A proposed private-public municipal broadband partnership in Tacoma, Washington, would include net neutrality and data privacy rules like those reversed at the federal level. The city is reviewing terms sheets with local private ISPs Rainier Connect and Wave Broadband for a partnership with one of the providers to operate the publicly owned Click Network. The Tacoma Public Utility Board voted to negotiate a contract with Rainier Connect; the City Council will review that decision, the city and utility said. “These proposals represent unprecedented private sector commitments to net neutrality, privacy, low-income affordability and non-transfer to entities with substantial market share,” said Tacoma Mayor Victoria Woodards (nonpartisan).
A District of Columbia privacy proposal by Attorney General Karl Racine (D) would update D.C. data breach law and expand consumer privacy rules, he said Thursday. The proposed bill for the D.C. Council, which shows Chairman Phil Mendelson (D) as sponsor, would broaden the definition of personal information, which now covers Social Security, driver’s license and credit or debit card numbers, to include passport, taxpayer ID and military ID numbers, plus biometric data and health, genetic and health insurance information. It would require companies that handle personal data to have security safeguards, provide two years' free identity theft protection if they expose Social Security or tax ID numbers, and inform consumers of their rights when a data breach occurs. “The District’s current data security law does not adequately protect residents,” Racine said.
Exemptions for financial institutions and others in an Indiana bill to curb robocalls could increase calls consumers receive, Indiana attorney general office officials warned state lawmakers Thursday. The Senate Utilities Committee voted 10-0 for the House-passed HB-1123. The bill would give the AG more tools to stop illegal calls, including by increasing penalties, providing more funding for prosecutors to extradite bad actors, and expanding registration on the state do-not-call list, said AG Director-Government Affairs Parvonay Stover at the livestreamed hearing. But the measure is no “silver bullet,” and the AG office opposes the first section giving exemptions for financial institutions or communications service providers that have an established business relationship with the consumer, said Marguerite Sweeney, senior deputy AG-data privacy and identity theft unit. Banks support the exemption because it lets them tell customers about new products, said Indiana Bankers Association Senior Vice President Dax Denton. The do-not-call law is too restrictive, he said. The carve-outs are good because the state do-not-call law is too strict, said sponsor Rep. Jeff Ellington (D). Exempting communications providers could help spread broadband, he added. Wednesday in Wisconsin, a bipartisan group of 60 state senators and representatives introduced a bill (SB-132) banning caller ID spoofing, with civil penalties of $100 to $10,000. The Wisconsin bill exempts authorized law enforcement activities.
House Democrats asked FTC Chairman Joe Simons how the agency might spend an additional $50 million to $100 million in funding on consumer protection and privacy issues. Commerce Committee Chairman Frank Pallone of New Jersey and House Consumer Protection Subcommittee Chair Jan Schakowsky of Illinois, who are crafting privacy legislation, asked what the agency would do with 100 new privacy and data security attorneys or technologists. For every high-profile case, there are many more that don’t get media attention and FTC priority, the lawmakers wrote Wednesday: “Nevertheless, consumers may face significant harm from these less well-known privacy and data security incidents.”
FCC General Counsel Thomas Johnson told House Commerce Committee Chairman Frank Pallone, D-N.J., the agency didn’t provide an emergency briefing for the committee on wireless carriers' alleged unauthorized disclosure of consumers' real-time location data during the partial federal shutdown (see 1901110042) because it couldn’t under the Antideficiency Act. Pallone wrote Chairman Ajit Pai Jan. 11 asking for the meeting and a follow-up letter Feb. 19 requesting documents on the FCC’s response to the disclosures. “Career attorneys within the Office of General Counsel concluded that Commission employees would not be available to prepare the Chairman or to provide the briefing themselves because the work did not fall within one of the recognized exemptions” in the ADA, Johnson said, in a letter released this week. “The Commission takes allegations of unauthorized use and disclosure of consumer data very seriously,” he said. “Last year the Enforcement Bureau initiated an investigation into reports that wireless carriers were allowing third parties to use consumers’ location information without their consent.” The requested briefing took place Feb. 7, Johnson said.
