Part I of this book reviewed the history, procedures, and powers of the Commission. Part IInow turns to how the Agency has brought its experience and tools to bear on the problem of consumer privacy.

In regulating privacy, the FTC has upset public choice theory predictions about how the Agency might act. Instead of becoming an inflexible institution, it changed as marketing changed. As marketing evolved from print to radio to television to the internet, the FTC retooled its investigative practices. It brought its first internet case in 1994, before most Americans were online, and when many thought that the internet was just a fad. The FTC started making policy statements on internet privacy in 1995, and began its enforcement strategy with children's privacy cases. Instead of becoming a tool of special interests, the FTC has brought cases against a variety of actors in internet commerce, including the largest, most important companies. In addition to being flexible in subject matter and in enforcement target selection, the FTC's approach has evolved. Early privacy matters focused on enforcing privacy representations, but companies learned quickly to not make specific promises, or to write vague privacy policies. As companies changed their strategy, the FTC shifted to an approach of enforcing consumer expectations. The FTC borrowed heavily from its expertise in recognizing and remedying false advertising. Just as it did a generation before when evaluating mass-media advertising, the Commission looked to website design, settings, and even informal remarks by employees as informing consumers’ perceptions of privacy promises.

The FTC has been a key force for the protection of online privacy because it fills the gaps left by the US “sectoral” regulatory approach. In the United States, privacy is regulated sector by sector, meaning that certain kinds of businesses are subject to information privacy law statutes. As a result, different companies that possess the same information may be subject only to the Federal Trade Commission Act, or to the act and some sector-specific law, such as the Fair Credit Reporting Act.

When the FTC first signaled a commitment to policing consumer protection online, it relied on self-regulation of internet businesses combined with its deception power to police promises made to consumers. In recent years, the Agency's focus has shifted, reflecting a more nuanced understanding of consumer expectations and the influence of computer interfaces on consumer behavior.