Sen. Jerry Moran, R-Kan., questioned whether a new privacy law should include “strong guardrails” to limit FTC rulemaking authority. Such limits might preserve certainty for consumers, Moran wrote small-business representatives in questions for the record related to a recent Senate Consumer Protection Subcommittee hearing (see 1903260068). Consumers would benefit from Congress “providing clear and measureable requirements in statutory text” while also including FTC rulemaking authority “to account for evolving technological developments,” he wrote. Is there value in including guardrails around rulemaking authority “to preserve the certainty to the consumers that we aim to protect?” Moran asked witnesses. Moran also asked for “resource-based recommendations … to ensure that the FTC has the appropriations it needs to execute its current enforcement mission.” As a Senate Appropriations Subcommittee member, Moran said he wants to understand resource needs better before “providing additional authorities.” Moran also asked about defining entities that small businesses share data with. Small businesses share information with third parties that provide “essential business services, like credit card processing,” he said, asking if there should be a distinction between service providers and other third parties.
The Electronic Piracy Information Center is concerned about Customs and Border Protection use of personally identifiable information in cargo screening. "Although CBP claims that risk scores are only used on cargo and not individuals," the impact of cargo holds or screening affects individuals, EPIC commented on the 21st Century Customs Framework, posted Friday in docket 2018-0045-0044. "It is imperative that the methods -- now mostly secret -- and factors used in making targeting assessments are made public, and that the system is governed by ethics and accountability." The agency should adopt the "Universal Guidelines for Artificial Intelligence," the group said.
As the newspaper examines privacy practices, it's turning its gaze inward, too, wrote New York Times Publisher A.G. Sulzberger as part of the initiative that posted numerous opinion pieces Wednesday and Thursday. The company has "significantly reduced the amount and type of data shared with social media companies. We put in place stronger controls to limit data shared with third parties through advertisements," he wrote. He said the paper averaged 24 web-tracking "cookies" in articles on a single topic, five more than Financial Times reports on the same topic and fewer than half that of The Washington Post and News Corp.'s The Wall Street Journal, and compared with 83 at AT&T's CNN and 100 at Gannett's USA Today. The Times' control over data from the cookies "is often more limited than it seems because, in many cases, the news organizations that host the trackers don’t know what happens with that information once it is transferred to third parties," Sulzberger wrote. The Internet Association declined to comment. Later Thursday, FCC Commissioner Jessica Rosenworcel recommended another opinion piece in the package. "While we may have zero privacy, it doesn’t mean that we have given up our right to control our digital selves," said the commentary by Kara Swisher. "As tech marches on, that might be the one right that needs to be protected most of all." Swisher sought a national privacy law that's not as stringent as some European rules. Later, we couldn't find Rosenworcel's tweet, and her office confirmed that she accidentally deleted it.
Congress should enact a federal privacy framework that emphasizes user control of data and requires opt-in consent for collection, said Charter Communications Senior Vice President-Policy and External Affairs Rachel Welch Wednesday. The new policy should strengthen the current notice and consent regime, not replace it, Welch wrote, emphasizing a need for transparency. Consumers will lose confidence in their online experience if they don’t have direct control of data, she said. She spoke Wednesday at an FTC privacy hearing (see 1904090073).
Some compliance dates related to an FCC reassigned phone number database (see 1903260016) remain pending, the agency corrects in Thursday's Federal Register. Compliance won't be required for sections 52.15(f)(1)(ii) and (f)(8), 52.103(d), and 64.1200(l)(1) and (2) until FR publication announcing the compliance dates. The database is meant to reduce illegal robocalls.
Verizon seeks a U.S. privacy law, as the FTC continues hearings this week on privacy. Those discussions aren't "happening in a vacuum," blogged the company's Chief Privacy Officer Karen Zacharia Tuesday. "The call for Federal privacy legislation has never been louder, and we have previously explained why it is so important for Congress to pass strong privacy legislation. The FTC’s workshops can help inform how Congress can best embody critical privacy concepts in a federal law, including 'accountability' requirements." Related comments to the FTC are here, including from Verizon, as Zacharia appears on its behalf Wednesday. The FTC's chief was to have spoken there Tuesday (see 1904090085).
The FTC hasn’t become “inured” by privacy incidents, Chairman Joe Simons said Tuesday in prepared remarks for its policy hearing on consumer privacy (see 1904090073). In the past 20 years, the FTC brought hundreds of cases, conducted about 70 workshops and issued about 50 reports on consumer privacy, he said. The agency’s approach is “vigorous enforcement with every tool we have.”
The FCC should stick with its July 2016 clarification the Telephone Consumer Protection Act doesn't apply to calls made by or on behalf of the federal government as part of official business, except for calls made by contractors that don’t comply with government instructions, Commerce Secretary Wilbur Ross wrote FCC Chairman Ajit Pai. Pai partially dissented to that ruling and Commissioners Mike O’Rielly and Jessica Rosenworcel also expressed concerns (see 1607060013). The 2016 ruling addressed petitions seeking clarification by Broadnet, the National Employment Network Association and RTI International. “Any reversal of this decision would adversely affect Federal agencies' ability to perform their critical missions and, in particular, will increase the cost of business to the Government and taxpayers, and could impair the Census Bureau's ability to reach every person as part of the upcoming 2020 Census as is constitutionally required,” Ross said in a letter posted Monday in docket 18-152. “Supreme Court precedent clearly stands for the proposition that Federal contractors are immune from TCPA liability when they comply with the Government's instructions.”
Advertising industry groups launched a coalition Monday urging Congress to pass a federal, pre-emptive privacy law that creates a FTC Data Protection Bureau. Privacy for America was created by the American Association of Advertising Agencies, Association of National Advertisers, Digital Advertising Alliance, Interactive Advertising Bureau and Network Advertising Initiative. The coalition supports granting the FTC rulemaking authority.
More team-ups with other federal agencies going after robocallers and requiring phone companies to implement caller ID authentication tech were among suggestions on the FCC rulemaking on curbing spoofed robocalls. The NPRM was adopted in February (see 1902140039). Beyond requiring implementation of caller ID authentication technology, set guidelines for its implementation and ensure consumers are represented on the Signature-based Handling of Asserted Information Using toKENs/Secure Telephony Identity Revisited (Shaken/Stir) governance board, said Consumer Reports, the National Consumer Law Center and Consumer Federation of America in docket 18-335, which got comments through Thursday. They said spoofed calls need to be blocked or diverted, not just identified, and Shaken/Stir as conceptualized now wouldn't address situations where robocallers buy phone numbers and use those to mask identity. They said the FCC should consider requiring phone companies vet subscribers, monitoring for numbers making inordinate amounts of calls. CTIA said the FCC and other agencies such as the FTC and DOJ, plus states attorneys general and international counterparts, ought to "take even more steps to deter bad actors." It suggested the FCC define the scope of its expanded anti-spoofing rules to include short message service and multimedia message service text messages. The FCC needs to be sure it's "hewing closely" to the updates Congress made to caller ID issues in Ray Baum's Act and not expand the scope of those rules past congressional intent or change the established regulatory framework in other areas, Twilio said. It said the FCC should be careful applying spoofing rules to messages sent using common short code, and not include rich communications services in the definition of text message. Comcast suggested the FCC clarify that a provider originating an IP call has to transmit the calling party name alongside the calling party number. It also recapped meeting with an aide to Commissioner Geoffrey Starks, saying the order creating a comprehensive number database, while not specifically a fraudulent spoofing issue, also will help cut volume of unwanted calls.