Ex-FTC Staffers Suggest Privacy Notice Updates to Avoid Scrutiny in 2026
There’s a lot of “basic” work companies can do to update front-facing websites and apps and avoid unnecessary attention from federal and state regulators in 2026, former FTC officials said Wednesday during a Red Clover Advisors webinar.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The consultant group's CEO Jodi Daniels said there are many companies still updating privacy notices to honor legal requirements when it comes to advertising technology, opt-out notices, cookies and do-not-sell-or-share rules. “I just really wanted to echo the basics,” said Daniels: All of these issues relate to front-facing website and app features that regulators can see when they’re browsing the internet.
“That’s exactly right,” said Kelley Drye’s Laura Riposo VanDruff, who previously worked in the FTC’s Consumer Protection Bureau. “Regulators are people, too. They are on the internet. They are engaged in commerce, not even necessarily a part of their enforcement actions or sweeps, but instead just as individual consumers. ... When they have an experience that doesn’t align with what the law requires, that’s where companies begin to get in trouble.”
Interactive Advertising Bureau Executive Vice President Molly Crawford said regulators are tech-savvy and monitor internet traffic. Crawford was an FTC staffer through July and chief of staff to former Chairman Joe Simons, who headed the agency during President Donald Trump’s first term.
Regulators can see when cookies are “being dropped” and when there’s an exchange of data, said Crawford. “If something doesn’t seem right, I think you could expect a regulatory inquiry because that’s a pretty easy starting point.”
Daniels said there are public enforcement actions, but that doesn’t account for all a company's inquiries. She noted states recently launched the Consortium of Privacy Regulators and have conducted regulatory sweeps, which can result in companies receiving letters from enforcers.
Regulatory inquiries impose a burden on business operations, said VanDruff: They divert resources from the businesses and require legal consultation, which is time- and resource-intensive. It’s important to do the “basics” at the front-end to avoid unnecessary interaction with regulators, she added.
Crawford and VanDruff said they expect the FTC to maintain its focus on children’s privacy and safety, given its recent COPPA enforcement action (see 2509300054 and 2509020069). Crawford noted the FTC’s upcoming workshop on age-verification technology, including COPPA applications (see 2512080049). The child safety conversation is “going to continue to really drive the day,” said Crawford.
VanDruff advised companies to pay particular attention to consumer opt-out rights like those in the California Consumer Privacy Act. “We’re past the point where regulators have patience with companies that just throw up their hands and say, ‘This is too hard.’” Other states will focus on these “fundamental” consumer rights in 2026, she said.
VanDruff and Crawford don’t expect Congress to pass privacy legislation, given the current differences of direction between the Senate and House on the Kids Online Safety Act and COPPA (see 2512090058). The focus on KOSA and COPPA “suggests to me that we’re not getting far fast as it relates to comprehensive privacy,” said VanDruff.
“It sounds like it’s a fairly one-sided conversation” in the House on comprehensive privacy, given Republican plans to release their own partisan privacy bill, said Crawford: “TBD on how it will be received and moved forward in the process, but the fun is in the conversation ... Even if these things move along, I think the Senate and the House have some real disagreements in their language.”