FTC’s New Strategic Plan: Reports of the Death of FTC Privacy Enforcement Have Been Greatly Exaggerated

By Odia Kagan on April 3, 2026

The FTC just published its Strategic Plan for FY 2026–2030. What does it actually mean for privacy compliance? Quite a lot, as it turns out. Here’s a breakdown.

Telemarketing

Still a top priority. The plan doubles down on unlawful robocalls and the Do Not Call Registry.

What to do: Button up your TCPA texting consents. Scrub your lists. Don’t share texting data you shouldn’t be sharing.

Kids

The Chairman called protecting children online “one of the most important consumer protection issues of our time.” The FTC also has new authority under the Take It Down Act.

What to do: If your COPPA compliance isn’t airtight—including cookies and trackers—now is the time to address this.

Privacy and Data Security

Listed as a standalone enforcement priority. Not just as a subset of kids or telemarketing. Its own thing.

What to do: Pick up (and pick up the pace) on your privacy compliance. Contrary to what some have been saying, the FTC is not ignoring this area.

International Companies

Think you’re under the radar because you have no U.S. presence? Think again. The FTC is ramping up cross-border cooperation with foreign regulators. They’re specifically calling out that unlawful conduct is “increasingly cross-border in scope.” Expect data sharing and coordinated enforcement between the FTC and your local regulator.

What to do: If you have downshifted U.S. privacy compliance, you may want to rethink that.

Tech-Savvy Enforcement

The Office of Technology is now a named Goal Leader for consumer protection. The FTC is literally tracking how often its Tech Lab helps identify enforcement targets. So, the agency’s ability to spot noncompliant practices is leveling up.

What to do: Plan accordingly. See above.

One More Thing

The plan restores “without unduly burdening legitimate business activity” to the FTC’s mission statement. This means that the FTC is less likely to go after technology, but just as (or more) likely to go after bad acts. (See, for example, the Rytr case.)

Bottom Line

In its strategic plan, the FTC is telling companies that privacy generally, and children’s data specifically, are points of focus for enforcement, and that it intends to do this with the help of advanced technology and international collaboration.

It seems that “reports of the death of FTC privacy enforcement have been greatly exaggerated” and the FTC is gearing up for continued enforcement in this area, even against companies that thought they were not likely targets.

menu

Privacy Compliance & Data Security