The future of Federal Trade Commission enforcement in the data privacy and security space was the topic of much discussion in Washington this past month. The FTC held hearings to explore key issues regarding how to incentivize good data security, while the U.S. Senate held oversight hearings focused on the FTC’s enforcement activities. Democrats in the House and the Senate, technology companies, and privacy advocates continue to propose model privacy legislation. The principal issues for lawmakers to tackle in 2019 will be whether the FTC should be the exclusive enforcer of data protection rules, what tools the FTC should have in its data protection arsenal, and what kinds of rights consumers should have in personal data.

Meanwhile, while federal legislation is unlikely to move forward in the lame duck Congress, many states continue to press forward with their privacy and data security agendas. Four new laws go into effect when the clock strikes midnight on January 1, 2019. And, the California Attorney General is moving forward with rulemaking activities to further clarify companies’ obligations under the California Consumer Protection Act (CCPA).

Further analysis regarding the FTC hearings, as well as the Senate’s FTC Oversight Hearing, Google CEO Sundar Pichai’s testimony before the House Judiciary Committee, and developments in state privacy and security legislation, are available in the December issue of the Privacy Oracle. The Oracle is a monthly, subscription-based newsletter that consolidates significant U.S. legislative and regulatory developments at the federal and state levels into a single publication. For information on subscription pricing, please contact Nancy Libin, Rachel Marmor, or Maayan Lattin.