Leibowitz has spoken favorably of the efforts that industry stakeholders have undertaken to achieve a meaningful self-regulatory framework. At Thursday's hearing, he emphasized that he is not looking to saddle Internet companies with a heavy-handed compliance burden and acknowledged that lawmakers and regulators must tread carefully as they contemplate new rules in such a dynamic and fast-growing sector of the economy.

When asked to clarify his support for a "baseline" federal privacy law, Leibowitz responded: "It means setting a standard that protects consumer privacy in a way that doesn't in any way undermine innovation."

Similarly, Strickling was quick to point out that the bill of rights developed by the Commerce Department and the White House (with input from the FTC and others) preserves the spirit of the self-regulatory framework that has long guided the online privacy space.

"There's nothing about any work that's happened before now that is in any way jeopardized or threatened by what we're going to put in place," Strickling said. "It will build on the work that's already been done by industry and consumer groups up till now."

Strickling also appeared to agree with Leibowitz that Congress should advance legislation that would rein in the practices of data brokers, which often operate beyond the view of public, shielding them from the scrutiny that has created something of a check on consumer-facing companies like Google. Leibowitz and other FTC officials have in overseeing companies whose stock in trade is the collection, use and sale of consumer data.