As the FTC takes aim at tech giants, the regulator just lost key tech and data privacy leaders

“The FTC has struggled to bring on a lot of technologists for years,” said Justin Brookman, director of privacy and technology policy at Consumer Reports, who has served as policy director in the regulator’s Office of Technology Research and Investigation. “They don’t have enough privacy lawyers, they don’t have enough technologists, they don’t have enough anything.”

Meyer has returned to the Consumer Finance Protection Bureau, an agency now led by former FTC commissioner Rohit Chopra, to serve as its chief technologist. According to a CFPB announcement about her return, she had also served as Chopra’s Technology Advisor while he was still at the FTC. During her brief stint with the FTC, Meyer highlighted its tech-related hiring aspirations. Stephanie Nguyen, former deputy chief technologist, is currently serving as acting chief technologist in Meyer’s place. Nguyen’s work has involved user design interfaces including research on deceptive design elements known as dark patterns.

In two more blows, a pair of longtime members of the FTC’s consumer protection bureau are also out to join law firms. Daniel Kaufman, former deputy director of the Consumer Protection Bureau left this month to join BakerHostetler’s digital assets and data management practice group. Maneesha Mithal, associate director of the FTC’s privacy division inside the bureau, is set to leave at the end of this week for Wilson Sonsini, which has represented Google for several years. Kaufman’s and Mithal’s exits were first reported by Politico. An FTC spokesperson confirmed the departures but declined to comment for this story.

Brookman called the departures “a big deal,” and said of the FTC, “They are going to be in a holding pattern on privacy for a little bit.” The FTC is knee-deep in tech industry cases that require tech knowledge, including its antitrust case against Facebook, which it has revised to put more emphasis on data and privacy related issues. 

Who’s on tech and privacy

The FTC has nine technologists including Nguyen. In general, technologists working for the FTC support investigations as well as other efforts, including work not related to data privacy. They might evaluate code associated with a company’s technology or determine whether assertions made in a legal complaint are technically sound, for example. Some might assist in efforts related to data privacy enforcement inside the Division of Privacy and Identity Protection, which is often referred to DPIP or “D-Pip” and is part of the FTC’s Consumer Protection Bureau. Others assist legal staff in research and market studies for competition-related investigations and are not involved in enforcement. 

Lerone Banks joined the FTC in 2013 and leads data privacy and security technical investigations as a technologist inside DPIP. According to Banks’s LinkedIn profile, “While his name rarely appears on legal documents, his fingerprints are on every significant technical matter facing the FTC’s Bureau of Consumer Protection, including investigations into Apple, Amazon, Google, Facebook, LifeLock, Equifax, Ashley Madison, and Zoom.”

Being one of the few technologists at the FTC can be lonely, said Jessica Rich, former director of the FTC’s Consumer Protection Bureau. She said the FTC has had a hard time competing with the salaries and career advancement potential of corporate tech. “If the FTC had the funds and authority to hire multiple technologists, that would also make it a more appealing place to work,” she told Digiday in August. “You don’t want to be the one technologist in the privacy division who everyone is coming to for everything; you want to be part of a professional cadre of technologists.”

It is unclear exactly how many technologists or other FTC staff focus on data and privacy issues. The FTC’s budget request for 2022 shows that it has had a total of 63 privacy and identity protection staff in 2021. But the number of FTC staffers focused on data and privacy issues could be even lower. Former FTC chair Joseph Simons told Congress in 2019 that the agency had 40 full-time employees handling data and privacy work. The FTC’s report to Congress on data privacy and security this September also gave that ballpark figure of 40 to 45 people in DPIP. 

The FTC is sharpening its fangs to take on big tech. What are the implications of a more fearsome FTC? Digiday’s two-part podcast series, Kill Your Algorithm, explores just that. The first episode, “Shocking Data Stories,” digs into the FTC’s case against period tracker Flo. Could it have been tougher? And what happens if the FTC forces more companies to destroy their algorithms? Listen now!

