Privacy Insider: September 14, 2021

This week, the Biden administration nominated Alvaro Bedoya to join the Federal Trade Commission. Bedoya would replace Democratic Commissioner Rohit Chopa, nominated to chair the Consumer Financial Protection Bureau.

The nomination requires Senate approval, but that's mostly a formality. If you've been following the news, you've probably noticed that Bedoya's nomination has garnered widespread support from both Democrats and Republicans. And that's because of Bedoya's track record. He's a remarkably warm and kind person, which surely you know if you've met him or even just heard him speak. But he's also whip-smart, and not just in a bookish way. I'm talking about EQ, or emotional intelligence. And that's going to go a long way at this point in history when regulating Big Tech has never been more important and without a federal privacy law on the books.

Bedoya currently leads the Center on Privacy & Technology at Georgetown Law. It's a think tank that, since its inception, has focused on surveillance's impact on minorities and, in particular, the risks facial recognition technology poses to the public. I first met Bedoya when I went to the Center's annual conference, "The Color of Surveillance." It was there that I first recognized what a unique leader he is.

Two things really struck me the first time I attended the event. First, it was clear that an incredible amount of thought went into a jam-packed schedule of speakers. Instead of having a bunch of white folks with big titles discuss privacy and surveillance, a wide array of minority, LGBTQ members and women spoke. Bedoya, an immigrant from Peru, and his team gave the stage to independent artists and filmmakers, scholars and activists to discuss government monitoring  of religious minorities, American immigrants and the African American community.

I left with perspectives that I, a white woman, had never heard before; Muslims whose communities and homes had been unjustly watched, even stalked. Female minorities who'd been denied proper health care or insurance, sometimes based on screening for how many sexual partners they'd had. 

I cried at that first event, and then every year I attended afterward. I was upset to hear some hard truths and inspired by calls to action. 

I know I sound like I'm gushing, and I am. But it's this kind of inclusivity-mindedness that now joins a historically very-white commission. Bedoya's approach, soft in nature but firm in principles, will be a boon to a commission facing a critical inflection point in U.S. consumer protection.

In my last gig, I spent a lot of time covering federal privacy hearings on Capitol Hill. I was in the room. I can tell you that the Republicans are incredibly hesitant to expose Big Tech companies, often contributing huge amounts to their campaigns, to risk. That means they can't stomach adding a provision to a federal privacy bill that could allow consumers to sue companies for violating the law. Meanwhile, Democrats are steadfast. Speaking broadly, they don't believe a privacy law will adequately protect consumers if there isn't a big stick to deter bad behavior.

It's also important to tell you that, more than a decade ago, Bedoya was an aide to Sen. Al Franken, D-Minn., and served as chief counsel to the Senate Judiciary privacy subcommittee. That was long before privacy was making mainstream news headlines. He's been thinking about how to protect consumers for a long time.

As the Axios story I've included below reports, "During his time on the Hill, Bedoya maintained an open channel with tech companies, and even during disagreements, it was never 'vitriolic,' said Adam Kovacevich, the CEO of tech industry group Chamber of Progress and a former leader of Google's U.S. policy strategy and external affairs team.

He is someone that recognizes that in making progress, it can be easier if you invite industry in to chat, rather than shouting at them from the sidewalk,' Kovacevich said. 'I think that's genuine. My hope is that he brings that same approach to the FTC.'"

It's this nomination, combined with newly appointed FTC Chair Lina Khan, whose big focus is breaking up tech monopolies, that could usher in a new day for the U.S.'s de facto privacy regulator. Plus, this week, House Democrats announced they're are aiming to allocate $1 billion to the FTC to establish a bureau aimed strictly at regulating privacy (it has many other mandates).

Companies are collecting data at a breakneck pace, and consumers are only just beginning to realize the potential harm. And while I'm not suggesting, God forbid, that we hamper innovation, nor the data economy, it's certainly time that U.S. leadership steps up to its counterparts' efforts in the EU and protects those of us who don't have the time, energy, or resources to fight for our rights alone. 

We're going to talk about this news and more on this week's Twitter Spaces event. We've got a special guest joining us, who's going to debrief us on the latest in U.S. state privacy legislation, too. I hope you'll come and listen! Here's the link to the chat, happening Thursday, Sept. 16, at 4 p.m. Eastern, 1 p.m. Pacific. 

Biden taps longtime privacy advocate for Federal Trade Commission post 

This week, the Biden administration nominated longtime privacy advocate Alvaro Bedoya to the Federal Trade Commission (FTC). Bedoya is the founding director of the Center on Privacy & Technology at Georgetown Law School, and his work has focused on surveillance policy and facial recognition bias. He was also an aide to former Sen. Al Franken, D-Minn. Pundits expect Bedoya, like newly appointed FTC Chair Lena Kahn, to be tough on big tech. However, former colleagues say he understands progress can be easier "if you invite industry into chat, rather than shouting at them from the sidewalk," Axios reports. 
Read Story

What China's new privacy law could mean for your company

In August, China passed a data privacy law that "will dramatically impact how tech companies can operate in the country," TechCrunch reports. The Personal Information Protection Law of the People's Republic of China resembles Europe's privacy law, the EU General Data Protection Regulation. It creates rules on how and when companies inside and outside of China can collect Chinese residents' data and when they can transfer it outside the country's borders.
Read Story

French data protection authority says 80% complied with its recent cookie warning

In June, the French data protection authority (CNIL) issued formal warnings to companies that were noncompliant with cookie rules. This week, the CNIL said 80% of those companies have complied with the notices and taken the appropriate steps to come into compliance. Four companies requested extra time, and four have not responded, Euractiv reports. The new rules, which went into effect in October 2020, clarify that users simply continuing to use the site can't be considered a valid expression of their consent. 
Read Story

Dems proposal could put $1B in FTC's pocket for new privacy bureau 

U.S. Democratic lawmakers have proposed giving the Federal Trade Commission (FTC) $1 billion to establish a bureau that would exclusively regulate data security and privacy, Reuters reports. The allocation is part of a $3.5 trillion proposal from the House Energy and Commerce Committee. Senate Commerce Committee Chair Maria Cantwell, D-Wash, said it's "long past time that the FTC have the tools it needs to keep pace with the online marketplace and those who would undermine it." For years, lawmakers have called for increased funding to increase FTC staff and keep pace with European data privacy authorities' staff.
Read Story

Despite backlash, UK pushes ahead with plans to reform data protection law

The U.K. government has announced a consultation on plans to reform its data protection rules following its departure from the EU, also known as Brexit. The new strategy aims to encourage increased data sharing. Last week, the Department for Digital, Culture, Media and Sport said it wants to restructure the Information Commissioner's Office and broaden its scope to oversee "sectors and businesses that are using personal data in new, innovative and responsible ways to benefit people's lives." The plan has faced some public backlash over the potential for personal data to land in the wrong hands. 
Read Story

Italy wants answers from Facebook on new Ray-Ban smart glasses 

Facebook and Ray-Ban made news last week when they introduced their new smart glasses partnership. The sunglasses allow users to take calls or take pictures and videos and share them across Facebook, Instagram and Twitter, among other platforms. This week, Italy's privacy authority asked the Irish Data Protection Commission, Facebook's lead regulator, to seek answers from Facebook on the potential privacy implications. 
Read Story