The enforcement options for a federal data privacy law at times are presented as a binary choice — either give people the right to sue, or maintain the status quo. Yet in reality a wide range of potential enforcement options exist, such as expanding the Federal Trade Commission’s (FTC) enforcement power or empowering state attorneys general, writes AAF’s Director of Technology and Innovation Policy Jennifer Huddleston. In a new primer, Huddleston assesses different enforcement options and their tradeoffs, and concludes that policymakers should seek an enforcement mechanism that protects consumers while not undermining the many benefits of innovation.

Her central points:

• Policymakers should seek a data privacy enforcement mechanism that allows innovation to flourish by limiting uncertainty while building on the current approach that protects consumers from measurable harm;
• There are five general categories of potential enforcement mechanisms that policymakers might consider in various data privacy proposals: 1) a continuation or expansion of enforcement by the FTC, 2) the creation of a new agency tasked with data protection, 3) enforcement by state attorneys general (typically in combination with federal enforcement), 4) a limited private right of action, and 5) a broad private right of action with monetary relief; and
• Building on the current FTC-centric regulatory approach, and perhaps supplementing it with assistance from state attorneys general (under specific guidelines), would likely prove effective, while a private right of action or a new agency could create innovation-stifling uncertainty in a number of fields and raise the costs for using such innovations.

Read the primer.