
Data Privacy & Security, Artificial Intelligence
Industries:
Computing & Information Technology, Media & Telecommunications, Computer Networks, Social Media, Digital Economy, Electronic Commerce
Geographies:
North America, United States