Staff plans a workshop on digital marketplace incentives and how to ensure the industry does "a better job” protecting privacy and consumer data, said acting FTC Chair Rebecca Kelly Slaughter Wednesday. The agency seeks input about “which remedies best address particular types of harm and feedback on the effectiveness of our existing orders,” she told a Future of Privacy Forum event. She said she asked staff to examine health apps, including telehealth and contact tracing apps, calling the pandemic her “first priority.” She asked staff to “actively investigate biased and discriminatory algorithms.” On artificial intelligence, the official wants staff to explore “the best ways to address AI-generated consumer harms.”
The Virginia Senate voted 36-0 for a comprehensive privacy bill (SB-1392) at a livestreamed floor session Friday. One senator didn’t vote due to a conflict of interest. Companion HB-2307 cleared the House 89-9 on Jan. 29 (see 2102010035). Virginia’s attorney general would enforce the rules. “This bill is an effort to set clear expectations for companies who handle or collect consumer data, and to proactively protect the rights of consumers,” said SB-1392 sponsor Sen. David Marsden (D) in a statement. “We’ve been overwhelmed with feedback from people who have been tracking the Consumer Data Protection Act this legislative session.” The House and Senate versions must be reconciled before session ends Feb. 11, but “that appears to be a mere formality given that the bills are identical and the House bill is already working its way through the Senate,” Husch Blackwell attorney David Stauss blogged Thursday. Other privacy bills are gaining momentum in New York and Washington state, Kelley Drye lawyers blogged Wednesday.
Authorized agents can help people tap California Consumer Privacy Act (CCPA) rights, but challenges remain, Consumer Reports said Thursday. CCPA lets consumers choose a third-party agent to make data requests on their behalf. This holds promise, but “additional rulemaking and industry norms are needed to make authorized agents effective at scale for California’s 40 million residents,” CR said. CR agents issued opt-out requests on consumers’ behalf to 21 companies, including Airbnb, Amazon, AT&T, Comcast, Equifax, Intuit, Oracle and Starbucks, it said. Twelve companies confirmed they stopped selling at least some data in response to opt-outs, five claimed not to sell consumer data, three provided no confirmation and one requested nonstandard information the agents lacked, CR said. Average response time was seven business days, the group said. “CR’s authorized agents often met confusing web forms and ambiguous communications.”
Virginia privacy and broadband bills cleared their origin chambers Friday. The House voted 89-9 for HB-2307, which would let consumers access, correct, delete and obtain copies of personal data, plus opt out of targeted advertising. Delegates voted 99-0 for HB-2304 to make permanent a pilot program letting electric utilities petition the State Corporation Commission to provide broadband to unserved areas. The Senate voted 28-7 that day for the similar co-op bill SB-1413 and 36-1 for SB-1334 to open an existing broadband pilot program to municipalities and government-owned broadband authorities (see 2101260028).
Washington state Rep. Shelley Kloba (D) floated an alternative privacy bill Thursday, as expected (see 2101240003). Unlike SB-5062 in the Senate, HB-1433 includes a private right of action and opt-in consent. The American Civil Liberties Union of Washington said it wrote the House bill with the Tech Equity Coalition.
A Florida Senate panel supported requiring warrants for police searches of cellphones, other portable communication devices and smart speakers, except in emergencies. The Criminal Justice Committee voted 7-1 for SB-144 at a livestreamed Tuesday hearing. “Our founding fathers could not have imagined a world in which we have Amazon Alexas and cellphones and GPS systems that are on our wrists,” said Vice Chair Jeff Brandes (R). Sen. George Gainer (R) voted no after asking, “Wouldn’t this bill interfere with the apprehension of pretty dangerous people?” Nobody on the committee opposed a bill to allow police to use drones for crowd control and traffic management. SB-44 wouldn’t allow police to use drones to collect evidence of violations, and the panel amended the bill to remove a section that would have allowed drones for monitoring crowds of 50 or more. There appeared to be some confusion about if the bill would allow drones to be used in high-speed chases. Sponsor Sen. Tom Wright (R) said he intended to allow police to send drones after escaping vehicles, but committee Staff Director Lauren Jones said the bill as written wouldn’t allow that.
About 80% of companies believe omnibus privacy laws have had a “positive impact” in their jurisdictions, Cisco reported Tuesday. The company surveyed 4,400 “security and privacy professionals across 25 countries.” About 60% of companies claim they “weren't prepared for privacy and security requirements involved” in shifting to remote work, according to the survey. Nearly 60% of respondents said they support employers “using data to help make workplaces safe, while less than half supported location tracking, contact tracing, disclosing information about infected individuals, and using individual information for research,” said Cisco.
Advertisers recoiled at requiring opt-in and a private right of action in a proposed North Dakota privacy bill (HB-1330). Different state approaches to privacy “harm both businesses and consumers by creating complex regulation leading to increased compliance costs that are almost certain to be passed on to consumers,” blogged Dan Jaffe, Association of National Advertisers group executive vice president-government relations, Tuesday. Washington state legislators also are debating consent and enforcement provisions (see 2101220043).
The FTC’s order against Everalbum “reflects a change that has already taken place,” a company spokesperson emailed in response to Monday’s settlement (see 2101110027). The Ever app was shuttered in August, and the company “has no plans to run a consumer business moving forward,” the spokesperson wrote. “In September 2020, Paravision released its latest-generation face recognition model which does not use any Ever users’ data.”
BSA|The Software Alliance filed a brief at the U.S. Court of Appeals for the 2nd Circuit supporting Microsoft’s appeal of a nondisclosure order from the Eastern District of New York barring it from notifying anyone that it received a warrant for a business customer’s data. “Industry depends on the trust that customers place in cloud service providers to protect their data,” BSA said (in Pacer) in the brief, posted Tuesday in docket 20-3945. “To maintain that trust, when the Government demands a customer’s data, a cloud service provider must be allowed to notify the customer in all but the most unusual circumstances,’ BSA said. “Upholding nondisclosure orders that fail to meet First Amendment requirements, like the one at issue here, threatens to undermine the customer trust that is essential to the cloud services industry.” A group of former prosecutors from New York also supported (in Pacer) Microsoft. “New technologies should not be exempt from traditional constitutional safeguards,” they said: “The issuance of a § 2705(b) secrecy order must be justified by a specific and meaningful showing and must be narrowly tailored to promote a compelling government interest and be the least restrictive means of achieving that interest.”