Some 52% of consumers in U.S. broadband households want a telehealth service that uses data from connected health devices, reported Parks Associates Monday. The number rises to 71% for people who have experienced COVID-19 symptoms. "Many consumers are using telehealth out of necessity and for the first time," said analyst Jennifer Kent.
A Washington state Senate panel cleared a privacy bill 12-1 at a virtual meeting Thursday. Environment, Energy and Technology Committee ranking member Doug Ericksen (R) voted no to Chairman Reuven Carlyle’s (D) SB-5062. Ericksen proposed and withdrew amendments to require opt-in consent for collecting data and to add a private right of action. The committee unanimously adopted a substitute amendment with changes including an exemption for air carriers and the state judicial branch. At a hearing last week, some raised concerns about the bill’s opt-out approach and lack of private right to sue (see 2101140047). Later in the meeting’s hearing phase, cities opposed -- and the wireless industry took no position on -- SB-5110, meant to increase internet access by modifying permitting and other local telecom requirements. CTIA would work with Ericksen to better align the bill with federal wireless infrastructure rules, said Assistant Vice President-State Legislative Affairs Beth Cooley. CTIA also opposes Ericksen’s SB-5112 to require that ISPs give customers free VPN service, because it’s preempted by the Communications Act and unnecessary in a competitive market, said Director-State Legislative Affairs Lisa McCabe.
Draft standard contractual clauses (SCCs) for data transfers to third countries offer stronger protections for data subjects but still need tweaking, EU data privacy watchdogs said. The European Data Protection Board and European Data Protection Supervisor welcomed proposed European Commission proposals aimed at addressing some key issues in the European Court of Justice Schrems II judgment, which annulled Privacy Shield (see 2009100001). Some text "could be improved or clarified," including the scope of the SCCs, obligations for onward transfers and aspects of the assessment of third-country laws on access to private data by public authorities. Changes should ensure EU citizens' personal data receives an "essentially equivalent" level of protection when it's transferred to third countries, said EDPS Wojciech Wiewiorowski.
Flo Health, developer of a popular women’s fertility-tracking app, misled users and improperly shared users' sensitive health data with third-parties including Facebook and Google, the FTC alleged in a 5-0 settlement announced Wednesday. Despite promises to keep the data private, Flo “disclosed health data from millions of users of its Flo Period & Ovulation Tracker app to third parties that provided marketing and analytics services to the app, including Facebook’s analytics division, Google’s analytics division, Google’s Fabric service, AppsFlyer, and Flurry,” the FTC said. Commissioners Rohit Chopra and Rebecca Kelly Slaughter dissented in part, saying the agency should have charged the company with violating the Health Breach Notification Rule, for which the agency has never brought action. Commissioner Noah Phillips disagreed with the Democrats: “We have never applied the Rule to a health app such as Flo in the past, in part because the language of the Rule is not so plain. And I do not support announcing such a novel interpretation of the Rule here, in the context of an enforcement action.” The company faces civil penalties of up to $43,792 for any future violations. Flo didn’t share usernames, addresses or birthdays, a spokesperson emailed, noting the settlement included no admission of wrongdoing: “We do not currently, and will not, share any information about our users’ health with any company unless we get their permission. We have a comprehensive privacy framework with a robust set of policies and procedures to safeguard our users’ data.” The consent order includes a company compliance review, the spokesperson added.
Comments are due Feb. 1 on ways to implement voluntary adoption of robocall mitigation recommendations by the FCC Hospital Robocall Protection Group, said a public notice in Tuesday's Daily Digest (see 2012140035). The Consumer and Governmental Affairs Bureau is seeking comment in docket 21-7 on whether dividing best practices into "prevention" and "mitigation" categories has any impact on how voluntary adoption can be facilitated.
