Verizon and USTelecom said the FCC should rely on the Industry Traceback Group as the registered consortium. “The ITG meets the statutory requirements in the TRACED Act and has been acting as the de facto traceback consortium; in that role, it has proven effective in tracing and identifying the source of illegal robocalls,” Verizon said. The ITG did hundreds of tracebacks this year and worked with the FCC and the FTC “to identify providers targeting consumers with COVID-19 scams,” Verizon said. “Providers across the industry are collaborating to determine the source of these harassing and often fraudulent calls and coordinating with providers and government to shut them down,” USTelecom commented. Comments posted Monday in docket 20-22.
A federal judge should unseal electronic surveillance orders and other records in closed investigations, the U.S. Court of Appeals for the D.C. Circuit ruled Tuesday. BuzzFeed News reporter Jason Leopold and Reporters Committee for Freedom of the Press sought to unseal “electronic surveillance orders and related filings in closed investigations.” In a unanimous decision, Judges Merrick Garland, David Tatel and Senior Judge Laurence Silberman reversed a decision by Chief U.S. District Judge Beryl Howell. “The public’s right of access to judicial records is a fundamental element of the rule of law,” Garland wrote for the court. Leopold sought information on pen registers and trap-and-trace devices, which capture metadata from phone calls and messages. DOJ didn't comment.
The National Security Commission on Artificial Intelligence scheduled its first public meeting July 20. The meeting will be via webcast, the commission said. It’s anticipated to begin at 1:30 p.m. EDT. Further details are expected Wednesday. The group sought comment in late May on its final report on ensuring U.S. competitiveness in AI, machine learning and other emerging technologies (see 2005280054).
Voice service providers must maintain records for the most recent date each number is permanently disconnected and must age numbers for at least 45 days after a disconnect before reassignment, effective July 27, after OMB approval last week of the compliance dates, the FCC Consumer and Governmental Affairs Bureau said Thursday. The rules pertain to a Dec. 13 reassigned numbers database order (see 1812130066).
California Consumer Privacy Act enforcement starts Wednesday, Attorney General Xavier Becerra (D) reminded Tuesday. Proposed final rules submitted June 1 to the Office of Administrative Law “are currently pending approval,” the office said. Some raised legal concerns with CCPA (see 2006040046).
California’s proposed privacy sequel is bad for education technology, Software & Information Industry Association President Jeff Joseph said Monday. Californians will vote in November on the California Privacy Rights Act (see 2006250052). CPRA “clarifies and improves some aspects of the California Consumer Privacy Act (CCPA), most notably by alleviating the CCPA’s First Amendment infirmities with respect to publicly available information,” said Joseph. But he said the proposal “can be interpreted to present educational technology companies with an impossible choice: comply with the CPRA, and remove data from school records on student request and breach their contract with the school, thereby jeopardizing the school’s federal funding, or refuse and face liability for breaching the CPRA.” Congress should pass a national privacy law, he said. SIIA earlier raised constitutional concerns with CCPA, to be enforced starting Wednesday.
Sens. Maggie Hassan, D-N.H., and Tom Carper, D-Del., urged the FCC, DOJ and IRS Friday to “aggressively” crack down on robocall scams about the COVID-19 pandemic. They wrote FCC Chairman Ajit Pai, Attorney General Bill Barr and IRS Commissioner Charles Rettig: “Government and industry should always cooperate to fight illegal robocalls, but it is even more critical at a time when so many Americans are facing economic and health concerns.” The senators’ letter to Pai noted FCC recent actions, including a $225 million fine against robocall businesses Rising Eagle Capital and JSquared Telecom and their principals (see 2006090044). Only “a negligible amount of the hundreds of millions of dollars in FCC-levied fines against robocallers since 2015 have been actually been collected by” DOJ, the senators said. “This poor track record raises concerns that scammers using robocalls to deceive consumers and exploit anxiety associated with the COVID-19 public health emergency will be able to act without significant fear of reprisal, and never made to disgorge the ill-gotten proceeds.” The lawmakers sought recommendations whether further legislation is needed “to ensure that the FCC and DOJ work closer together and actually recoup fines that the FCC levies against robocallers.” They want to know whether six gateway providers the FCC and FTC contacted in April (see 2004030052) have cut traffic allowing pandemic-related scam robocalls originating outside the country into the U.S. The two agencies sent a second round of letters to the providers in May (see 2005200053). The FCC, DOJ and IRS didn’t comment.
