DOJ and 14 state attorneys general offices discussed “ways the department and state governments can most effectively safeguard consumers using online digital platforms,” Justice said. The topic of the Tuesday meeting evolved over time (see 1809210047), after President Donald Trump attacked online platforms for alleged conservative bias and threatened antitrust action. “The discussion principally focused on consumer protection and data privacy issues,” Justice said. Those attending included Attorney General Jeff Sessions, Deputy AG Rod Rosenstein, Acting Associate AG Jesse Panuccio and Assistant AG Makan Delrahim. State officials included Alabama AG Steve Marshall, California AG Xavier Becerra, District of Columbia AG Karl Racine, Maryland AG Brian Frosh and Mississippi AG Jim Hood, all Democrats, and Louisiana AG Jeff Landry, Nebraska AG Doug Peterson, Tennessee AG Herbert Slatery and Utah AG Sean Reyes, all Republicans. AG offices from Arkansas, Arizona, Missouri, Texas and Washington sent staff. A federal probe of online platforms would be “inappropriate, undermine the free speech rights of tech platforms and ultimately do a disservice to consumers,” the Information Technology and Innovation Foundation wrote in USA Today. “These businesses have no incentive to inject bias in their platforms, because consumers across the political spectrum use social media and discriminating against any of them could drive people away,” wrote ITIF Vice President Daniel Castro and Research Assistant Michael McLaughlin. Delrahim at a separate appearance Tuesday on antitrust efforts committed Justice to “accelerating the pace of merger review consistent with enforcing the law because we believe that doing so is good for American consumers and taxpayers.”
IHS Markit asked the FCC to clarify that auto safety messages it transmits to cellphones are “made for emergency purposes” and don't violate the Telephone Consumer Protection Act. “Motor vehicle safety recall communications save lives,” said a petition posted Monday in docket 02-278. IHS Markit “provides critical consumer outreach communications and was recently retained to place calls and deliver text messages regarding manufacturers’ recalls of vehicles equipped with Takata airbag inflators, which are at risk of exploding.”
App developers may share Gmail user data with third parties as long as they are transparent and adhere to Google privacy policies. Vice President-Public Policy and Government Affairs Susan Molinari disclosed those details in response to questions from GOP Sens. John Thune, S.D.; Roger Wicker, Miss.; and Jerry Moran, Kan. (see 1807100060). If Google allows third-party sharing, the lawmakers asked what action Google has taken to recover the data. Preventing abuse before it happens is the goal, Molinari said: “When we detect anomalous behavior, we investigate. And when we suspend apps, we warn users to remove the apps’ access to their data.” Developers must obtain consent from the user and offer a privacy policy explaining how the data will be used, Molinari said. Those developers are subject to Google’s user data policy and application programming interface terms of service. “Our verification process … reviews the privacy policy and works to ensure that developers’ requests for access to user data make sense in light of those disclosures,” Molinari wrote. “We make the privacy policy easily accessible to users to review before deciding whether to grant access.”
The Senate Commerce Committee should invite consumer privacy advocacy groups to testify at its hearing on privacy legislation (see 1809130040) or hold a separate hearing with them, a coalition of consumer groups wrote leadership Wednesday. A committee aide told us the panel anticipates holding future hearings on the topic, with an opportunity for other groups to comment: “For the first hearing, the committee is bringing in companies most consumers recognize to make the discussion about privacy more relatable.” A witness list made up of industry representatives makes for a narrow discussion on an issue American consumers care about, the groups wrote. The groups include: Center for Digital Democracy, Center for Democracy & Technology, Common Cause, Consumer Watchdog, Electronic Frontier Foundation, Electronic Privacy Information Center, New America's Open Technology Institute and World Privacy Forum. They said some of the suggestions from privacy groups might be “federal baseline legislation, heightened penalties for data breaches, the end of arbitration clauses, the establishment of a privacy agency in the U.S., techniques for data minimization and algorithmic transparency to prevent the secret profiling of American consumers.”
