Maine Gov. Janet Mills (D) signed an ISP privacy bill Thursday countering Congress' 2017 repeal of 2016 FCC broadband privacy rules. The legislature last week passed LD-946 on a bipartisan basis, including a unanimous Senate vote (see 1905300049). “Maine people value their privacy, online and off,” Mills said. “With this common-sense law, Maine people can access the internet with the knowledge and comfort that their personal information cannot be bought or sold by their ISPs without their express approval.” The law takes effect July 1, 2020, to give ISPs time to comply, the governor’s office said. Maine’s action got kudos from Georgetown Law Institute for Technology Law & Policy's Gigi Sohn. “The cable and broadband industry sent a parade of high-powered and highly-paid Washington, DC-based lawyers to Augusta in an effort to defeat this bill, using the same arguments they used to kill the FCC’s sensible and popular 2016 broadband privacy rules,” she said in a statement. “But Maine legislators believed that protecting their constituents’ privacy was paramount and moved expeditiously to do so.” Sohn hopes the state action spurs Congress “to pass long overdue comprehensive data privacy legislation.” The American Civil Liberties Union also supported the bill. The FCC and some national ISP associations didn't comment. A Maine net neutrality bill limiting state contracts is nearing final passage (see 1906040042).
G20 trade ministers convening this month in Osaka, Japan, “should support enabling frameworks for open trade in an increasingly digital global market,” said the Computer & Communications Industry Association, Internet Association and seven other tech groups Wednesday of “recommended outcomes” for the June 28-29 summit. To “facilitate” digital trade, the G20 should recognize the need for all countries to support a permanent World Trade Organization “moratorium against customs duties on electronic transmissions,” said the groups. “Approaches to data governance that fail to include such commitments should be discouraged.” The G20 should also “ensure that any new approaches to content regulation are made pursuant to comprehensive dialogue with meaningful opportunities for input by industry and civil society,” they said. The tech industry “recognizes the importance of building trust online to strengthen consumer confidence in digital trade,” they said. “Industry supports baseline privacy and consumer protection rules.” Prioritize "research and investment” in artificial, automation and “algorithmic data analysis” technologies, they asked. “Frameworks regarding the governance of these technologies should be adaptable to account for the future stages of the technology and should be designed to protect users from demonstrated, rather than speculative harms.”
Firefox added tracking protection as a default for new users, Mozilla said Tuesday. That protects "users from the pervasive tracking and collection of personal data by ad networks and tech companies,” blogged Peter Dolanjski, project lead. “The complexity of privacy settings shouldn’t be placed on users to figure out. The product defaults should simply align with consumer expectations.” Dolanjski said the company expects “to deliver the same functionality to existing users over the coming months,” though current users can turn on the function in settings. “Competition between products that respond to different consumer preferences serves consumers better than heavy-handed regulation,” said Computer and Communications Industry Association CEO Ed Black. “This action expands the choices consumers have when it comes to online privacy.”
Congress should pass and the FTC should adopt a federal privacy regulation pre-empting state privacy and data breach laws absent a private right of action, Business Roundtable wrote the agency Friday in docket 2018-0098. The association deferred to Congress on whether the FTC should have rulemaking authority. ISPs are “sufficiently different” from other online companies to merit privacy rules “tailored to them,” OTI said in separate comments on privacy. OTI cited a New School Digital Equity Laboratory report showing ISPs “generally employ language that is legally vague, with little specificity into their data practices for collection and use.” Disclosure about how data is used and shared is also lacking, OTI said. Users should have the right to access, correct, delete and port data, Companies should be restricted from using data for secondary and discriminatory purposes, OTI said.
Congress was clear in its intent when it enacted the Telephone Consumer Protection Act and courts ignoring that, as well as the abusive practices it was trying to prevent, would be "dispiriting beyond belief," the 4th U.S. Circuit Court of Appeals said Thursday. It upheld a $61 million class-action TCPA verdict against Dish Network. The docket 18-1518 order rejected Dish arguments challenging the class certification and Dish liability for improper calls placed by a telemarketing firm it hired, Satellite Systems Network. The decision by Circuit Judges Harvie Wilkinson and Robert King and U.S. District Judge Irene Berger sitting by designation was written by Wilkinson. Dish didn't comment Friday.
