FTC Signals Renewed Focus on Quantifying Privacy Harms and Benefits
During the first Trump administration, the Federal Trade Commission hosted a workshop on informational injuries, and on February 26, 2026, the agency revisited the issue in a workshop on “Consumer Injuries and Benefits in the Data-Driven Economy.”
The recent program brought together economists and legal scholars to examine a foundational question: How should the FTC measure harms and benefits arising from the collection, use, and disclosure of consumers’ personal information? The program signals a potential shift in how the agency approaches privacy issues, with greater emphasis on empirical, economic theories that consider both benefits and harm. Below are some key themes that emerged.
Chairman Ferguson: Measuring Harm (and Benefit) Is Central to the FTC’s Task
In opening remarks, FTC Chairman Andrew Ferguson framed the workshop around three core challenges the agency faces in privacy-related enforcement under Section 5 of the FTC Act: First, how should the FTC quantify the value of personal data? Second, how should the FTC ascertain privacy harm when consumers often lack full awareness of how their data is collected or monetized? Third, how can the FTC make enforcement decisions that will survive judicial review absent a strong understanding of both the harms and benefits of behavioral advertising? Chairman Ferguson emphasized that the FTC’s consumer protection mission is grounded in promoting consumer choice and innovation consistent with “human flourishing.” He characterized conflicts between promoting privacy and innovation as arising only “on the margins” rather than representing an inherent tension.
Overview of Panel Themes
Over the course of the program, panelists examined methods for measuring how consumers value privacy and potential privacy harms and benefits from the use of their data in a variety of contexts, such as behavioral advertising and personalized algorithmic pricing, often called “surveillance” pricing, and in connection with data breaches. For example, panelists debated whether traditional economic tools adequately capture privacy harms, with some, such as Professor Alessandro Acquisti of MIT, arguing that externalities or consumer rights-based approaches may better account for social or dignitary harms that resist straightforward price quantification. According to Acquisti, what makes privacy harm particularly hard to quantify is that it is pervasive, heterogenous in form, and often intangible.
Picking up on the heterogeneity point, Daniel Wood, the Deputy Assistant Director of the FTC’s Bureau of Economics, underscored that privacy valuations are not evenly distributed. A relatively small percentage of consumers with strong privacy preferences account for a disproportionate share of total measured privacy value. He explained that the significance is that in conducting cost/benefit analysis of a privacy-protective measure or a technology, the FTC should ensure it accounts for the behavior of this group and whether, for example, this group is already protected by existing laws and tools.
As to data breaches, panelists emphasized that breach-related injury is wide-ranging and extends beyond identity theft to include reputational harm, loss of access to service, exposure to spam, and emotional distress. Market-based proxies—such as prices for identity protection services and post-breach consumer demand shifts—were discussed as possible quantification tools. On the benefits of preventive measures, panelists acknowledged the difficulty of isolating the effectiveness of specific security controls but noted empirical support for layered measures (e.g., multifactor authentication, encryption, endpoint detection, and system update policies).
Behavioral advertising was a frequent topic throughout the day, and a panel dedicated to the topic explored whether the digital advertising ecosystem functions as an efficient “matchmaker” that lowers search costs and subsidizes free content, or as an extractive “oligopoly” that drives up product prices and inadvertently funds misinformation. Presenting new research on “offsite data,” Nils Wernerfelt of Northwestern University noted that while privacy-preserving industry measures like Apple’s App Tracking Transparency aim to protect consumers, they have also led to a 37% increase in customer acquisition costs for the median advertiser—a burden that falls disproportionately on small businesses. The panelists urged holistic evaluation of privacy interventions, accounting for competitive effects, market productivity, and consumer access to niche products—not just direct privacy gains.