Facebook must be absolutely straight with consumers about how it operates and makes money, said EU Justice, Consumers and Gender Equality Commissioner Vera Jourova at a livestreamed Thursday news briefing. The European Commission said in February that social media companies must do better aligning terms of service with EU consumer protection rules. Facebook and others have made some changes, but Jourova said many people are still unclear about how it makes their data available to third parties or holds full copyright in content posted on the site. The EC gave the company until October to correct all remaining misleading terms and conditions, with all changes to be in place by year's end. "I am becoming impatient" with Facebook, the commissioner said: Talks have been ongoing for about two years but "we cannot negotiate forever." Asked what she'll do if the platform hasn't shown progress around October, Jourova said it will face penalties set by national authorities in 2019. The EC also went after Airbnb, which Thursday committed to making all requested modifications, Jourova said. These included making its prices more transparent and clarifying that consumers can use all available remedies, including suing hosts, in case of damages or personal harm. Facebook wants its terms to be clear and accessible to everyone, a spokeswoman said. It updated its terms of service in May and included the vast majority of changes proposed by the EU Consumer Protection Cooperation Network and the EC, she said: Facebook "will continue our close cooperation to understand any further concerns and make appropriate updates."
Reps. David Cicilline, D-R.I., and Jeff Fortenberry, R-Neb., in a Tuesday letter to Google CEO Sundar Pichai, questioned whether YouTube data collection practices follow child privacy law. The lawmakers cited an FTC complaint from child and privacy advocacy groups alleging YouTube collected and shared personal data “of tens of millions of children in violation” of the Children’s Online Privacy Protection Act (see 1804090036). “YouTube’s terms of services state that the website is not intended for children under 13, but the FTC complaint states that YouTube does not have safeguards to prevent this from happening,” they wrote. “Because YouTube is not for children, we’ve invested significantly in the creation of the YouTube Kids app to offer an alternative specifically designed for children,” a Google spokesperson said. “We appreciate all efforts to protect families and children online and look forward to working with members of Congress to answer their questions.”
Since the EU’s general data protection regulation took effect, more than 5 million people from 200 countries have used new Microsoft privacy tools to manage personal data, Corporate Vice President Julie Brill blogged Monday. American consumers were the largest group on an absolute and per capita basis, she said, which shows there’s a high level of interest from the U.S. in GDPR-like control of personal data.
Twitter distanced itself from app developer Tiny Lab after New Mexico sued both for allegedly violating the Children’s Online Privacy Protection Act (see 1809120041). The complaint said Twitter’s MoPub SDK was embedded in Tiny Lab’s Fun Kid Racing and other apps. “Tiny Lab was suspended from the MoPub platform in September 2017 for violating our policies regarding child-directed apps,” a Twitter spokesperson emailed. “As per our Privacy Policy, MoPub does not permit the MoPub Services to be used to collect information from apps directed to children under the age of 13 for purposes of personalized advertising.”
Consumers should be able to see how and why personal data is used and shared and who it’s being shared with, the Internet Association said Wednesday in releasing six online privacy principles meant to drive the legislative conversation. The tech trade group voiced support for consumers having “meaningful control” of how data is used and shared and better access. Users should be able to correct, request deletion of and transport personal data they share with companies, IA said. It joins a growing list of lawmakers and groups offering privacy proposals (see 1809070049). BSA|The Software Alliance also released a set of privacy principles Wednesday, urging transparency for how platforms handle and share purpose-driven data. Platforms “should provide consumers with sufficient information to make informed choices” and allow them to opt out of data processing “where practical and appropriate,” BSA said.
New Mexico sued Google and Twitter alongside a mobile app developer that the state alleged improperly shared children’s personal data with third parties, violating the Children’s Online Privacy Protection Act. “When children play Tiny Lab’s gaming apps on their mobile devices, their geolocation, demographic characteristics, online activity, and other personal data, are inescapably -- and without verifiable parental consent -- exfiltrated to third parties and their marketing networks in order to target the children with advertisements based on their own personal information,” said Tuesday's complaint (in Pacer) at U.S. District Court for New Mexico. Google knows about and condones Tiny Lab’s illegal conduct by allowing its apps in the Play store, New Mexico said. Google and Twitter SDK was embedded in Tiny Lab’s Fun Kid Racing and other apps, the state said. "These apps can track where children live, play, and go to school with incredible precision,” Attorney General Hector Balderas (D) said Wednesday. “The unacceptable risk of data breach and access from third parties who seek to exploit and harm our children will not be tolerated.” Google took down Tiny Lab’s games on the Play store Tuesday and the game developer is “working to solve the issue as soon as possible,” Tiny Labs said. Tiny Labs isn’t violating COPPA, CEO Jonas Abromaitis wrote. The developer has an age gate to determine users’ age by asking their birthday per FTC guidelines, he said. No data is collected if the user is under age 13, he said. Google and Twitter didn’t comment.