The Federal Trade Commission (FTC) has warned major U.S. tech companies that complying with foreign government demands that weaken data security or impose censorship could violate U.S. consumer protection law. This legal reminder, issued via a letter from FTC Chairman Andrew N. Ferguson, emphasizes that companies have a primary obligation to American users to protect their data and freedom of information, regardless of overseas regulatory pressure.
The Federal Trade Commission (FTC) recently issued a stern warning to major U.S. tech companies, including industry giants like Apple, Google, and Meta. FTC Chairman Andrew N. Ferguson’s letter emphasizes that companies must prioritize the data security and privacy of American users over compliance with foreign government demands. This intervention comes as new laws in countries like the UK and within the EU are pressuring American firms to weaken encryption, censor content, and provide government access to user data. Ferguson warns that acceding to such demands, particularly if it compromises security without notifying users, could be considered an “unfair or deceptive” practice, thereby violating the FTC Act.
The legal foundation for the FTC’s warning is Section 5 of the FTC Act (15 U.S.C. § 45), which prohibits “unfair or deceptive acts or practices” in commerce. The FTC interprets this to mean that companies must uphold their privacy and data security promises to consumers. When a company advertises a platform with strong security measures, such as end-to-end encryption, it creates a representation that must be honored. Ferguson argues that deliberately weakening these measures to comply with foreign laws—or even to simplify global compliance—would be a deceptive act that misleads American consumers. Furthermore, if a company fails to disclose these changes to its users, it could be a further violation. The letter makes it clear that a company’s legal obligations to its American users remain paramount, even when facing pressure from other sovereign nations.
Ferguson’s letter specifically calls out foreign regulations like the EU’s Digital Services Act (DSA), the UK’s Online Safety Act, and the Investigatory Powers Act. These laws often contain provisions that compel tech companies to actively monitor for and remove content deemed “harmful” or “illegal” by foreign governments, or to create “backdoors” into their encrypted services for law enforcement. The FTC is concerned that these laws could lead to a domino effect where U.S. companies either apply the strictest foreign censorship and surveillance rules globally or weaken their security infrastructure for everyone, including Americans. This, according to the FTC, could subject American citizens to foreign surveillance and increase their risk of identity theft and fraud, all while eroding their freedom of speech and access to uncensored information.
To underscore its point, the FTC’s letter references previous enforcement actions against tech companies that failed to live up to their data security promises. Notable examples include the 2021 case against Zoom Video Communications for falsely claiming its video conferencing service had end-to-end encryption, and the 2023 case against Ring, the smart home security company, for failing to protect customer video feeds. These cases establish a clear precedent: companies that make explicit or implied promises about security must follow through. The FTC is now extending this principle to the international arena, suggesting that giving in to foreign demands for weakened security would be a similar breach of consumer trust.
The FTC’s warning puts tech companies in a difficult position, caught between conflicting legal obligations. They must navigate a global landscape of varied regulations while simultaneously adhering to U.S. law. The recent incident involving Apple and the UK serves as a prime example of this challenge. Apple was pressured by the UK to create a backdoor into its iCloud end-to-end encryption, a demand that would have compromised its global security architecture. The demand was ultimately withdrawn after U.S. diplomatic pressure, but it highlights the real-world scenarios that the FTC’s letter addresses. Ferguson has invited the letter’s recipients to a meeting on August 28 to discuss how they can navigate these international pressures without compromising the security of American users.
Reference:
