It’s important that U.S. agencies develop a replacement for the EU-U.S. Privacy Shield and ensure stable, reliable data transfer mechanisms, House members wrote the FTC and Commerce Department Friday. Led by Reps. Peter Welch, D-Vt.; Darin LaHood, R-Ill.; and Suzan DelBene, D-Wash., the group said it’s encouraged by U.S. officials initiating discussions with EU counterparts: “We appreciate that the US and EU share a commitment to privacy and the rule of law and share a recognition that the ability to transfer data across borders is vital to our citizens and our economies.” BSA|The Software Alliance welcomed the letter. The FTC confirmed it received the letter but didn't comment. The DOC didn’t comment.
Anthem agreed to a $39.5 million settlement with 43 states for the health insurer’s 2014 data breach involving information of nearly 80 million Americans (see 1502050030), state attorneys general said Wednesday. Anthem agreed to strengthen data security and governance practices, including a prohibition against misrepresenting how much it protects privacy and security of personal information. The company will implement a comprehensive security program, including zero-trust architecture principles and regular reporting to the board and CEO, and will receive third-party security assessments and audits for three years. It's glad to resolve the last open investigation related to the cyberattack, the company said: “Anthem does not believe it violated the law in connection with its data security and is not admitting to any such violations.”
COVID-19 tracing apps must overcome “significant hurdles,” said GlobalData Tuesday, citing issues with the U.K.’s recently released National Health Service app. Current versions can’t account for factors that reduce transmission risk, such as wearing masks, said the researcher, and false positives are possible because Bluetooth can penetrate thin walls. A key goal of contact tracing apps is to reduce tracing delay and increase coverage without having to hire thousands of workers, but there’s little evidence current apps are effective, it said. France’s app was released June 2, but just 3% of that population had downloaded it by mid-August. Research suggests at least 56% of a population needs to use a contact tracing app for it to be effective, said analyst Dominic Tong. Accuracy and concerns over privacy may have contributed to low uptake, Tong said: “Consumers may be worried that the data collected could be used to track them, while experts fear that smartphone-based solutions may exclude vulnerable populations that need them the most." The apps could be a precursor to healthcare solutions where smartphones and wearables let doctors monitor the health status of patients in real time, he said.
Sen. Ron Wyden and three other Oregon Democrats sought answers Friday from the Department of Homeland Security about reports it spied on Portland protesters’ cellphones this summer. "Congress has a responsibility to investigate,” Wyden, Sen. Jeff Merkley and Reps. Earl Blumenauer and Suzanne Bonamic wrote acting DHS Secretary Chad Wolf. They asked for information by Oct. 9, including why DHS hasn’t responded to a July 31 letter from Wyden and six members of the Senate Intelligence Committee asking to confirm the accuracy of then-acting DHS Undersecretary-Intelligence and Analysis Brian Murphy's July 23 statement during a briefing for committee staff that the department “neither collected nor exploited or analyzed information obtained from the devices or accounts of protesters or detainees.” The lawmakers now asked Wolf to detail any instances in which DHS, “whether directly, or with the assistance of any other government agency, obtained or analyzed data extracted from phones of protesters in Portland” and whether the department “obtained or analyzed data collected through the surveillance of protesters’ phones.” They want to know if the agency “used commercial data sources.” The department didn’t comment.
The inspector general should investigate the Internal Revenue Service's “use of a commercial location tracking service without a court order,” said Sens. Ron Wyden, D-Ore., and Elizabeth Warren, D-Mass., Thursday. IRS officials told Senate staff the agency used a commercial surveillance database provided by Venntel to “search for information about Americans’ phones without a court order and had received approval to do so from the agency's lawyers,” Wyden said. The IRS allegedly subscribed to the service in 2017 and 2018 but failed to respond to several Senate requests for legal justification. IRS Criminal Investigation used the tool on a limited basis for a year in an effort to “identify unknown suspects through cross-referencing data points of identified criminal activity locations and times,” a spokesperson emailed. “CI only deployed this tool in significant money laundering, cyber, drug and organized crime cases.” After one year, IRS discontinued the tool because it didn’t benefit investigations, the agency said: “CI takes the privacy of citizens very seriously” and follows all relevant laws.
The Pennsylvania Senate voted 48-0 for anti-spoofing legislation Monday. SB-764 follows up on an anti-robocalls measure the state enacted last year (see 2006090007). It goes next to the House.
The FCC sought comment by Sept. 25, replies Oct. 2 on the National Association of Chain Drug Stores petitioning for clarification that drugstore communications about COVID-19 vaccines, “once available, and flu vaccines during the pandemic” fall under Telephone Consumer Protection Act “emergency purposes” exception, said a Consumer and Governmental Affairs Bureau public notice Friday on docket 02-278.
The Senate Commerce Committee plans a hearing on the need for federal privacy legislation, with former FTC officials at 10 a.m. Wednesday in 253 Russell. Former Chairmen Jon Leibowitz and William Kovacic, former Commissioner Julie Brill and former acting Chair Maureen Ohlhausen will testify.
The robocall order approved by FCC commissioners in July (see 2007160045) takes effect Oct. 14, says Monday's Federal Register. It provides two safe harbors from liability for blocking calls and takes other steps.
Rep. Suzan DelBene, D-Wash., touted her Information Transparency and Personal Data Control Act during an episode of FCC Commissioner Jessica Rosenworcel’s podcast released Thursday. HR-2013, which DelBene filed in 2018 (see 1809200030), would require companies to get opt-in consent to collect and share user data. The measure would also allow state attorneys general to obtain injunctive relief for violations (see 1912060035). “We should be in control of our personal information,” DelBene said during the podcast. “We should know when we are signing up for a service or participating using a product or an app on your phone, that you understand what’s going to happen to any data, what data is being collected.” Companies’ privacy policies should be “described in what we call plain English, right, something that’s not just legalese where a lot of people click 'accept' right now,” she said. “We also need enforcement, because there’s really not clarity of who’s going to enforce data privacy legislation. We talk about the [FTC] as being the place that would provide that enforcement, as well as states’ attorneys general.”