The FTC’s privacy and tech-related staffing requests

As part of its larger 2022 budget increase request, the FTC asked for $18.5 million to fund 110 total additional staff.

• Among those 110 new people, it asked for 13 additional staff in its Consumer Protection Bureau to address privacy, data security and emerging tech use in marketing in addition to conducting compliance monitoring.
• The agency also aims to add 36 additional people in its Competition Bureau to identify and challenge anticompetitive mergers and conduct in “increasingly pervasive technology markets.”

Funding to “holistically address privacy abuses”

FTC chairwoman Lina Khan reaffirmed the budget requests to fund more staff in an Oct. 1 statement on the FTC’s website that noted her mission to align privacy and antitrust enforcement more closely in recognition that large digital platforms build market power by collecting and monetizing data.

 “Even absent these increases, however, we must update our approach to keep pace with new learning and technological shifts,” she wrote. Khan’s statement mirrored what was written in the agency’s September privacy report to Congress, which said the FTC would use increased funding to support hiring more tech experts to “holistically address privacy abuses” as well as specific data-centric tech such as algorithmic financial services and healthcare apps and tech for targeted advertising.

Legislators have tried to get the FTC more funding and resources, often writing it into various competition and data privacy related bills, including in a bipartisan package of tech-focused antitrust bills introduced in June in the U.S. House of Representatives. The boldest move yet to get the agency more funding came in September through an amendment to President Biden’s still-pending Build Back Better Act that would give the FTC $1 billion to use over a ten-year period. The funds would help the agency create a new bureau addressing unfair or deceptive data privacy and security abuses. However, its fate is subject to congressional negotiation mired in political morass over the legislation.  

Brookman said of the possible $1 billion funding, “It would be great, but that’s by no means a done deal.”

Not stacking up to EU counterparts

In an effort to justify more money for the FTC, legislators such as Rep. Jan Schakowsky, the Illinois Democrat who proposed the billion-dollar cash injection, have measured the agency’s limited data and privacy staffing against that of data protection bodies in Europe, where regulators enforce the EU’s General Data Privacy Regulation. In contrast with the FTC’s 40-60 some data privacy staff, many of whom are lawyers rather than tech specialists, European Data Protection Authorities are better resourced, according to a recent report from the Irish Council for Civil Liberties.

• FTC: 9 technologists, 40-60 data privacy staff
• Germany: 99 tech specialists/745 other personnel 
• France: 30 tech specialists/195 other personnel
• Ireland: 28 tech specialists/155 other personnel  
• Spain: 30 tech specialists/139 other personnel
  Source: Irish Council for Civil Liberties  

Although Europe’s data protectors have more dedicated staff and technologists than the FTC, the Irish Council for Civil Liberties — a membership organization that gets funding from human rights and civil liberties groups as well as the European Commission — argued that the FTC’s European counterparts need more resources, too. “Europe’s DPAs are not configured for the digital era, and continue to lack the capacity to investigate and understand what tech companies do with people’s data,” noted the report.

Lack of career path

In addition to lack of funding, when it comes to hiring staff with tech expertise, the FTC has had a hard time competing with the salaries and career advancement potential that tech companies can offer, said Rich. “There hasn’t been a career path for technologists,” she said. “So, you can’t attract people who want to make a career at the FTC, and so eventually they leave so they can have a better career.” 

The FTC has another way to bring fresh tech specialists on board who are not paid through congressional budgeting, though. It aims to hire part-time and full-time remote technologists skilled in an array of fields including ad tech, content management and misinformation, social media platforms and AI through the Intergovernmental Personnel Act Mobility Program.

The program allows people to work for the FTC while being paid by their current employer for up to two years.  

This article has been updated to reflect that, while Daniel Kaufman and Maneesha Mithal held director-level positions at the FTC’s consumer protection bureau, they were not technically bureau directors.