In testimony before a House subcommittee Wednesday, Federal Trade Commission Chairman Joseph Simons renewed his call for Congress to pass new privacy legislation, telling representatives, essentially, he can't enforce a law that doesn't exist.

Simons was on Capitol Hill testifying in a hearing on "Online Platforms and Market Power," the probe the House Antitrust subcommittee launched in June to dig into Apple, Amazon, Facebook, and Google.

At the highest level, the FTC is responsible for basically two things: protecting competition and protecting consumers. To that end, it's one of the two bodies with antitrust oversight, sharing responsibility with the Justice Department for reviewing mergers and challenging anticompetitive behavior.

As part of the consumer protection half of its mandate, the FTC also regulates the gulf between what companies say they will do and what they actually do. As such, the agency has become the closest thing the United States has to a privacy regulator. But its actions and authority are limited under the law, and when it comes to privacy, the commission can more or less only intervene when a prior agreement has been broken—it can't just impose fines or other penalties for behavior that feels like it should be illegal but isn't.

During the hearing, Rep. Joe Neguse (D-Colo.) pressed Simons on the FTC's track record with privacy enforcement. "I want to talk briefly about the settlement with Facebook earlier this year," Neguse said, asking Simons to explain the "methodology" the commission used to reach the $5 billion agreement.

"I'm very disappointed that you all are disappointed" in the settlement, Simons replied, defending the settlement as "very aggressive." But, he added: "Even if we wanted to do more, we don't have the authority to do more. We do not have the authority to impose fines or, on our own, increase the injunctive relief. We have to go to court. So what we did is we negotiated very long and hard with Facebook to get the best relief we could in a settlement and then compare that to what we would have gotten if we had gone to court."

Neguse cut Simons off there, but he added, "Ultimately, one point that I think we both agree on is that the tools that the FTC has under existing statute, in my view, could be strengthened, given the trend and the challenges that your agency faces." Simons agreed.

Later in the hearing, Simons reiterated the sentiment, telling the chamber, "I think if you want us to do more on the privacy front, then we need help from you," Simons said. "We've done as much as we can do with the tools we have."

A frequent refrain

Simons has rung the alarm about this particular enforcement gap several times already this year. The FTC in July announced not only the Facebook settlement but also a $575 million settlement with Equifax over its massive consumer data breach. With each announcement, Simons called on Congress to act.

"The CFPB and the states were able to obtain civil penalties for this massive breach by a major financial institution. The FTC could not," Simons said in a press conference about the Equifax case. "Fortunately other agencies were able to fill in the gap this time. That will not always be the case, which sends the wrong signal regarding deterrence."

During a separate press event about Facebook a week later, he echoed the sentiment, saying "We are a law enforcement agency without the authority to promulgate general privacy regulations. Our authority in this case comes from a 100-year-old statute that was never intended to deal with privacy issues like the ones that we address today."

Members of Congress likewise have been calling on their colleagues to do something about federal privacy laws. Sen. Ron Wyden (D-Ore.) last month proposed a bill that would not only drastically expand the FTC's scope and resources but also would impose criminal penalties for company officers found responsible for mishandling consumer data.

The House has likewise taken up the call: this month, Reps. Anna Eshoo and Zoe Lofgren, both Democrats from California, introduced an Online Privacy Act earlier this month. Their bill would not only create new standards but also take their enforcement out of the hands of the FTC altogether, instead creating a Digital Privacy Agency to handle it.

In the meantime, regulators have been doing the best they can to consider whether matters of consumer data and privacy fall under antitrust law. DOJ antitrust chief Makan Delrahim has several times discussed ways in which poor privacy controls that harm consumers may be considered a result of poor competition.

"As a foundational matter, we must acknowledge that data has economic value, and some observers have said it is analogous to a new currency," Delrahim said in a speech last week: