FTC Cautions Companies on Risks of Complying With EU and UK Data Rules

The Federal Trade Commission (FTC) has issued a formal warning to major American technology companies, reminding them of their obligations to protect U.S. consumers’ privacy and security, even as foreign governments push for weaker safeguards. FTC Chairman Andrew Ferguson expressed concerns that pressure from regulators abroad, such as the European Union’s Digital Services Act (DSA), the United Kingdom’s Online Safety Act, and the UK’s Investigatory Powers Act—may lead companies to erode encryption standards or censor Americans. Ferguson noted that in some cases, foreign governments have attempted to require backdoor access to encrypted services, citing a British order earlier this year directed at Apple. He cautioned that while such laws may be targeted abroad, U.S. companies may attempt to streamline compliance by extending those practices to American users, exposing them to surveillance and security risks.

The FTC made clear that such actions could violate Section 5 of the FTC Act, which prohibits unfair or deceptive business practices. If a company promises secure, encrypted services but deliberately weakens protections due to foreign government demands, this could constitute a violation of U.S. law. Consumers reasonably expect confidentiality, and companies may be deemed deceptive if they fail to disclose that weaker security measures were adopted at the request of foreign powers. Similarly, censoring Americans to align with foreign content regulations—such as those mandated under the DSA or UK laws—may also be considered unfair or deceptive, especially if users are not informed. Ferguson emphasized that weakening encryption exposes Americans not only to foreign surveillance but also to increased risks of identity theft, fraud, and other forms of cybercrime.

As part of this warning, the FTC invited leading firms including Apple, Microsoft, Amazon, Alphabet, Meta, Cloudflare, and others, to meet with the Commission on August 28, 2025, to discuss compliance strategies that preserve U.S. legal obligations while facing international regulatory demands. Ferguson underscored that protecting the privacy, security, and freedom of American consumers is a priority, and warned against trading those principles for operational simplicity or foreign government approval. The FTC also reaffirmed its commitment to enforcement, pointing out its longstanding role in holding companies accountable for failing to honor their security and privacy commitments. The message was unambiguous: American companies must resist external pressure to weaken security measures and uphold U.S. law, ensuring that foreign censorship and surveillance do not compromise the rights of U.S. consumers.