FTC Chairman Andrew N. Ferguson is standing strong against foreign governments that are pressuring American tech firms to compromise data security and censor information. The head of the FTC recently wrote a plain-spoken letter to 13 large U.S. tech firms, warning them that complying with certain foreign demands is likely illegal under federal law.
The letter was sent to some of the largest tech brands: Akamai, Alphabet (Google), Amazon, Apple, Cloudflare, Discord, GoDaddy, Meta, Microsoft, Signal, Snap, Slack, and X (formerly Twitter). Ferguson’s letter was blunt do not compromise American users’ data privacy and security to placate foreign governments.
The Global Battle Over Encryption and Censorship
Ferguson pointed to a list of overseas statutes that have been giving headaches to American tech firms. They are the European Union’s Digital Services Act and the United Kingdom’s Online Safety and Investigatory Powers Acts. These laws purport to defend users, but Ferguson contends they have the consequence of forcing companies to weaken encryption or adopt censorship that ends up injuring American consumers.
One of the most recent and obvious examples was Apple and the UK government. Earlier this year, Apple had to make the tough choice to eliminate iCloud end-to-end encryption support in the United Kingdom instead of developing a backdoor that would allow the British government to access encrypted accounts. What was so problematic with this was that the UK request would have compromised Apple’s encryption security worldwide, not only for users in Britain.
However, the pressure from American diplomacy fixed that particular problem, and the UK removed its insistence earlier this week. Ferguson, however, views this as part of a larger trend that must be countered.
The Stance of the FTC on Data Security and Foreign Influence
Ferguson insisted that US firms have first-order legal duties under US law, namely the FTC Act.
Section 5 of the FTC Act prohibits unfair or deceptive business practices, and this implies that companies must be honest about their data security and privacy practices.
“I am concerned that these actions by foreign powers to impose censorship and weaken end-to-end encryption will erode Americans’ freedoms and subject them to myriad harms, such as surveillance by foreign governments and an increased risk of identity theft and fraud,” Ferguson said in his letter.
The FTC chairman also feared that businesses would cut corners to make compliance simpler. Instead of coping with complicated foreign requirements on a case-by-case basis, some businesses would just opt for less secure or more general censorship that impacts American users even when there is no foreign law technically requiring it.
This is not hypothetical the FTC has already moved against companies that made false claims about their security practices. The agency referenced previous enforcement actions in Ferguson’s letter, such as in 2021 against Zoom Video Communications for falsely promoting its end-to-end encryption features.
FTC Takes Action to Protect User Data Amid Global Regulations
The FTC also went after Ring in 2023 for not adequately encrypting customers’ video streams.
These cases suggest that the FTC doesn’t take kindly to holding companies accountable when they fail to deliver on their security guarantees or adopt good data protection practices.
Ferguson is not only sending warnings – he’s also providing dialogue. The letter also contains an open invitation to the recipient firms to meet with him on August 28, 2025, to discuss how to navigate foreign regulatory pressure without sacrificing the data security of their customers.
This response shows the FTC realizes the technology companies have been put in a bind, trying to comply with every international regulation while maintaining the security and privacy of their customers. The meeting could be used to establish measures that satisfy the demands of the law without losing the security and privacy to which American consumers have grown accustomed.
The stakes are high for both their users and the companies. As governments across the globe bring new digital legislation, U.S. technology companies will be walking the tightrope between compliance and their core responsibility for safeguarding user data and upholding the trust on which their businesses are founded.
