Chapter 5: Federal and State Regulators and Enforcement of Privacy Law

The FTC, Section 5, and Jurisdictional Limits

Section 5 of the FTC Act bars unfair or deceptive acts or practices in or affecting commerce and is the single most important piece of U.S. privacy law. But the FTC's reach excludes nonprofits, banks/financial institutions, and common carriers (transport and communications).

The FTC was founded in 1914 to enforce antitrust laws, and its general consumer-protection mission came in a 1938 statutory change. It is an independent agency run by a chair and four commissioners, not under direct presidential control.

Section 5 of the FTC Act declares unlawful 'unfair or deceptive acts or practices in or affecting commerce.' Although it never mentions privacy or information security, its application to those areas is well established today.

Who falls OUTSIDE FTC reach

Because Section 5 covers practices in commerce, the FTC's powers do NOT extend to: nonprofit organizations; banks and other federally regulated financial institutions; and common carriers (transportation and communications). Expect questions that hand you one of these entities and tempt you to pick the FTC.

Key terms - quick answers

What is “Section 5 of the FTC Act”?

The provision declaring unlawful 'unfair or deceptive acts or practices in or affecting commerce' - the cornerstone of FTC privacy enforcement.

What is “Common carriers”?

Transportation and communications providers, which are outside the FTC's Section 5 jurisdiction.

← Other Federal Privacy Actors and the DOJ's Criminal Role Court Confirmation of FTC Authority: Wyndham and LabMD →