The Senate Commerce Committee plans this session’s second data privacy hearing at 10 a.m. Wednesday in 253 Russell. FTC resources, major cybersecurity incidents and data security practices are on the agenda. Witnesses: ex-FTC Consumer Protection Bureau Director Jessica Rich, now at Kelley Drye; ex-FTC Chief Technologist Ed Felten, professor emeritus Princeton University; Engine Executive Director Kate Tummarello; and Identity Theft Resource Center Chief Operating Officer James Lee.

Companies claiming they’re protecting student safety might be surveilling them inappropriately instead, three Democratic senators wrote Monday. Sens. Elizabeth Warren and Ed Markey, both of Massachusetts, and Richard Blumenthal, Conn., wrote to the owners of Gaggle, Bark Technologies, GoGuardian and Securly about their use of AI "and algorithmic systems to monitor students’ online activity.” They raised concerns the companies’ monitoring practices violate federal law, compound “racial disparities in school discipline” and drain “resources from more effective student supports.” GoGuardian said in a statement it received the letter and is looking forward to responding. It said it’s a “proud signatory of the Student Privacy Pledge, certified as [Family Educational Rights and Privacy Act]-compliant by the Internet Keep Safe Coalition, and trusted by schools and districts across the U.S. to help protect their students.” Gaggle said it "takes privacy and student safety seriously; the company has a robust privacy policy that strictly limits students’ personally identifiable information (PII) to students’ names and school districts (in other words, Gaggle does not collect any data related to students’ race, ethnicity, or sexual orientation) and layers its artificial intelligence with a team of trained content reviewers to analyze context and help prevent false flags." The other companies didn’t comment.

The Senate Commerce Committee plans a privacy hearing Wednesday at 10 a.m. in 253 Russell, Chair Maria Cantwell, D-Wash., announced. The focus is consumer privacy rights, FTC resources, the potential for a new privacy bureau and federal privacy legislation. Witnesses are ex-FTC Commissioner Maureen Ohlhausen, now at Baker Botts; ex-FTC Consumer Protection Bureau Director David Vladeck, now at Georgetown Law; ex-FTC Chief Technologist Ashkan Soltani, now an independent researcher; and ACT|The App Association President Morgan Reed. The Consumer Protection Subcommittee set a hearing Thursday at 10:30 a.m. on Facebook, Instagram and kids’ mental health. Facebook Global Head of Safety Antigone Davis will testify.

The California Privacy Protection Agency seeks comment by Nov. 8 on a proposed rulemaking under the 2020 California Privacy Rights Act, the agency said Wednesday. It especially sought feedback on “new and undecided issues not already covered by the existing” California Consumer Privacy Act rules.

The FTC should begin a privacy rulemaking (see 2107280061), Senate Democrats wrote Chair Lina Khan Monday. Signers also included Richard Blumenthal, Conn.; Brian Schatz, Hawaii; Ron Wyden, Ore.; Elizabeth Warren, Mass.; Chris Coons, Del.; Ben Ray Lujan, N.M.; Amy Klobuchar, Minn.; Cory Booker, N.J.; and Ed Markey, Mass. “Consumers deserve strong and enforceable privacy safeguards in the digital economy -- opening a rulemaking would be a powerful step toward addressing this long overdue need,” they wrote. The rulemaking should bolster civil rights and cybersecurity, they said. The agency merely confirmed receiving the letter.

States having passed new, bipartisan laws on cybersecurity, privacy and other issues gives Colorado’s attorney general optimism that Congress can do similar. Opening the Technology Policy Institute conference in Aspen, Colorado AG Phil Weiser (D) noted there haven't been recent new U.S. laws on such areas, despite “strong bipartisan support“ on data privacy legislation in states, including here in Colorado, and cybersecurity “wake-up calls“ with breaches of Colonial Pipeline and others. “We cannot give up hope“ on getting such federal laws, he said Sunday night. Political polarization “makes it harder for people to work together to solve problems,“ he noted. “We worry about this hyper-extreme“ divide. He hopes historic norms return in terms of “collaboration“ and “problem-solving." Weiser called the U.S. Senate-approved $1 trillion infrastructure bill with broadband money “a very modest step forward.“ Asked by an audience member about big tech scrutiny, he said it's “a moment that feels a lot like" circa 1900, when there were public worries about corporate control. “Why shouldn’t we have requirements for transparency” with online political ad disclosure, akin to what broadcast stations must do, Weiser asked. Answering a question about robocalls, Weiser said, “We have had bipartisan collaboration," as “everybody hates robocalls." He noted the Trace Act means big carriers have now implemented Stir/Shaken and he hopes smaller carriers do so quickly. The month-over-month decline in robocalls is encouraging, but fraudulent texting has increased, Weisser told TPI: “You’ve got to continue to have what they call constant” vigilance.

ATIS announced the launch of a “User-Controlled Privacy Initiative,” to adopt and advance solutions to help industry establish a self-sovereign identity (SSI). “Combining this SSI along with verifiable credential proofs of information greatly enhances individuals' control and rights over their personal data,” ATIS said Thursday. “SSI can address personal data in a way that fosters greater trust between consumers and businesses, while also helping companies comply with new privacy regulations,” said ATIS President Susan Miller. ATIS is looking for member companies to participate.

Facebook should release internal research about potentially harmful impacts of its platforms, including Instagram for kids, on children’s mental health, Senate Consumer Protection Subcommittee Chairman Richard Blumenthal, D-Conn., and ranking member Marsha Blackburn, R-Tenn., wrote the company Wednesday. They noted that a hearing is planned for September, for which they asked a Facebook senior executive to testify. They asked CEO Mark Zuckerberg to explain how internal research is “used to further promote and market their products to young users.” Facebook welcomes "productive collaboration" with Blumenthal and Blackburn "to keep young people safe online," a spokesperson emailed. "Just last week we shared significant updates on our work in this area, including defaulting those under 16 into private accounts when they join Instagram. For those under 13, the reality is that they’re already online, so we’re creating an experience for them that is age-appropriate, and managed by parents.”

Colorado is nearly done requesting preliminary data from Google to understand surface-level information about the company’s data gathering practices, an attorney representing Colorado Attorney General Philip Weiser told U.S. District Court in Washington during a status hearing (in Pacer) Friday in docket 1:20-cv-03010 (see 2102160052). Colorado expects to make “full-fledged” data requests by the end of September in its antitrust case against Google, Jonathan Sallet told Judge Amit Mehta. The preliminary data will help plaintiffs understand what data Google has, how it measures impact on consumers and what it sees about consumer behavior, said Sallet. Google attorney John Schmidtlein said the company is on track to deliver on this batch of requests, which involves hundreds of thousands of documents. The latest DOJ request is being converted and should be available next week, and the company expects to deliver documents to Colorado by the end of August, he said. DOJ Civil Division trial attorney Kenneth Dintzer said there are “looming” third-party issues to be resolved. Mehta told the attorneys the court will address those after August deposition proceedings.

The FTC should use its rulemaking authority to ban “corporate use” of face-scanning technology, nearly 50 advocacy groups wrote Thursday. Fight for the Future, MediaJustice, Open Markets Institute, Open MIC and Public Citizen signed the letter, which says Amazon is the “perfect case study to showcase” dangers of corporate surveillance. They cited security and privacy threats for “Amazon’s smart home ecosystem, deceptive use of facial recognition technology, and the tech giant’s ever-expanding partnerships with police departments in over 2,000 cities.” They urged a ban on continuous surveillance in places of public accommodation and an end to “industry-wide data abuse.” The FTC and Amazon didn’t comment.