A website operator that embedded a Facebook "Like" button is subject to EU data protection law, the European Court of Justice (ECJ) ruled Monday. The case, Fashion ID GmbH & Co. KG v. Verbraucherzentrale NRW eV (Case C-40/17), involved a challenge by a German consumer rights organization against Fashion ID, a German online clothing retailer. The seller embedded the "Like" plug-in supplied by Facebook Ireland on its website, causing visitors' browsers to automatically send information about their IP address and browser string to the social media platform, the court said. Those transmissions took place without users having to click on the button, and also allowed Facebook to place cookies on users' devices. The consumer group sued in a national district court to force Fashion ID to stop integrating the plug-in. The case was later referred to the ECJ for interpretation of several provisions of the former data protection directive as replaced by the general data protection regulation (GDPR). Among the court's findings: A website operator that embeds a third-party plug-in on its website resulting in the collection and transmission of a user's personal data is considered a data controller with joint responsibility (here with Facebook) for operations for which it co-decides on the means and purposes for processing the data and a data subject's consent obtained under the directive must be given to a website operator that has embedded the content of a third party. The case is "quite significant," tweeted Hogan Lovells (London) data protection lawyer Eduardo Ustaran. In practice, he added, all website operators using such cookies should contractually apportion responsibilities for the data collection and processing consider which GDPR lawful ground applies, and then explain those data uses in their privacy or cookie policies.
About three-quarters of U.S. adults worry that their financial and personal data will be hacked (74 percent), don’t want online data being used to make content and advertising more relevant (75 percent), or for commercial purposes (76 percent), according to Internet Innovation Alliance survey released Thursday. Additionally, 72 percent favor a single, nationwide online data privacy law, it said. The survey also found the views of millennials “remarkably aligned with older adults on data privacy issues,” said Rick Boucher, IIA honorary chairman. CivicScience did the survey of more than 8,000 consumers in April.
Noah Rafalko of MessageComm, a new association “laser focused on growing a healthy messaging ecosystem,” met with FCC officials, posted Friday in docket 03-251. It gave "unbiased education regarding the SMS (Short Messaging Service, AKA-Text Messaging)," the filing said. “Completion of consensual communications requested by Consumers on toll free numbers. Impacts occurring to public safety, the 833 auction, and privacy."
Wireless carriers supported broad implementation of Shaken/Stir and said a safe harbor, based on the use of reasonable analytics, is critical. Companies concerned about reaching customers urged the FCC to build in safeguards that make sure only illegal and unwanted calls don’t get through. Some comments closely tracked concerns raised at the FCC’s recent summit on secure handling of asserted information using tokens (Shaken) and secure telephone identity revisited (Stir) (see 1907110023). Comments were due Wednesday in docket 17-59. Mandate providers don’t block calls “until the SHAKEN/STIR framework has been fully implemented,” filed healthcare providers, pharmacies, electric utilities, grocers, retailers and banks and other financial services providers. Then, “permit Providers to block only calls that have not been properly authenticated under the framework or those that have been authenticated, but where the Provider has concluded with a high degree of certainty that the call was placed illegally." CTIA commented, “A properly tailored safe harbor will help calling parties deliver the calls consumers want and will help voice service providers meaningfully reduce the number of illegal and unwanted calls.” If not all providers implement Shaken/Stir, Verizon said the agency should require them to do so.
ITTA is concerned about the Lifeline representative accountability database and how Universal Service Administrative Co. "will store and safeguard" data, which could include member employees' personally identifiable information, said an FCC filing posted Wednesday in docket 17-287 about a meeting this week with Nirali Patel, adviser to FCC Chairman Ajit Pai. ITTA representatives also met with Wireline Bureau officials over the matter in June (see 1906140022).
CTIA released updates to messaging principles and best practices, first issued in 2017. “The updates clarify that organizations should obtain opt-in consent before sending text messages,” CTIA said Friday: Americans send 63,000 texts a second. Three percent of texts are considered spam.
Advocates want future Senate Judiciary Committee tech task force meetings public. "We can no longer let industry groups and ineffective agencies decide how much privacy Americans may have," said a Friday letter to Sen. Marsha Blackburn, R-Tenn., asking consumer voices be included. It backed baseline federal privacy legislation creating an “independent data protection agency.” Signers included the Electronic Privacy Information Center, Campaign for a Commercial-Free Childhood, Center for Digital Democracy and Consumer Action. Blackburn’s office contacted the advocacy groups and plans to organize a meeting, an aide said Friday. It’s undecided whether future task force meetings will be public or if advocates will be involved.
The FCC Consumer and Governmental Affairs Bureau sought comment Thursday on a petition by Paul Armbruster, a consumer in Phoenix who asserts subscribers should have the right to revoke consent from receiving unwanted text messages under the Telephone Consumer Protection Act. “The FCC record is clear,” Armbruster petitioned: “The ‘common carrier exemption’ is an exemption from the need for cell service providers to obtain prior express consent before sending certain text messages. That exemption does not affect a consumer’s right to ‘revoke consent at any time and through any reasonable means.’” Comments are due Aug. 19, replies Sept. 3 in docket 02-278.
Facebook’s 27 Libra partners should walk away, consumer advocates wrote Thursday, citing money-laundering, privacy and terrorism concerns. Open Markets Institute, Public Citizen, Demand Progress Education Fund and Revolving Door Project signed. “Private currencies endanger sovereign power,” OMI Chief of Staff Laura Hatalsky said. “Unless we want to be pledging allegiance to Mark Zuckerberg, the Libra project needs to be put to an end.” Facebook didn’t comment. This week saw two congressional hearings on Libra (see 1907170058).