Alvaro Bedoya in front of Federal Trade Comission background

DCStockPhotography/Shutterstock Ford Foundation/YouTube (Licensed) Remix by Jason Reed

‘Privacy rights are civil rights’: Why Biden’s pick for FTC signals a new effort to protect user data

He's been called 'a regulator who wants to regulate.


Andrew Wyrich


Posted on Sep 22, 2021   Updated on Sep 22, 2021, 9:57 am CDT

While antitrust matters have had the spotlight at the Federal Trade Commission (FTC) in recent months, a new nomination to fill out the commission is sending public interest groups and observers a signal that privacy and data abuse enforcement could be on the horizon.

President Joe Biden’s nomination of Alvaro Bedoya, the founding director of Georgetown Law’s Center on Privacy and Technology, was immediately hailed by public interest groups. Bedoya has a background in a number of issues that could become a focus for the agency if he’s confirmed to the FTC by the Senate.

Bedoya’s experience in privacy matters and facial recognition is extensive. He co-authored a report in 2016 that found “most American adults are enrolled in a police face recognition network” and served as a chief counsel for the U.S. Senate Judiciary Committee on Privacy, Technology, and Law. In that role, according to his bio on Georgetown’s website, he conducted oversight on “location privacy and biometrics.”

At Georgetown, Bedoya also put together the “Color of Surveillance” conference, which for years looked at the impact of surveillance on communities of color. He’s also written numerous articles about the privacy and civil rights concerns raised by the technology.

All of that experience has public interest groups excited about what he could accomplish on the commission.

“He’s an expert in the privacy realm and how privacy rights are civil rights,” Carmen Scurato, a senior policy counsel at Free Press, told the Daily Dot. “He’s been, throughout the years, expressing the concern and need for the government to address the abuses of data and the impacts on privacy.”

That background in tackling privacy issues, according to a person who worked with him that spoke with the Daily Dot, will bring an expertise to the FTC that they “do not really have with the folks they have sitting there now.”

Lina Khan, who was named the chair of the commission by Biden earlier this year, has been critical of big tech companies and is an expert in antitrust issues. Naturally, that has been the focus of the commission so far.

The person added that they expect Bedoya to “push the envelope” on how the FTC goes after companies that commit abuses by focusing on the “unfair” aspect of the law, not just the “deceptive.” 

The FTC Act allows for the commission to initiate enforcement action if it has “reason to believe” that the law has been violated. It notes that “unfair or deceptive acts or practices in or affecting commerce” are unlawful.

Most of the enforcements in the tech and privacy space have focused on the deceptive part of the law. In 2019, the FTC imposed a $5 billion fine on Facebook for “deceiving users” about how much control they had over the privacy of their personal information. The penalty was the largest imposed on a company for violating a consumer’s privacy.

Similarly, earlier this year the FTC settled with Everalbum over allegations that it “deceived consumers” about its use of facial recognition. The commission alleged that the company offered an app called “Ever” that allowed users to upload videos and stored them on its cloud-based storage.

Then Everalbum launched a new feature—that was enabled by default—that used facial recognition to group users’ photos by the faces of people and tag them by name. It had said previously, the commission noted, that it wouldn’t enable the use of the technology by default.

The commission has also used “unfair” in its settlements against tech companies. In November 2020, the FTC announced a settlement with Zoom, the popular videoconferencing company. That settlement, which focused on Zoom saying it offered “end-to-end encryption” but really didn’t, also noted that Zoom “secretly installed” software called ZoomOpener on Macs. 

ZoomOpener allowed for the software to automatically launch and bypass a safeguard in Safari that guarded against malware, the FTC said. The FTC’s complaint alleged that the company didn’t give adequate notice to users about ZoomOpener—or get their consent—and deemed that “unfair” and a violation of the FTC Act. 

A ‘clear signal’ for the FTC

While the agency has tackled data abuses, observers say they believe Bedoya’s nomination shows that the FTC might focus more on the issue in the future.

Sara Collins, a policy counsel at Public Knowledge, said there seems to be a “clear signal” that the administration and FTC sees that “privacy is important” and that they want to be “intersectional in how we approach these types of issues.” Collins, and others, noted Bedoya’s experience working on issues related to privacy and surveillance of communities of color.

