The FTC finalized 5-0 a settlement with Blu Products over allegations (see 1804300045) the mobile phone manufacturer allowed a third-party service provider from China to collect personal information about consumers without consent, despite privacy agreements, the agency said Monday. There was no financial penalty. The manufacturer is prohibited from misrepresenting the extent to which it protects privacy and security of personal information. The company didn’t comment.

Congress should adopt a federal data privacy law that pre-empts state law and is free of mandates requiring industry to “use specific technological solutions,” the U.S. Chamber of Commerce said Thursday. Be “transparent about the collection, use, and sharing of consumer data and provide consumers with clear privacy notices that businesses will honor.” Enforcement of a new data privacy law should focus on “concrete harm to individuals,” it said. Several bills are pending (see 1808280039), NTIA is working on privacy principles (see 1808060035) as is the National Institute of Standards and Technology (see 1809050043).

Apple will launch an online portal later this year that international law enforcement can use to submit requests for user data and better understand what is legally available, General Counsel Kate Adams told Sen. Sheldon Whitehouse, D-R.I. It's “consistent” with Apple’s commitment to protect “security and privacy of our users,” Adams wrote Tuesday.

The National Institute of Standards and Technology announced an effort to work with stakeholders to develop a “voluntary privacy framework” for companies. To start collecting input, NIST will host an initial public workshop Oct. 16 in Austin during an International Association of Privacy Professionals’ conference. A series of public meetings will follow. The effort will run parallel with NTIA’s goal to develop a set of privacy principles (see 1808060035), the agency said Tuesday. NIST Director Walter Copan cited recent success with the agency’s Cybersecurity Framework. The purpose of developing the privacy framework is to “deliver practical tools that allow continued U.S. innovation, together with stronger privacy protections,” he said. Flexible privacy protections will allow consumers to “enjoy the benefits of innovative technologies with greater confidence and trust,” he said.

Senators should ask Supreme Court nominee Brett Kavanaugh if the government should be required to obtain a warrant to access data from cloud-based IoT devices, said the Center for Democracy & Technology Wednesday. CDT outlined questions for Kavanaugh on privacy and surveillance, among other topics. CDT is seeking Kavanaugh’s thoughts on the Supreme Court’s recent Carpenter decision (see 1807050025) that government collection of at least seven days of cellsite location information constitutes a Fourth Amendment-protected search. The group also seeks comments on Spokeo v. Robins.

The Senate Judiciary Committee should “expeditiously” consider the final two nominations to the Privacy and Civil Liberties Oversight Board, 31 groups wrote committee leadership Wednesday. The Center for Democracy and Technology, Electronic Frontier Foundation, Electronic Privacy Information Center, New America’s Open Technology Institute, Public Knowledge, R Street Institute and TechFreedom signed. University of Virginia law professor Aditya Bamzai and former FCC Enforcement Bureau Chief Travis LeBlanc are expected to round out the five-member board, which currently has one sitting member. The committee in February advanced to the floor President Donald Trump’s nominee to chair the board, Adam Klein, former law clerk to late Supreme Court Justice Antonin Scalia (see 1803290050). The committee in June advanced two other nominees: former White House Deputy Chief Technologist Edward Felten and Jane Nitze, former clerk to Supreme Court Justice Sonia Sotomayor (see 1806210043). The full Senate hasn't acted on those nominations.

DOJ needs to clearly state to courts how law enforcement’s use of cell-site simulators, known as StingRays, disrupts 911 dialing capabilities for targeted phones, Sen. Ron Wyden, D-Ore., said in a recent letter to the agency. Wyden cited confirmation about disruption from “senior officials” at Harris Corp., which manufacturers the surveillance tools most frequently used by police. “It is important that courts understand that the surveillance programs they are being asked to authorize will incidentally rob Americans of the means to communicate,” Wyden wrote. Telecom companies need to collaborate to ensure “cellular infrastructure is safe, secure, and private from attacks by spies, criminals, and rogue law enforcement,” the Electronic Frontier Foundation said Monday. Tuesday, Justice didn’t comment.

The State Department should “swiftly” push for the appointment of an official to be ombudsman for the EU-U.S. Privacy Shield (see 1808090015), tech groups told Secretary Mike Pompeo Monday. ACT|The App Association, BSA|The Software Alliance, Computer & Communications Industry Association, Engine, the Information Technology Industry Council, the Internet Association and the Software & Information Industry Association were among groups urging appointment of an undersecretary for economic growth, energy and the environment. The individual holding that position serves as ombudsman to the Privacy Shield. The Privacy Shield is “indispensable” to the U.S. economy and EU relations, they wrote: “While the duties of the Ombudsperson are currently being carried out, having a senior political appointee in the role is important.” Principal Deputy Assistant Secretary for Oceans, Environment and Science Judith Garber, set to be the next ambassador to the Republic of Cyprus, is acting ombudsman. A State Department spokesman said the agency hopes to have someone in the position “as soon as possible” but deferred to the White House on when the undersecretary will be named.

About 75 percent of U.S. households connected to the internet “had significant concerns about online privacy and security risks in 2017,” the U.S. Census Bureau said in a NTIA survey released Monday. Nearly a third of online households said those concerns “caused them to hold back from some online activities,” and 20 percent said they “experienced an online security breach, identity theft or a similar crime during the past year,” the survey, which was conducted in November 2017, said.

The FTC should conclude its investigation of the Facebook-Cambridge Analytica privacy breach (see 1805020042) and issue a “significant fine” before Sept. 1, 14 groups wrote the agency Thursday. The Electronic Privacy Information Center, Campaign for a Commercial-Free Childhood, Center for Digital Democracy, Consumer Watchdog and Public Citizen were among them. Lack of enforcement “would imperil both European and American consumers and undermine the digital economy,” the groups said, citing implications for the EU-U.S. Privacy Shield (see 1808090015). It’s been four months since the agency opened its Facebook probe, they noted. An FTC spokesperson said the agency received the letter.