Section 5 of the Federal Trade Commission (FTC) Act codifies the FTC’s broad authority to police “unfair or deceptive acts or practices in or affecting commerce.”¹  Using this authority, the FTC has emerged as the chief enforcer of consumer privacy in the United States.

The FTC has used its authority to address “deceptive” representations, omissions, or practices that are likely to mislead consumers, such as if a company misstates its privacy practices or security measures in its privacy policy.  The FTC also has used its authority to address “unfair” privacy and cybersecurity practices, though enforcement actions under Section 5’s “unfair” prong require a more fact-specific analysis and the FTC’s efforts on this front have faced significant challenges.²

¹ 15 USC § 45.

² See, e.g., LabMD, Inc. v. FTC, No. 16-16270 (11th Cir. 2018).