“That’s what [Bedoya] really brings to the table: a deep understanding of privacy, technology, and civil rights,” Collins said. “I think this shows a commitment by the administration that they want the FTC to be a fulsome agency. They want it to be exerting its competition powers—I think the nomination of Khan is a clear indication of that, and so are her statements and the work she has been doing—but I do think that this is a signal to the broader community, or even the broader tech portfolio, that we’re not just doing competition. We’re going to be doing privacy, we are going to be digging into more design, algorithm, AI. We want to be serious about regulating this space and having a regulator on the beat who wants to regulate this space.”

Collins said once Bedoya is confirmed, she expected that the FTC would work on broader rulemaking around privacy while also working on cases that “flesh out” the agency’s understanding and scope of its powers in highlighting “especially egregious cases of data abuses.”

The commission has both rulemaking authority, the ability to issue industry-wide regulations, and enforcement powers to lead investigations into companies that violate laws.

It’s not just the people at the commission that are signaling a push toward privacy issues at the agency. House Democrats proposed setting aside $1 billion for the commission to set up a bureau that would focus on “unfair or deceptive acts or practices related to privacy, data security, identity theft, data abuses, and related matters.” The proposal is part of a massive budget reconciliation effort.

Just this week, a group of Democratic senators sent a letter to the FTC urging the commission to use its rulemaking authority to “to protect consumer privacy, promote civil rights, and set clear safeguards on the collection and use of personal data in the digital economy.”

Meanwhile, in July, more than 50 civil rights, privacy rights, and internet rights groups called on the FTC to step in and curb the data collection practices of big tech companies. The groups specifically asked the agency to use its rulemaking authority to ban corporate use of facial recognition, surveillance in public, and “industry-wide data abuse.”

Even the commission itself has hinted at their focus on data abuses and artificial intelligence. Earlier this summer, Commissioner Rebecca Kelly Slaughter spoke at the agency’s “PrivacyCon” in July. In her prepared remarks, Slaughter noted the FTC needed to look into “a wide variety of data abuses, including questions of racial bias, civil rights, and economic exclusion.”

Slaughter added: “Words matter, and ‘data abuses’ reflects the fact that rampant corporate data collection, sharing, and exploitation harms consumers, workers, and competition in ways that go well beyond more traditional or libertarian privacy concerns.”

The commission itself published a blog post in April about artificial intelligence, noting that the technology can lead to “troubling outcomes.”

In 2014, Bedoya spoke about a “problem in privacy” for both the government and the industry. He said the value of that data had caused both sides to “collect as much information as possible and to retain it as long as possible.”

“Both in the intelligence committee and in industry, there’s effectively an effort to redefine privacy,” Bedoya said at the time. “Privacy used to be about collecting only what you needed to collect. Under the new model, you collect as much information as possible and you protect privacy through after-the-fact, post-collection use restrictions.”

While some tech companies have been offering opt-outs or other mechanisms for users, it’s clear there is momentum in Washington toward creating some kind of privacy standard for users. The FTC, if Bedoya is confirmed, could initiate rulemaking that covers these issues while Congress continues to work on a federal privacy law. There’s a growing consensus for the FTC to act in this space, and experts say Bedoya’s nomination is another indication of that.

“There is clearly both an appetite within the FTC and outside the FTC for this work to happen,” Collins said, adding: “I think it’s likely we that get more facial recognition cases. I think it’s likely that we get more AI or algorithmic bias cases. Maybe even some data security cases. We just had, at the open meeting, Chopra and Khan talking about health apps and privacy. That’s my guess, but obviously, it’s up to the commissioners on how to move forward.”

Read more about Big Tech

Congress barrels forward with EARN IT Act, determined to end encrypted messaging online
How little tech is turning the tide in the fight against big tech
FTC warns of ‘huge surge’ in social media scams
How the FTC can use ‘data minimization’ to immediately strengthen consumer privacy
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
Share this article
*First Published: Sep 22, 2021, 7:00 am CDT