Comedian John Oliver's robocalls to FCC members' offices likely are legal, telecom lawyers said. The "pre-recorded message satisfies the first element" of a Telephone Consumer Protection Act standard requiring prior consent, blogged Kelley Drye's Steve Augustino and Jennifer Rodden Wainwright. But TCPA restrictions don't apply to the robocalls because HBO's Last Week Tonight host is calling landline phones (autodialed calls to wireless phones are restricted), and isn't introducing an advertisement or engaged in telemarketing, the attorneys suggested Monday in a post their law firm also emailed Tuesday. "Consent is not required for the calls that Oliver is making, and revocation of consent similarly is not relevant" here, they added. "Oliver rightly observed during his segment that the National Do Not Call Registry only applies to telemarketing calls, so even if the FCC commissioners registered their office phone numbers on the National Do Not Call Registry, Oliver’s calls to them would not be unlawful." Some commissioners also have indicated the calls are legal (see 1903150061). The FCC declined to comment Tuesday on the calls' lawfulness, and HBO didn't comment. At least some of Oliver's calls continue to commissioners' offices every 90 minutes as the TV host said would occur.
FCC elimination of a rule requiring opt-out notices for fax advertisements sent with a recipient's prior consent takes effect Wednesday, says a rule for that day's Federal Register. It noted the U.S. Court of Appeals for the D.C. Circuit declared the rule unlawful, leading to a Consumer and Governmental Affairs Bureau order Nov. 14 (see 1811140054).
The FCC added language on privacy and the effect on consumers in the Lifeline program, based on side-by-side comparison of the draft Further NPRM and FNPRM on 911 vertical location accuracy, as released Monday. Commissioner Jessica Rosenworcel dissented Friday, while Commissioner Geoffrey Starks secured changes (see 1903150067). “We seek comment on the appropriate data privacy and security framework for z-axis data,” the FNPRM said. “We seek comment on whether use of z-axis data should be limited to 911 calls except as otherwise required by law.” Neither question was in the draft. The rulemaking asks whether a proposed 3-meter z-axis metric “will provide adequate vertical location accuracy protection for consumers who participate in the Commission’s Lifeline program.” It seeks comment “on the extent to which mobile phones provided to consumers as part of the Lifeline program have the capability, through barometric pressure sensors or other means, to be located within a 3-meter z-axis metric” and “how to ensure that vertical location protections extend to and include users of the Lifeline program.” The FNPRM asks more generally about potential turnover rates for wireless handsets and “features of devices likely to be available and in use by the compliance dates established in our rules.”
The House Judiciary Committee should hold public hearings so intelligence officials can disclose how many Americans have had their information collected under Section 215 of the USA Freedom Act and Section 702 of the Foreign Intelligence Surveillance Act, 39 civil liberties groups wrote Monday. Section 215 allows NSA and foreign intelligence investigators to collect Americans' calls and text messages related to terrorism or espionage activity. Section 702 allows collection of non-Americans' online communication for foreign intelligence-gathering purposes, which has resulted in incidental collection of American data. The USA Freedom Act requires NSA report the “number of ‘unique identifiers’ that have been collected under the Section 215,” New America’s Open Technology Institute wrote. The groups included the American Civil Liberties Union, Center for Democracy & Technology, Color of Change, Electronic Frontier Foundation, Electronic Privacy Information Center and TechFreedom.
Five U.S. companies reached FTC settlements in 2018 over allegations they misled consumers about EU-U.S. Privacy Shield participation (see 1811190029), the agency reported Friday in its annual privacy and data security roundup. The agency shut revenge porn website MyEx.com (see 1806220040), got Venmo to stop “deceptive” privacy practices (see 1805240049), expanded a settlement with Uber (see 1810260040) and reached a pact with BLU Products (see 1809100052).