Three Democrats asked the FTC to investigate Envestnet, operator of No. 1 U.S. consumer financial data aggregator Yodlee. The company sells access to the aggregated financial data, Sens. Ron Wyden, Ore., and Sherrod Brown, Ohio, and Rep. Anna Eshoo, Calif., wrote FTC Chairman Joe Simons Friday. They alleged Envestnet doesn't adequately notify people their personal financial data is being sold, therefore violating the FTC Act: This information "is highly sensitive. Consumers’ credit and debit card transactions can reveal information about their health, sexuality, religion, political views, and many other personal details. And the more often that consumers’ personal information is bought and sold, the greater the risk that it could be the subject of a data breach." The commission confirmed it got the letter but didn't comment. The information is "de-identified transaction data from a diverse and dynamic set of data" and Yodlee doesn't provide "raw data that includes personally identifiable transaction information," responded the platform and its parent. "Envestnet | Yodlee follows all applicable laws regarding the use of consumer data. We have built privacy protection into our enabling technology, business processes and operational procedures."
Google's plan to end third-party tracking cookies on its Chrome browser within about two years (see report, Feb. 15, and here) drew concerns from advertisers Thursday. "It would threaten to substantially disrupt much of the infrastructure of today's Internet without providing any viable alternative," wrote Executive Vice Presidents Dan Jaffe of the Association of National Advertisers and Dick O'Brien from the American Association of Advertising Agencies. They're "deeply disappointed that Google would unilaterally declare such a major change." Their groups will "work with stakeholders and policymakers to ensure that there are effective and competitive alternatives available" and "collaborate with Google in this effort," the officials wrote. They asked the platform to "quickly commit to not imposing this moratorium on third party cookies until effective and meaningful alternatives are available." The company referred us to Tuesday's blog post. It's "pretty explicit that the needs of advertisers and publishers (as well as users) will be addressed," emailed a Google representative Thursday.
Don't ban facial recognition technology due to privacy concerns (see 2001140063), said one witness for Wednesday's House Oversight Committee hearing. Industry "has taken many steps to ensure the safe and responsible deployment," testified Information Technology and Innovation Foundation Vice President Daniel Castro. "Congress should focus on steps to improve oversight and accountability of commercial use of facial recognition technology." Castro said "even narrow bans can have unintended consequences, given the widespread integration of facial recognition technology." Committee staff noted such tech is "increasingly in home security systems, social media sites, shopping malls, and elsewhere for advertising, security, access, photo and video data identification, and accessibility." Committee members of both parties hope to have a bipartisan bill. Chairwoman Carolyn Maloney, D-N.Y., expects one to be introduced and marked up “in the very near future.” Facial identification tech is "just not ready for prime time," said Maloney. “Despite these concerns, we see facial recognition technology being used more and more.” It's "completely unregulated at the federal level,” she noted. Ranking member Jim Jordan, R-Ohio, appreciates "your willingness to work with us on this legislation," he told Maloney at the start of his opening remarks (see 21-minute mark). “All sides are trying to work together." It's a “powerful technology,” with a market of some $9 billion expected by 2022: “We understand and appreciate the great promise that this technology holds.” For him, "the urgent issue” to “tackle ... is reining in the government's unchecked use of this technology when it impairs our freedoms and our liberties.” He cited the First and Fourth amendments. “This issue transcends politics,” Jordan said. He fears a “patchwork of laws” arising from localities. Studies find "significant variance" between facial recognition algorithms, said National Institute of Standards and Technology Information Technology Laboratory Director Charles Romine. "Some produce significantly fewer errors than others." Don't "think of facial recognition as either always accurate or always error prone," he said. The staff memo said the committee held two 2019 hearings on the subject.
Discussion about a federal moratorium on facial recognition technology remains open, House Oversight Committee ranking member Jim Jordan, R-Ohio, told us Tuesday. “I’m hoping we can work out some legislation with the majority party, but we’ve been working on that for a year.” Chair Carolyn Maloney, D-N.Y., “is interested, so we’ll see tomorrow. She seems very interested,” Jordan said. Maloney was elected chair after the death of Rep. Elijah Cummings, D-Md., who was vocal on face-scanning issues. The committee plans a third hearing on the topic Wednesday. There’s “quite a bit of bipartisan consensus,” Rep. Alexandria Ocasio-Cortez, D-N.Y., told us: Jordan “is actually quite passionate about this issue, as well. I think he’s coming from a very similar perspective trying to protect civil liberties and the right to our own face. It goes beyond government accountability.” Rep. Ro Khanna, D-Calif., said he supports a moratorium until he’s convinced the technology won’t be used to profile or discriminate, and so far the evidence hasn’t suggested that. National Institute of Standards and Technology Information Technology Laboratory Director Charles Romine, Future of Privacy Forum Senior Counsel Brenda Leong, New York University AI Now Institute co-Founder Meredith Whittaker, Information Technology and Innovation Foundation Vice President Daniel Castro and Security Industry Association Senior Director-Government Relations Jake Parker will testify. Fight for the Future and Students for Sensible Drug Policy launched a campaign Tuesday to ban facial recognition from university campuses, arguing it decreases “security on campuses, and opens up a pandora’s box of privacy, civil liberties, and equity issues.”
