Facial recognition technology deserves “thoughtful government regulation,” blogged Microsoft President Brad Smith Friday. Computers identifying faces through cameras and photos raises “issues that go to the heart of fundamental human rights protections like privacy and freedom of expression,” said Smith. Government and industry should determine acceptable uses, he said, with policymakers balancing public safety and democratic freedoms. Smith listed benefits: efficient photo cataloging; authorities identifying missing people and criminal suspects; and smart device security. He listed drawbacks: potential for continuous, nonconsensual government surveillance; mass unauthorized data gathering from events; commercial exploitation of surveillance systems to sell products; and racial bias. He recommended policymakers launch a “bipartisan and expert commission” to guide legislative efforts. Industry deciding alone is “an inadequate substitute for decision making by the public and its representatives,” Smith said. “A world with vigorous regulation of products that are useful but potentially troubling is better than a world devoid of legal standards.”

The FTC should probe privacy policies and practices of smart TV manufacturers because consumers are potentially unaware of the extent to which companies track sensitive information, wrote Sens. Ed Markey, D-Mass., and Richard Blumenthal, D-Conn., to the FTC Thursday. “Televisions have entered a new era, but that does not mean that users’ sensitive information no longer deserves protection.” Friday, the agency didn’t comment.

Lawmakers can't ignore cost to innovation when considering stringent privacy regulations, said the Information Technology and Innovation Foundation Wednesday. Senior Policy Analyst Alan McQuinn and Vice President Daniel Castro said that if European digital advertising revenue grew at the same rate as in the U.S., the EU, where "strict privacy regulations reduce the revenue digital companies can earn from online ads," would have had an additional 11.7 billion euros flow through its digital ecosystem 2012-17. The report suggested a three-part test for adopting potential privacy regulations: Lawmakers should “target specific, substantial harms,” “directly limit those harms,” and “the costs of the regulations must be outweighed by their countervailing benefits.”

Consumers likely don’t fully understand Google’s policies that allegedly allowed employees and computers to read Gmail users’ emails, Senate Commerce Committee members wrote the CEO of the platform's parent company Tuesday. Citing a July 2 report from the Wall Street Journal, Chairman John Thune, R-S.D., Sens. Roger Wicker, R-Miss., and Jerry Moran, R-Kan., asked Alphabet CEO Larry Page for Google privacy policy details. Though users consent to third-party access to Gmail data, “the full scope of the use of email content and the ease with which developer employees may be able to read personal emails are likely not well understood by most consumers,” they wrote. Google didn’t comment.

Recent reports suggest Apple and Google mobile devices improperly collect information from audible conversations without user consent, and Google is inappropriately scraping email data, wrote House Commerce Committee lawmakers to company executives Monday. Chairman Greg Walden, R-Ore., Reps. Marsha Blackburn, R-Tenn., Gregg Harper, R-Miss., and Bob Latta, R-Ohio, accused the platforms of collecting “non-triggered” user audio without disclosing the practice to users. Google continues to gather sensitive email data to personalize ads, despite the platform claiming in 2017 it would stop the practice, the lawmakers wrote. Users “have a reasonable expectation of privacy when taking active steps to prevent being tracked by their device,” the lawmakers wrote Apple CEO Tim Cook and Alphabet CEO Larry Page. The companies didn’t comment.

Facebook will continue sharing user data with Apple, Amazon, Tobii, Mozilla, Alibaba and Opera, it said in another round of responses to Congress involving CEO Mark Zuckerberg’s April testimony (see 1806120038). Facebook’s data-sharing agreements were criticized in June, with lawmakers saying Zuckerberg wasn't forthcoming enough (see 1806080045). Facebook submitted some 750 pages of responses to the House Commerce Committee, in addition to 500 pages to the Senate Judiciary and Commerce committees. The company said it discontinued 38 of the 52 partnerships in question, which included deals with AT&T, Huawei, Microsoft, Samsung, Sprint, T-Mobile, Verizon and Yahoo. Full partnerships will continue with Apple, Amazon and Tobii through October, but Mozilla, Alibaba and Opera won't have access to friend data, Facebook said. It said it compiled the list of partnerships “to the best of our ability.” Ranking member Frank Pallone, D-N.J., said that raises more questions: “It’s disconcerting that four months after this scandal became public Facebook still has no idea how many others have its users’ data and how that data is being used today.” Monday, the platform didn’t comment.

