San Diego Law Review


Andrew Serwin

Document Type



This Article examines the history of privacy enforcement by the Federal Trade Commission (FTC), including the FTC’s jurisdiction under section 5, and its privacy enforcement matters, as well as the FTC’s recently issued report, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers, in which the FTC examines past enforcement models, noting their failings. In light of the FTC’s examination of past enforcement models, this Article then analyzes these models, including the accountability-centric model that has previously been utilized in the United States, as well as the FTC’s proposed solution to the privacy problems of the Web 2.0 World—the adoption of best practices, including a “privacy-by-design” framework. This Article then argues that the method to achieve the FTC’s goal of voluntary adoption of best practices is to focus on proportional protection for data based upon the sensitivity of the data in question and to create a “safe harbor” from enforcement for businesses that choose to adopt the framework. This proposed framework could be linked in a meaningful way to existing European Union (EU) processes, such as Binding Corporate Rules or the existing EU Safe Harbor program. By combining these elements, the FTC can achieve meaningful and focused self-regulation and provide appropriate protection to consumers, while giving businesses an incentive to adopt best practices and also increasing the level of international cooperation regarding privacy.