Sens. Brian Schatz, D-Hawaii, and Roy Blunt, R-Mo., introduced a bill Thursday barring commercial facial recognition technology users from “collecting and re-sharing data for identifying or tracking consumers” without consent, as expected (see 1902260066). The Commercial Facial Recognition Privacy Act would require providers meet “data security, minimization, and retention standards” set by the FTC and the National Institute of Standards and Technology.
One of the best things to address privacy concerns is establish a federal data breach law, FTC Commissioner Noah Phillips said Thursday at the Brookings Institution. State pre-emption is necessary, he added, saying multiple standards aren’t good for competition. Identifying privacy issues as antitrust indicators could give regulators too much power, he said. Robocalls could be among the most common complaints to the FTC, Phillips said. The commission is trying to address the robocall issue using new apps and aiding telcos with caller ID spoofing, but enforcement alone won’t solve the problem, he said.
The Department of Homeland Security should delay expanding facial recognition technology use until consumers know how personal data is handled and shared by agencies and airports, Sens. Ed Markey, D-Mass., and Mike Lee, R-Utah, wrote DHS Tuesday. DHS and Customs and Border Protection plan to expand facial recognition to all “international travelers traveling through the top 20 U.S. airports by 2021,” said the letter. Airports don’t “face any limits on how they can use travelers’ facial data after being tasked by the CBP to retain the equipment necessary to implement facial recognition screening,” they wrote. Wednesday, DHS didn’t comment.
Public Knowledge Senior Vice President Harold Feld slammed an FCC draft Further NPRM for not taking privacy into account in rules requiring carriers be able to find callers to 911 with greater accuracy. The FNPRM is to be voted on Friday (see 1902210048). Feld filed on a call he received from an aide to Commissioner Geoffrey Starks asking about that issue. “The failure of the FNPRM to mention privacy or security is inexcusable in light of continued revelations that carriers appear to be unable to protect properly customer real-time geolocation information,” Feld said in docket 07-114, posted Wednesday. “Only last week, Vice ran a third story on the ease with which stalkers, bounty hunters and debt collectors and others can obtain access to [assisted GPS] information.”
"All the convenience in the world doesn’t matter if you don’t feel safe using our products and services,” said eero smart home mesh network provider CEO Nick Weaver, reaffirming its "commitment to your privacy head-on.” Guiding principles shared with Amazon, which bought eero, are that customers have a right to privacy, to know what data is being collected in “easy to understand terms” and to have control over their data, he blogged Tuesday. Eero collects network diagnostic information only to improve the performance, stability, and reliability of its products and services and for customer support, he said. The companies have begun building customer experiences together, such as Amazon’s WiFi Simple Setup, he said. Soon, when customers who own both an eero system and an Echo smart speaker set up connected devices bought on Amazon, the devices will look automatically for the eero network and use encrypted credentials to connect, he said: “Gone will be the days of manually setting up each smart product we bring into our homes.”
Wireless companies seek flexible California privacy rules, CTIA commented last week to the California attorney general on implementing the 2018 California Consumer Privacy Act. The state didn't post comments, so we obtained some (see 1903110042). AG Xavier Becerra (D) should “bring clarity to the unclear or ambiguous statutory provisions that otherwise will operate to the detriment of consumers and businesses,” wrote CTIA. Don’t prescribe how companies verify authenticity of consumer requests for information, it said. Don’t require businesses give consumers information that may risk privacy and data security, it said. Exempt businesses from having to provide information that may reveal trade secrets, CTIA said. Companies should be considered as complying with rules barring discrimination based on what data consumers provide “if there is a reasonable basis for the difference in price or rate, or the level or quality of goods and services it offers to a consumer in exchange for the consumer’s data,” the association said. Consumers should be able to choose which data may be sold rather than an all-or-nothing choice, it said. If a consumer already opted into sale of certain data, global opt-out shouldn’t reverse that, it said. The AG says written comments are available under the California Public Records Act. We filed a PRA request Tuesday after the AG office declined to provide documents voluntarily.
There’s “substantial” evidence Facebook violated its 2011 FTC consent decree, and Google has “consistently misinformed users” about geolocation practices, Sen. Josh Hawley, R-Mo., wrote Chairman Joe Simons. The agency has been “toothless” in policing big tech, Hawley said, urging the FTC to use all resources available to probe privacy allegations. If the agency lacks the appropriate authority, it should explain how to Congress, Hawley said. The FTC didn’t comment.
The Senate Homeland Security Committee’s report on the 2017 Equifax data breach (see 1903070065) “highlights a glaring lack of cybersecurity preparedness that is, quite frankly, appalling given the highly sensitive consumer data” at stake, said Public Knowledge Cybersecurity Policy Director Megan Stifel Friday. PK urged Congress to pass "comprehensive privacy legislation and examine whether market incentives are sufficient to ensure consumers’ data is adequately protected.”
Comments are due April 8, replies April 23 on Akin Gump's request the FCC clarify the definition of fax “sender” under the Telephone Consumer Protection Act, said a Thursday public notice on dockets including 02-278. The law firm Feb. 26 petitioned that “a fax broadcaster [be] the sole liable ‘sender,’ when it both commits TCPA violations and engages in deception or fraud against the advertiser (or blatantly violates its contract with the advertiser) such that the advertiser cannot control the fax campaign or prevent TCPA violations,” the PN noted. The firm said those whose goods and services are advertised in an unsolicited fax aren't always the TCPA-liable senders since they didn't know about the junk-fax campaign: Advertisers nationwide "have fallen victim to unscrupulous, dishonest or rogue fax broadcasters, and have been left open to liability."
Facebook wants to shift to a more “privacy-focused messaging and social networking platform,” blogged CEO Mark Zuckerberg Wednesday. Zuckerberg envisions a platform where communication shifts to private, encrypted services with data that remains secure and eventually disappears. “Private messaging, ephemeral stories, and small groups are by far the fastest growing areas of online communication,” Zuckerberg wrote, saying he wants the company to shift from a “town square” to more of a “living room.”