The Senate Commerce Committee scheduled its third data privacy hearing of the year at 10 a.m. May 1 in G50 Dirksen, as expected (see 1904190043). Witnesses are Ireland Data Protection Commissioner Helen Dixon, American Civil Liberties Union Senior Legislative Counsel Neema Singh Guliani, Future of Privacy Forum CEO Jules Polonetsky and Common Sense Media CEO Jim Steyer. The hearing is to focus on consumer privacy expectations, industry data processing, informational resources for consumers and potential U.S. data privacy rights.
California lawmakers pushed along anti-robocalls bills to combat caller ID spoofing. The Assembly Judiciary Committee voted 12-0 Tuesday to clear AB-1132, and the Senate Judiciary Committee voted 8-0 Monday to clear SB-208. The bills are moving despite concerns by industry of state bills diverting attention from solving the problem (see 1903270039).
House Commerce Committee leaders pressed Google CEO Sundar Pichai Tuesday to explain reports the tech company is maintaining “a massive database of precise location information on hundreds of millions of consumers,” including “practically every customer with an Android mobile device” as far back as 2009. The New York Times reported it's internally called Sensorvault. The “potential ramifications for consumer privacy are far reaching and concerning when examining the purposes for the Sensorvault database and how precise location information could be shared,” wrote House Commerce Chairman Frank Pallone, D-N.J.; ranking member Greg Walden, R-Ore.; House Consumer Protection Subcommittee Chair Jan Schakowsky, D-Ill.; and ranking member Cathy McMorris Rodgers, R-Wash. “We would like to know the purposes for which Google maintains the Sensorvault database and the extent to which Google shares precise location information from this database with third parties.” The lawmakers sought a Google briefing by May 10 and responses to their questions by May 7. They want Google to tell them what information the company stores in the Sensorvault database, who is able to access the database and if it maintains other databases of precise location information. The lawmakers want to know how accurate the Sensorvault location information is and what privacy controls Google has. The company didn't immediately comment.
The FTC doesn’t have proper tools or resources to regulate the data broker industry, Intel Global Privacy Officer David Hoffman wrote Tuesday. Data brokers identify as technology companies but are nothing more than “malicious profiteers” weaponizing and monetizing data, he said. The agency has difficulty extending Section 5 of the FTC Act to regulate data brokers, which gather sensitive information without directly interacting with consumers, Hoffman wrote. The agency lacks proper rulemaking authority, and the “teeth” needed to incentivize proper handling of data, Hoffman wrote, citing recent comments to the agency. The Association of National Advertisers' Data Marketing and Analytics Division didn't immediately comment.
The FTC should hold CEO Mark Zuckerberg personally liable for future privacy violations in any consent agreement the agency strikes with Facebook in its Cambridge Analytica probe, Sen. Ron Wyden, D-Ore., wrote Tuesday. He cited Zuckerberg’s personal control over the company, and the agency’s authority to hold him accountable. Wyden said Zuckerberg and the company should face “significant and material” penalties, if “any future violations occur.” Wyden previously proposed privacy legislation carrying penalties for executives (see 1811010044). The FTC said it received the letter but didn’t comment.
Senate Commerce Committee lawmakers are eyeing the first week of May for a privacy hearing, lobbyists told us. This would be the third privacy-related hearing for members (see 1902270048 and 1903260068). One lobbyist said to expect the potential hearing to feature consumer groups, as the first two hearings were mostly industry-driven. The committee didn’t comment Friday.
Federal privacy legislation should bar racial, gender and sexual orientation discrimination for employment, housing, credit and education, 26 civil society groups wrote Congress Friday. The groups argued for legislation that doesn’t pre-empt stronger state laws, provides enforcers with rulemaking authority and establishes a private right of action. The Center for Digital Democracy, Color of Change, Common Cause, National Hispanic Media Coalition, New America's Open Technology Institute, Public Citizen and Public Knowledge signed the letter to Senate and House Commerce Committee leaders.
Facebook “unintentionally” collected the email contacts of as many as 1.5 million users without consent, the company said Thursday, citing a design flaw from 2016. The issue stems from the platform verifying new accounts via user email passwords. When the verification process was altered in May 2016, language informing users of email contact collection was removed, though the uploading continued. The company ended email password verification for new users earlier this month, a spokesperson said. “These contacts were not shared with anyone and we're deleting them,” the company said, noting that affected users will be notified.
“So much for privacy,” Sen. Josh Hawley, R-Mo., tweeted Tuesday in response to an NBC News report that Facebook allegedly leveraged user data as a “bargaining chip” against competitors. Six4Three, creators of the Pikinis app, “cherry picked” documents cited in the story, a Facebook spokesperson said. The app developer sued Facebook in 2015 over the company’s plan to end access to certain types of user data. “The documents were selectively leaked as part of what the court found was evidence of a crime or fraud to publish some, but not all, of the internal discussions at Facebook at the time of our platform changes,” the spokesperson said. “But the facts are clear: we've never sold people’s data.” The report confirms Facebook used data control to undermine competitors, Rep. David Cicilline, D-R.I., tweeted, saying this pattern of “thuggish behavior” merits an FTC antitrust investigation. Digital Content Next CEO Jason Kint said it would be a “disgrace not to open up antitrust investigation” against Facebook.
The Internet Society’s Online Trust Alliance (OTA) gave its highest overall audit security and privacy scores to consumer-facing U.S. government websites and its lowest to healthcare sites, it said Tuesday in its ranking of seven industries. OTA said the healthcare industry ranked second in terms of privacy, but its last-place ranking was “largely due to sparse adoption of email authentication and always-encrypted sessions.” Overall, the audit found increased encryption, with 93 percent of sites encrypting all web sessions, compared with 52 percent in 2017, and more email authentication. “Almost every sector improved its security and privacy practices, and the record scores reflect that,” said Jeff Wilbur, OTA technical director. “The U.S. Government in particular made stunning improvements, from near last in 2017 to top of the class in 2018. Unfortunately, some sectors still have a long way to go to demonstrate acceptable security and privacy practices.”