FTC Commissioner Holyoak Highlights Privacy Priorities in IAPP Keynote

IAPP’s Global Privacy Summit kicked off on April 22 with keynote remarks from Federal Trade Commission (FTC) Commissioner Melissa Holyoak, who highlighted her top priorities for privacy enforcement and the digital economy.  

The Commissioner identified several principles that drive her privacy priorities. She focused on the importance of protecting consumers while allowing innovation to flourish. She indicated that the FTC should leverage existing legal authorities, rather than “stretch” legal authorities and theories under Section 5 of the FTC Act. She also emphasized the importance of taking a flexible and balanced approach to enforcement and ensuring that the FTC understands the complex digital economy, following adequate study.

Based on these principles, Commissioner Holyoak previewed her three key priorities for privacy:

1. Creating a Predictable Regulatory and Enforcement Framework/Environment for AI: Commissioner Holyoak described the need for the FTC to gain a better understanding of artificial intelligence (AI) and how privacy regulatory efforts – especially at the state level – influence AI and competition. She described the need for a predicable regulatory and enforcement environment that addresses key consumer protection issues such as deception regarding AI capabilities and AI-powered fraud, while continuing to foster AI innovation and competition.
2. Leveraging Existing Tools to Protect Kids and Teens Online: Pulling from her prior experience as the Utah Solicitor General, Commissioner Holyoak argued that the FTC should use every tool at its disposal to protect children and teens in the digital economy. The Commissioner focused on exploring age verification technology and digital parental controls options. She also highlighted the FTC’s amendments to the COPPA rule – which take effect in June 2025 – and the agency’s upcoming workshop on the “Attention Economy.”
3. The Sale of Bulk Sensitive Personal Data to Foreign Adversaries and Malicious Actors: The Commissioner closed her remarks with a discussion of the threat of foreign adversaries’ access to Americans’ sensitive data. She honed in on the sale of precise geolocation information and highlighted two tools the FTC should leverage to address the risk: (1) enforcing the recently enacted Protecting Americans’ Data from Foreign Adversaries Act of 2024 (PADFA), which we discussed in more detail here; and (2) potentially partnering with the U.S. Department of Justice, which has implemented and enforces new rules regarding “Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons,” which we discussed in more detail here. While not discussed by the Commissioner, the FTC has not yet brought any cases under PADFA – and her remarks are a relatively high-profile signal that the FTC will prioritize PADFA investigations and enforcement, which directly impacts foreign sales of certain U.S. personal data.

***

Wiley’s Privacy, Cyber & Data Governance team is at IAPP this week. Reach out to one of the authors if you would like to connect, or if you have any questions about the FTC privacy priorities highlighted by the Commissioner’s remarks.