Officials in the EU often deride the lack of a national data protection authority in the US. It is absurd to suggest that the existence of a national DPA is itself a litmus test for a country’s commitment to privacy protection. Indeed, I would put the US system of constitutional checks and balances and sectoral and state privacy laws up against any privacy law in the EU. But as I write in the IAPP’s Privacy Perspectives today, it turns out we do have a national DPA after all – the FTC, which has fashioned itself into a de facto DPA, and not without some controversy.