The FTC, Congress and three state attorneys general should investigate whether popular Google Play Store apps are “systematically violating users’ privacy,” consumer groups wrote Tuesday. The groups cited a Norwegian Consumer Council report accusing 10 apps -- Grindr, Tinder, OkCupid, Happn, Clue, MyDays, Perfect365, Qibla Finder, My Talking Tom 2 and Wave Keyboard -- of “sharing information they collect on users with third-party advertisers without users’ knowledge or consent.” American Civil Liberties Union of California, Campaign for a Commercial-Free Childhood, the Center for Digital Democracy, Consumer Action, Consumer Federation of America, Consumer Reports, the Electronic Privacy Information Center, Public Citizen and U.S. PIRG signed. They specifically targeted AGs in California, Texas and Oregon. “Consumers are unable to make an informed choice because the extent of tracking, data sharing, and the overall complexity of the adtech ecosystem is hidden and incomprehensible to average consumers,” they wrote. Clue doesn’t share any users’ health or menstrual cycle data, nor does it sell any user data to any third-party service, including advertisers, “and we never will,” a spokesperson said. “Clue does share anonymised data with carefully-vetted researchers within academic institutions working to improve female reproductive health, and we do so without any financial gain.” MyDays users agree to well-defined transparency and privacy policies “so they can see what happens with the Data and what the User can do about,” a spokesperson said. Google and owners of the other various apps didn’t comment. An FTC spokesperson confirmed receiving the letter.
The Vermont senator behind the state’s net neutrality law is back with an ISP privacy bill. Sen. Virginia Lyons (D) Friday introduced SB-260 to counter Congress' 2017 repeal of 2016 FCC broadband privacy rules. Lyons authored Vermont’s law, currently on hold, to limit procurement to ISPs that follow net neutrality rules (see 1910010044).
The North American Numbering Council is sending draft technical requirements document for a reassigned numbers database administrator to the FCC. NANC members approved an amended version of its draft Monday. Contract Oversight Subcommittee co-Chairman Phil Linse of CenturyLink said the database would function so that when it gets a query of a number and date, it would respond with "yes," "no" or "no data" to show if the number has been permanently disconnected since that date. He said the database would be federally procured and owned, provided through a contract, with updates monthly -- on the 15th or the next available business day. The hourlong meeting had back and forth about whether the scope of the database also covers number resellers having to submit information; the consensus being they do. Also discussed were database capabilities for querying 50 numbers at once, how mistakes would be addressed and whether data updates could be done more frequently. NANC Chair Jennifer McKee of NCTA said the next step is for the FCC to seek public comment. The agency didn't comment about timing. The agency in 2018 directed NANC to make recommendations on reassigned number database technical and operational issues (see 1812120026).
Washington state lawmakers will take another look at their privacy bill (HB-1854) from last year, at a hearing Jan. 17 in the House Innovation, Technology and Economic Development Committee, the panel said Wednesday. State Sen. Reuven Carlyle (D) plans a revival of the Senate version (see 1911190027).
The newly reconstituted FTC, with five commissioners, has been a challenge for staff and the FTC bar, Commissioners Rebecca Kelly Slaughter and Christine Wilson said during a panel Tuesday. “We’re coming in, we’re asking different questions,” Slaughter said: “All of us in different ways are challenging the status quo, how the agency has been doing things, which is good, that’s how we’re supposed to be doing things. … But that also can be challenging for the staff.” Wilson agreed. “For staff it has been a significant adjustment,” she said, noting there were only two members for a long time. “Suddenly, you have five commissioners who are asking a lot of questions,” she said. “It’s especially noticeable in the recommendation memos that come up,” she said: “The questions that I was asking at the beginning are not answered proactively.” The two agreed on the importance of a federal privacy law. The FTC needs more resources, Slaughter said. “The FTC has a budget of just around $300 million” and fewer employees now than 40 years ago, she said: “Compared with the growth of our enforcement mandate, we can’t possibly can’t do all the things we need to do with the resources that we have.” The agency also needs additional authority, Slaughter said. “Federal privacy legislation would be a good thing.” When the California and European laws took effect, “it made very clear that we do need federal privacy legislation because interoperability matters,” Wilson said. “Are we creating an environment in which U.S. companies can operate in this global economy … and how do you facilitate data flows?” Businesses need predictability and clarity and consumers need more transparency on what data is collected and how it’s used, she said.
Congress failed to pass a privacy law in 2019, so consumers are facing a less-than-ideal patchwork of privacy laws from states like California, creating uncertainty for consumers and businesses, said a Washington Post editorial Tuesday evening. “Though its track record doesn't offer much reason for optimism, Congress should do in 2020 what it promised to do in 2019.”