The FTC should investigate whether Android apps manipulate children into watching advertisements and making purchases, some 20 consumer and health advocates wrote the agency Tuesday. Citing a University of Michigan Mott Children’s Hospital study, the groups question 135 children’s apps “marketed to or played by children under five.” Campaign for a Commercial-Free Childhood, the Center for Digital Democracy, Consumer Watchdog, Electronic Privacy Information Center and Public Citizen signed. “These apps routinely lure young children to make purchases and watch ads, though they are marketed to parents as appropriate for young children,” they wrote. Google and the FTC didn’t comment.
NTIA shouldn't promote a privacy enforcement framework (see 1810220032) modeled after new laws in Europe and California that limit collection and use of data, Technology Policy Institute Senior Fellow Thomas Lenard commented in docket 180821780-8780-01. “Collecting and analyzing large amounts of data is the basis of much, if not most, of the innovation that has taken place on the internet over the past 20 years,” Lenard said Friday. The current FTC model is “ex post enforcement based on actual harms,” he wrote, and laws in California and the EU “use an ex ante regulatory approach.”
The FTC 4-0-1 finalized a settlement with a California online training services company over allegations it falsely claimed it was getting certified as EU-U.S. Privacy Shield compliant (see 1807020048). ReadyTech is barred from misrepresenting itself again, and for any future infractions, faces penalties up to $41,484 for each violation. Commissioner Christine Wilson didn’t vote, and the agency didn't comment.
The FTC is seeking presentations on privacy and security topics at PrivacyCon June 27, the agency announced Wednesday. The agency is soliciting empirical research on IoT, artificial intelligence, virtual reality, consumer costs/benefits of privacy, security incentives for industry and evidence industry is able to provide proper privacy protections. Deadline for submissions is March 15.
The U.S. should follow Europe’s lead and implement a privacy law like the general data protection regulation, Apple CEO Tim Cook said Wednesday in Brussels. The world should celebrate implementation of the GDPR, which showed good policy and political will can “protect the rights of everyone,” he said at the International Conference of Data Protection and Privacy Commissioners. He dismissed rivals’ claims that privacy legislation will stifle innovation, calling that argument “destructive.” The world will “never achieve technology's true potential without the full faith and confidence of the people who use it,” he said, citing a 2010 quote from former Apple CEO Steve Jobs: “Privacy means people know what they're signing up for, in plain language, and repeatedly.” Cook described a modern “data industrial complex,” in which personal data is weaponized against users with “military efficiency.”
Sen. Ed Markey, D-Mass., and FTC Commissioner Rebecca Kelly Slaughter will speak at the Georgetown Institute for Tech Law & Policy for an event Wednesday focused on the Children's Online Privacy Protection Act. Panelists include Center for Digital Democracy Deputy Director Katharina Kopp, Software & Information Industry Association Director-Education Policy Sara Kloek, ACT|The App Association Executive Director Morgan Reed, Electronic Privacy Information Center Consumer Privacy Counsel Christine Bannan and Common Sense Media Policy Counsel Ariel Fox Johnson.
The Information Technology Industry Council is the latest group to offer a consumer privacy framework to guide Congress’ legislative debate (see 1810090056). ITI’s Monday document said “some aspects of any privacy framework will necessitate regulatory rulemaking” authority: “Context is an area that is ripe for such rulemaking to ensure consideration of the factors identified in this framework as well as others that may be relevant (e.g., factors related to public safety).” The group urged more transparency on data collection and sharing; better consumer control of data; and company security mandates.
A key problem with U.S. privacy is few stakeholders fully understand the issues, said an expert who has discussed it with members of Congress at their request. "They don't know how it works," University of Pennsylvania communication professor Joseph Turow told C-SPAN. "It's very hard to regulate industries when the industries are the ones who are controlling the information, because the regulators, certainly in the Congress, have very little understanding of how this stuff works." He mentioned companies including or devices from Amazon, AT&T, Comcast, Facebook, Google, Verizon and brick-and-mortar retailers that may use people's information in ways Turow contends many don't understand. He worried about China's social rating-surveillance system slowly being adopted in the U.S. Those who can help privacy-caused ills are "all of the above" -- Congress, the FCC and FTC, states, tech companies and consumers -- Turow said on a Communicators episode to have been televised this weekend. "We have to make our regulators, our legislators understand this." The professor recommends educating students about such issues. Research, including what he's involved with, shows many people don't back trading some personal information for accessing tech services. It's not so much they "buy into" this but are "resigned," he said: "We are being trained to give away our data" and feel "there's nothing else we can do." He agreed privacy policies can be oxymoronic. "Most Americans have no clue really what the phrase 'privacy policy' means," surveys show, he said. They're "written by lawyers, to be read by lawyers, to be understood principally by lawyers," the academic said: Companies can do "almost anything they want to do if they write it in the right way." USTelecom members have long "embraced strong consumer privacy policies," a spokesman responded. "Privacy is a shared responsibility and the burdens and obligations cannot rest only with ISPs. Consumers expect and demand strong privacy protections," so Congress should "develop a national privacy framework" for the entire "internet ecosystem,” he added. The Association of National Advertisers, which earlier this year acquired the Data & Marketing Association, declined to comment. NCTA declined to comment, and the Internet Association didn't comment.
A key takeaway from the FTC’s 2017 information injury workshop was that privacy incidents erode consumer trust, driving down the ability for platforms to collect consumer data, agency staff said Friday. Participants noted the risk of informational injury should be balanced with the value of data collected, staff wrote. Participants cited a handful of studies showing consumers say they care deeply about privacy, but their behavior doesn’t always support that claim. Examples included people offering friends’ personal information for slices of pizza. Other examples include people allowing their photos to be taken, offering the last four digits of their Social Security number and offering their fingerprints in exchange for cookies. Staff said consumer harm from privacy and security breaches include: medical identity theft, targeted release of personal data and erosion of trust.
The White House should promptly nominate a permanent Privacy Shield ombudsperson, Commerce Secretary Wilbur Ross and EU Justice Commissioner Vera Jourova said Friday. The functioning of the State Department ombudsperson, currently acting Undersecretary for Economic Growth, Energy and the Environment Manisha Singh, was discussed during last week’s review of the agreement. The European Commission will publish findings and recommendations on PS this year, they said. The pair cited the program’s significant growth, with nearly 4,000 companies signed on. Other efforts cited include the recent confirmation of Privacy and Civil Liberties Oversight Board members (see personals section of the Oct. 15 issue), restoring the quorum. In light of recent privacy breaches, there's a need for “strong privacy enforcement to protect our citizens and ensure trust in the digital economy,” they said. Ross in a Financial Times opinion Wednesday defended the PS, saying it protects citizens and companies in both regions and allows cross-border data flows. The State Department ombudsperson has been available, but hasn’t received a single PS-related inquiry, he said. Facebook, a PS participant, will be removed if the FTC finds it failed to comply with program commitments, he said. “We agree that Privacy Shield works well and encourage further progress to strengthen it, such as the prompt nomination of a permanent U.S. Under Secretary and Ombudsperson,” said Computer & Communications Industry Association Senior Policy Manager Alexandre Roure.