Conclusion
The workshop suggests that the FTC is focused on strengthening the economic and empirical record on which it makes its enforcement, regulatory, and broader policy decisions in the privacy arena. Chris Mufarrige, the Director of the FTC Bureau of Consumer Protection, signaled in his closing remarks the FTC’s neutrality in this process and the need for the FTC to intervene after measuring both injuries and costs. What this means in practice remains to be seen, but it suggests the FTC may be increasingly open to evidence and arguments concerning the benefits of technology and the costs of regulation.
Print and share
Authors
Notice
Before proceeding, please note: If you are not a current client of Perkins Coie, please do not include any information in this e-mail that you or someone else considers to be of a confidential or secret nature. Perkins Coie has no duty to keep confidential any of the information you provide. Neither the transmission nor receipt of your information is considered a request for legal advice, securing or retaining a lawyer. An attorney-client relationship with Perkins Coie or any lawyer at Perkins Coie is not established until and unless Perkins Coie agrees to such a relationship as memorialized in a separate writing.
Notice
Before proceeding, please note: If you are not a current client of Perkins Coie, please do not include any information in this e-mail that you or someone else considers to be of a confidential or secret nature. Perkins Coie has no duty to keep confidential any of the information you provide. Neither the transmission nor receipt of your information is considered a request for legal advice, securing or retaining a lawyer. An attorney-client relationship with Perkins Coie or any lawyer at Perkins Coie is not established until and unless Perkins Coie agrees to such a relationship as memorialized in a separate writing.
Notice
Before proceeding, please note: If you are not a current client of Perkins Coie, please do not include any information in this e-mail that you or someone else considers to be of a confidential or secret nature. Perkins Coie has no duty to keep confidential any of the information you provide. Neither the transmission nor receipt of your information is considered a request for legal advice, securing or retaining a lawyer. An attorney-client relationship with Perkins Coie or any lawyer at Perkins Coie is not established until and unless Perkins Coie agrees to such a relationship as memorialized in a separate writing.
Notice
Before proceeding, please note: If you are not a current client of Perkins Coie, please do not include any information in this e-mail that you or someone else considers to be of a confidential or secret nature. Perkins Coie has no duty to keep confidential any of the information you provide. Neither the transmission nor receipt of your information is considered a request for legal advice, securing or retaining a lawyer. An attorney-client relationship with Perkins Coie or any lawyer at Perkins Coie is not established until and unless Perkins Coie agrees to such a relationship as memorialized in a separate writing.
Notice
Before proceeding, please note: If you are not a current client of Perkins Coie, please do not include any information in this e-mail that you or someone else considers to be of a confidential or secret nature. Perkins Coie has no duty to keep confidential any of the information you provide. Neither the transmission nor receipt of your information is considered a request for legal advice, securing or retaining a lawyer. An attorney-client relationship with Perkins Coie or any lawyer at Perkins Coie is not established until and unless Perkins Coie agrees to such a relationship as memorialized in a separate writing.
Notice
Before proceeding, please note: If you are not a current client of Perkins Coie, please do not include any information in this e-mail that you or someone else considers to be of a confidential or secret nature. Perkins Coie has no duty to keep confidential any of the information you provide. Neither the transmission nor receipt of your information is considered a request for legal advice, securing or retaining a lawyer. An attorney-client relationship with Perkins Coie or any lawyer at Perkins Coie is not established until and unless Perkins Coie agrees to such a relationship as memorialized in a separate writing.
Notice
Before proceeding, please note: If you are not a current client of Perkins Coie, please do not include any information in this e-mail that you or someone else considers to be of a confidential or secret nature. Perkins Coie has no duty to keep confidential any of the information you provide. Neither the transmission nor receipt of your information is considered a request for legal advice, securing or retaining a lawyer. An attorney-client relationship with Perkins Coie or any lawyer at Perkins Coie is not established until and unless Perkins Coie agrees to such a relationship as memorialized in a separate writing.
Explore more in
Topics
Perkins on Privacy
Perkins on Privacy keeps you informed about the latest developments in privacy and data security law. Our insights are provided by Perkins Coie's Privacy & Security practice, recognized by Chambers as a leading firm in the field.