Everalbum “deceived consumers” about face scanning technology and retention of user photos and videos, the FTC alleged in a 5-0 settlement with the photo app developer, which the agency called a first-of-its-kind enforcement action. The developer enabled face scanning by default for all mobile app users when it launched a 2017 feature and misled users from 2018-19 about consent, feature activation and turning it off, the FTC alleged. The company allegedly failed to delete photos and videos from deactivated accounts when it promised to remove the content. The company faces a $43,280 fine per future violation and is required to delete content from deactivated accounts. The agency should “take further steps to trigger penalties, damages, and other relief for facial recognition and data protection abuses,” said Commissioner Rohit Chopra. He suggested the commission could issue a rule under Section 18 of the FTC Act to better seek first-offense penalties. He noted users in Illinois, Texas and Washington were “treated with greater care, due to state protections on facial recognition.”
The North American Numbering Council should establish a working group to "pinpoint the operational hurdles" that may arise with providing location information stemming from a 988 suicide hotline call, NTCA told the FCC Wireline Bureau Monday in docket 18-336 (see 2010190058). NTCA said routing calls to a local crisis center would let callers access local resources and allow mobilization of emergency services. "Ensuring that accurate location information is conveyed with a 988 call, and that such calls are routed properly to the appropriate local crisis center, will involve multiple stakeholders and technological hurdles," NTCA wrote, citing potential issues in remote areas in Alaska and on tribal lands. The group also raised privacy concerns. NANC meets Feb. 4 (see 2012310029).
The FCC Enforcement Bureau issued a NPRM Monday proposing to streamline the process for reporting Telephone Robocall Abuse Criminal Enforcement and Deterrence (Traced) Act violations. Comments are due Feb. 3, replies Feb. 18 in docket 20-374.
It could be well into 2023 before the government faces Google in U.S. District Court in Washington. At a Friday telephonic hearing, Judge Amit Mehta set a Sept. 12, 2023, trial start date for DOJ and states’ antitrust lawsuit against Google. Mehta said he's “anxious” to get Thursday’s separate antitrust complaint against Google by 38 attorneys general (see 2012170063) on the same discovery schedule for efficiency. Google attorney John Schmidtlein agreed the new case should be assigned to Mehta and consolidated with the first case for discovery, but Google isn’t ready to take a position on whether trials should be combined. On states’ new case, Mehta asked Google to say by Jan. 8 if it will answer the complaint or file a motion to dismiss; the judge set a status hearing for Jan. 21 at 11 a.m. The parties proposed (in Pacer) a scheduling and case management order Dec. 11 and agreed (in Pacer) to a protective order last Monday. Google said (in Pacer) Thursday it doesn’t oppose California joining as a plaintiff in the DOJ case, which Michigan and Wisconsin on Thursday also asked to join. Texas and nine other states separately sued Google Wednesday at U.S. District Court in Sherman, Texas (see 2012160059).
Google's proposed acquisition of Fitbit can proceed, with conditions, the European Commission said. There was an investigation of the transaction and the companies' complementary activities, it said Thursday. Fitbit has limited market share in the smartwatch segment in Europe, where there are many larger rivals, such as Apple, Garmin and Samsung, so the acquisition will lead to "very limited horizontal overlaps," the EC said. The probe focused on data collected by Fitbit wearable devices and the interoperability of those devices with Google's Android operating system for smartphones. The EC was concerned Google would acquire Fitbit's database on users' health and fitness, plus the technology to develop a similar database, making it hard for rivals to match Google's services in online search advertising. Other worries were that Google might restrict competitors' access to Fitbit's web application programming interface, to the detriment of European startups in the emerging digital healthcare space, and that Google could put competing makers of wearable wrist devices at a disadvantage by degrading their operability with Android smartphones. Google has offered commitments on advertising, web API access and Android APIs to run for 10 years and be monitored by a trustee to be appointed before the transaction closes, the EC said. "This deal will spur innovation in wearable devices and enable us to build products that help people lead healthier lives," emailed a Google spokesperson. "We understand that regulators wanted to look closely at this transaction, and we have worked constructively with them to resolve their concerns, including the set of legally binding commitments the" EC accepted. The spokesperson cited his company's past "assurances" about the takeover and privacy and working with other stakeholders.