Facebook will no longer suggest to users which friends to tag in photos via face-scanning technology, the social network announced Tuesday. So-called “tag suggestions” has been at the center of a lawsuit involving alleged facial recognition technology abuses (see 1908080056). The platform’s “face recognition” technology will now be available to all users with the ability to opt out, Facebook said. That feature allows users to be notified when their photos are used by other people.

Understanding how tech companies use application programming interfaces helps comprehension about privacy and related issues, American Enterprise Institute's Shane Tews noted Wednesday. Since Cambridge Analytica breached Facebook data, "there has been a revamping of the relationships between websites or applications that use API data," she wrote: EU's general data protection regulation "also forced a rethinking of data collection." Tews seeks "transparent policies on data exchange." She blogged that "policymakers considering legislation and regulation around the use of data must understand how data is used to enhance user experiences."

PayPal should change its Venmo payment service’s privacy settings, urged Mozilla and the Electronic Frontier Foundation in an open letter Wednesday. “Make transactions private by default​ and​ give users privacy settings for their friend lists.” With users unable to hide their friend lists, “anyone can uncover who you pay regularly, creating a public record of your personal and professional community,” EFF said. The company didn’t comment.

Facebook CEO Mark Zuckerberg’s testimony in 2018 appears to be incomplete concerning the platform’s handling of user audio data, Sen. Gary Peters, D-Mich., wrote Zuckerberg Thursday. During the hearing, Zuckerberg offered an “emphatic” no when asked “if Facebook uses audio obtained from mobile devices to enrich personal information about its users,” Peters said. Recent reports suggest the platform asked third parties to analyze and transcribe Facebook user audio data, Peters said. The senator noted Zuckerberg “later clarified” in writing last year that Facebook “may, in certain circumstances, access audio from users who opted-in.” He asked the company for specifics about audio collection and use. Zuckerberg's statements on the topic were true during testimony and remain true, a company spokesperson said Thursday: "It has always been the case that Facebook only accesses your microphone if you have given our app permission and if you are actively using a specific feature that requires audio. It has also always been true that Facebook does not use your phone’s microphone to inform ads or to change what you see in News Feed.”

Apple’s “intentional recording of individuals’ confidential communications without their consent” using Siri voice-recognition software violates California privacy and unfair-competition laws, alleged a complaint Wednesday (in Pacer) in U.S. District Court in San Jose that seeks class-action status. A July 26 article in The Guardian reported Apple “has been recording individuals without consent and has been storing and sending those recordings to humans for review,” said the complaint. Siri devices continuously record consumers’ conversations, including when they fail “to utter a wake phrase,” it said. The complaint estimates the potential class to include all individuals who were recorded on a Siri device without their consent “from at least as early” as October 2011 to the present. It asks the court to order Apple to delete all recordings and to pay “nominal, statutory, and punitive” damages. Apple didn’t comment.

Facebook failed to meet its promise to restrict its Messenger Kids app to users 12 and younger, Sens. Ed Markey, D-Mass., and Richard Blumenthal, D-Conn., wrote Tuesday. They said the company claimed the app “only allows children to interact with users who have been approved by their parents,” but it recently “confirmed that a design flaw allowed children to circumvent those protections and chat with unapproved strangers.” They asked for specifics of the flaw’s discovery, and whether its recent FTC settlement releases it from liability under the Children’s Online Privacy Protection Act. The company confirmed it received the letter.

About three-quarters of U.S. adults worry that their financial and personal data will be hacked (74 percent), don’t want online data being used to make content and advertising more relevant (75 percent), or for commercial purposes (76 percent), according to Internet Innovation Alliance survey released Thursday. Additionally, 72 percent favor a single, nationwide online data privacy law, it said. The survey also found the views of millennials “remarkably aligned with older adults on data privacy issues,” said Rick Boucher, IIA honorary chairman. CivicScience did the survey of more than 8,000 consumers in April.

Oakland's city council approved an ordinance Tuesday night to ban municipal use of facial recognition technology, becoming the third municipality to pass such a measure. Somerville, Massachusetts, and San Francisco passed similar bans earlier this year. A final procedural vote is Sept. 17.

The California Senate Judiciary Committee supported carving out employers from the California Consumer Privacy Act, but at a Tuesday hearing amended AB-25 to sunset that exemption Jan. 1, 2021. The amendment means “a more narrowly tailored response is necessary within the next year otherwise the law reverts back to its current form,” said committee bill analysis dated Monday. The Assembly-passed bill had enough votes to clear the committee and would go next to Senate Appropriations. The committee decided not to weigh AB-1416, which would allow companies to override consumers’ requests to opt out of sale of their data if it’s for government and fraud-detection purposes. The Judiciary hearing continued into early evening. Consumer privacy groups lined up Monday against AB-25, AB-1416 and three other industry-backed CCPA changes that were up for vote in the committee (see 1907080047). Privacy advocates “beat the odds” when CCPA passed last year, Californians for Consumer Privacy Chair Alastair Mactaggart said Monday. “But make no mistake: last year’s David-versus-Goliath fight for consumer privacy rights continues.”

Consumer privacy groups lined up against five industry-backed bills advancing through the California legislature to tweak the California Consumer Privacy Act. In a Monday media teleconference, officials including from Consumers Union, Electronic Frontier Foundation, American Civil Liberties Union and Common Sense Kids Action, said they oppose AB-25, AB-846, AB-873, AB-1416 and AB-1564, bills scheduled for a key hearing Tuesday in the Senate Judiciary Committee. If the panel clears the Assembly-passed bills, they would head to the Senate floor. None of the bills that the privacy groups supported earlier this session, including Attorney General Xavier Becerra’s (D) bill to expand protections and add a private right of action, are moving forward, said Common Sense Vice President Elizabeth Galicia: “All the CCPA-related bills that would actually strengthen rights are not being negotiated currently.” The worst bill is AB-1416, which would allow companies to ignore consumers requests to opt out of sale of their data if it’s for government and fraud-detection purposes, said EFF Senior Staff Attorney Lee Tien. The exemption is too broad, making the bill “harmful and unnecessary,” he said. AB-873, modifying definitions of “personal information” and “de-identified,” looks like technical edits but it’s a “Trojan horse” depriving consumers of control over their personal data, said Jacob Snow, ACLU Northern California Technology and Civil Liberties attorney. People can be identified even from anonymized data, and it will get easier over time with the rise of machine learning, he said. Workers need “at least as much” protection as consumers, but AB-25’s exemption for employers would take that away from current and former employees, contractors and job applicants, said Mitch Steiger, legislative advocate for the California Labor Federation. That bill has become a “grab bag” that's under negotiation and could be further amended, said Common Sense Senior Counsel-Policy and Privacy Ariel Fox Johnson. AB-846 goes beyond its stated purpose of allowing loyalty programs by permitting companies to charge more if someone opts out of the program, said Justin Brookman, Consumer Reports director-consumer privacy and technology policy. AB-1564 hurts groups without internet access, including seniors and those with low income or education, by removing a requirement that companies list a phone number for opt-out requests, said Privacy Rights Clearinghouse Policy Counsel Emory Roane.