The FTC settled with a California online training services company over allegations it falsely claimed it was getting certified as EU-U.S. Privacy Shield compliant, said the agency Monday. The FTC said ReadyTech started a certification application with the Commerce Department in 2016 but didn’t complete “steps necessary to participate.” The company is prohibited from misrepresenting itself again, and for any future violations, faces penalties up to $41,484 for each infraction. “Today’s settlement demonstrates the FTC’s continuing commitment to vigorous enforcement of the Privacy Shield,” said FTC Chairman Joe Simons. “Privacy Shield is a critical tool for ensuring transatlantic data flows and protecting privacy that benefits both companies and consumers.” ReadyTech didn’t comment.

The FTC and FCC should investigate whether users’ personal information and viewing data was wrongfully shared with Cambridge Analytica through smart TVs and streaming services, wrote Rep. Debbie Dingell, D-Mich., Thursday in letters to FTC Chairman Joseph Simons and FCC Chairman Ajit Pai that were released the following day. Dingell sent the letters in response to reports Cambridge Analytica “improperly collected and shared information from set-top cable boxes.” Dingell criticized Pai for deferring to the FTC after a previous letter inquiring about Cambridge Analytica’s alleged purchasing of viewing and personal data. Dingell told Pai the FCC “has clear authority and a responsibility to protect” viewing data of cable and satellite TV subscribers, and asked whether the agency is taking consumer privacy obligations seriously. In her letter to Simons, Dingell asked the FTC to investigate whether the data analytics firm “collected information about Americans in unscrupulous ways and potentially with the aid of other data collectors.” Friday, the FTC and FCC didn’t comment.

The FTC should investigate “misleading and manipulative” practices by Google and Facebook that steer users toward “privacy-invasive default settings,” said the Electronic Privacy Information Center, Consumer Watchdog and six other consumer advocacy groups Wednesday. They cited an EU general data protection regulation-related study from the Norwegian Consumer Council claiming “users were deliberately pushed into less privacy friendly options.” The Center for Digital Democracy, Consumer Action and Public Citizen signed. “In the run up to GDPR we asked people to review key privacy information which was written in plain language, as well as make choices on three important topics,” a Facebook spokeswoman emailed. “Our approach complies with the law, follows recommendations from privacy and design experts, and is designed to help people understand how the technology works and their choices.” The FTC and Google didn’t comment.

Senate Judiciary Privacy Subcommittee Chairman Jeff Flake, R-Ariz., and ranking member Chris Coons, D-Del., are demanding Amazon act on reports a Portland, Oregon, couple discovered Alexa software in their Amazon Echo device turned on and “was able to capture their private conversation” without permission and send it to a contact “known to the device.” Amazon “has stated that the company is evaluating options to make this series of events less likely to occur,” but “we are concerned that the device in this instance performed precisely how it was designed,” the senators wrote last week to CEO Jeff Bezos: “Without prompt and meaningful action, we expect that additional” similar incidents “will happen again.” Increasing popularity of “in-home, internet-connected devices and voice-activated technologies raises questions about the types of data they collect, store, and share, and the degree to which consumers control their personal information,” the senators said: Amazon and other companies “that offer services through these devices must address these concerns by prioritizing consumer privacy and protecting sensitive personal information.” Monday, Amazon didn’t comment. Ex-Cambridge Analytica contractor Aleksandr Kogan and others are to testify at a Tuesday Senate Consumer Protection Subcommittee hearing on privacy implications of the Facebook-Cambridge Analytica breach (see 1806130057 and 1806140054).