Wireline, VoIP and mobile phone providers are using a "substantial" variety of proprietary and third-party tools to block unwanted robocalls, the FCC reported Thursday after taking comments. The Consumer and Governmental Affairs Bureau didn't hear of "any instances in which their programs have blocked an emergency call, or a call-back from a Public Safety Access Point to a caller who dialed 911," it said.
California’s privacy law sequel qualified for the Nov. 3 election, with more than 623,212 signatures validated, California Secretary of State Alex Padilla (D) said Wednesday, one day before the deadline to approve ballot initiatives. “We’ve come a long way in the two years since passing the landmark California Consumer Privacy Act, but during these times of unprecedented uncertainty, we need to ensure that the laws keep pace with the ever-changing ways corporations and other entities are using our data,” said Alastair Mactaggart, author of CCPA and the new California Privacy Rights Act. CPRA is “the important next step in ensuring that privacy rights are sustained now and well into the future,” said California Senate Majority Leader Robert Hertzberg (D). Mactaggart sued Padilla over a deadline snafu that could have kept CPRA off the ballot (see 2006120060). In a Friday ruling on that suit, the California Superior Court in Sacramento supported Mactaggart and listed possible remedies. CCPA enforcement starts Wednesday, but it’s unclear if the Office of Administrative Law will approve by then the final rules, submitted earlier this month by Attorney General Xavier Becerra (D), said Wiley privacy attorney Duane Pozza on a Thursday webinar. If not, enforcement would be based solely on the text of the CCPA law, he said. “We’ll have to see what the attorney general does” on the first day of enforcement, he said: Becerra could focus on a few cases, announce broader investigations or send warning letters to businesses that would be “made public and put people on notice about the kinds of things they’re looking at.”
The EU general data protection regulation is generally a success but needs more work, European Values and Transparency Commissioner Vera Jourova said at a Wednesday briefing. The European Commission's two-year assessment found that fears the privacy framework would be "the end of the world" didn't materialize, she said. Seventy percent of Europeans have heard of the regulation but more awareness is needed, she said. The review found the EC approach was correct, with more companies using privacy by design as a competitive advantage, and the one-continent, one-law philosophy enabling more businesses, particularly small and mid-sized ones, to operate in Europe's single market. It included a "serious to-do list," Jourova noted. One key issue is the resources available to national data protection authorities (DPAs). There was a 42% increase in staff and a 49% hike in budgets between 2016 and 2019, but the European Data Protection Board (EDPB) and DPAs must boost cooperation to provide a pan-EU data protection culture, Jourova said. The EC is monitoring DPA resources, said Justice Commissioner Didier Reynders. It's possible some national authorities, such as Ireland and Luxembourg, that handle complex cases involving big tech companies might need more capacity and cross-border cooperation, he said. "Consistent and efficient enforcement of the GDPR remains a priority," said European Data Protection Supervisor Wojciech Wiewiorowski. He proposed creating a shared pool of experts in the EDPB to help DPAs in complex and resource-heavy cases. The EC review was "thorough but critical," said Computer and Communications Industry Association Europe Senior Policy Manager Alex Roure: Two years after becoming law, companies and consumers still "lack clear guidance from enforcers which too often take diverging, national actions." The GDPR "has failed to live up to its promise," proving to be a "complicated, burdensome drain on Europe's digital economy," said Center for Data Innovation Senior Policy Analyst Eline Chivot. The review shines an "unflattering lights" on many shortcomings, yet the EC "seems determined to double down by layering on even more rules."