Iconectiv will have the job of applying and enforcing secure telephone identity (STI) governance authority rules to make operational the signature-based handling of asserted information using tokens (Shaken) framework for call authentication, ATIS announced Thursday. The company will be charged with trying to ensure STI certificates are available only to authorized service providers and that STI Certification Authorities work to maintain the integrity of the Shaken framework. It's "a major milestone in putting SHAKEN into action, a top industry priority critical to restoring trust in the voice network,” said ATIS CEO Susan Miller. FCC Chairman Ajit Pai looks forward to Shaken/secure telephone identity revisited framework deployment by major carriers later this year as a route to cracking down on caller ID spoofing and unwanted robocalls. Commissioner Jessica Rosenworcel tweeted that 5 billion robocalls "is BONKERS" and the agency needs "to bite the bullet and require [call authentication technology] NOW." The FCC previously gave Iconectiv a number portability contract that Neustar previously had.
The FTC should sign a privacy compact with the public that protects physical and digital data equally, Starry said Wednesday. It wrote the agency that the agreement should also require data collectors to transparently disclose what data is collected and how it’s shared. Consent, or “permission,” must be obtained, and personal data collection should be minimized, the wireless ISP said. Users have a right to collect their data in a shareable format and delete any information a collector holds, the company said.
The California Assembly passed four privacy bills Tuesday and sent them to the Senate. Members voted 56-13 for AB-1202 to require data brokers to register with the California attorney general, giving the AG enforcement authority for violations of registration requirements. The Assembly voted 69-4 for AB-846 to make exceptions in the California Consumer Privacy Act for customer loyalty programs. Members voted 61-10 for AB-523, responding to reports that wireless carriers sold customers’ real-time data location, and 44-6 for AB-1395, meant to stop smart speakers from saving, storing or exchanging recordings with a third party, regardless of whether the device was triggered using a key phrase like “OK Google,” unless the consumer opts in. The Assembly passed two industry-favored bills tweaking CCPA last week (see 1905230051).
Kathy Castor is taking the lead on children’s privacy issues for House Democrats crafting comprehensive privacy legislation, House Consumer Protection Subcommittee Chair Jan Schakowsky, D-Ill., told us Thursday. Schakowsky hosted a “very substantive meeting” Wednesday with Democratic subcommittee members to discuss potential bill elements. Various members want to “take responsibility” on specific issues, Schakowsky said, like the Children's Online Privacy Protection Act with Castor. The Florida Democrat told us she wants to weigh in “very substantially” on the privacy bill but didn’t elaborate. Schakowsky said she will be “stepping up” meetings with Republicans on privacy soon. She said members left the subcommittee discussion “feeling like it’s beginning to gel.”
Sen. Chris Coons, D-Del., suggested Amazon misrepresented the control Echo smart speaker users have in deleting audio data from interactions with Alexa. According to a letter Coons sent CEO Jeff Bezos Thursday, the company told Coons and then-Sen. Jeff Flake, R-Ariz., in July that users can review and delete audio recordings from Alexa interactions, removing them from company servers. Coons cited recent reports claiming Amazon indefinitely retains transcripts of the audio interactions, meaning user control over audio is meaningless. “The inability to delete a transcript of an audio recording renders the option to delete the recording largely inconsequential and puts users’ privacy at risk,” Coons wrote. He asked Bezos if the claims are accurate, why users can’t delete such transcripts and what purpose the transcripts serve. The company is reviewing the letter, a spokesperson said Friday. Customers have "complete control over" the voice recordings, and can manage and delete recordings online: "When a customer deletes a voice recording, we also delete the corresponding text transcript associated with their account from our main Alexa systems and many subsystems, and have work underway to delete it from remaining subsystems.”