The leader and ranking member of the Senate Select Committee on Intelligence set a Wednesday hearing on the Foreign Intelligence Surveillance Act. Director of National Intelligence Daniel Coats, acting FBI Director Andrew McCabe, NSA Director Mike Rogers and Deputy Attorney General Rod Rosenstein "will provide a comprehensive overview of FISA’s authorities, current oversight mechanisms, and examples of the value this court-authorized collection provides to the United States Intelligence Community," said a Friday announcement from Chairman Richard Burr, R-N.C. and Vice Chairman Mark Warner, D-Va.: The hearing at 10 a.m. in Hart 216 "will move into closed session following the open session," the announcement said.

Baby Pet Vet Doctor app developer Tiny Piece modified the app and its advertising in response to a Children's Advertising Review Unit inquiry, the Council of Better Business Bureaus' division said Thursday. CARU initially decided Baby Pet Vet Doctor included a children's category, but the app's registration process didn't collect an email address for parents of child users and failed to obtain consent for the collection of information from children. The app also didn't include a visible privacy policy, CARU said. Google Play rated the app T for teen even though it was described as “the perfect game for children.” The app included advertising for T-rated games like Pregnant Mommy's Surgery, My Ex-Boyfriend Comes Back and Plastic Surgery Simulator, CARU said. Tiny Piece responded by no longer collecting email addresses for child-age users, removed the children's category from the app and posted a privacy policy. Tiny Piece also modified its description to reflect that the game is aimed at people aged 12 years and older.

Consumer Watchdog said Friday it endorsed "right to be forgotten" legislation introduced in New York state that would give residents there the ability to request removal of online material and search engine links considered harmful to their interests or reputation. “Unfair and no longer relevant digital footprints following you throughout your life can hurt you. People need to be able to tell the Internet: ‘Just fuhgeddaboudit,’” said Consumer Watchdog Privacy Project Director John Simpson in a news release. It might be the first state to have such legislation, he emailed us. Earlier this year, Assemblyman David Weprin (D) introduced A-5323 with companion legislation introduced in the Senate that was later removed. In a letter sent Thursday to Assemblywoman Crystal Peoples-Stokes (D), who chairs the Government Operations Committee considering A-5323, Simpson said the bill would protect people's privacy. Such rights in Europe are managed fairly without burdening Google and other search engine providers and online publishers, said Simpson. He said right to be forgotten isn't censorship, nor would it raise First Amendment issues, and it doesn't apply to governmental, political or public interest matters.

Twitter is providing tools to give users more access to their information and "more granular control" over how their data is used and is also updating its privacy policy, the company blogged Wednesday. "Demographic and interest data, and advertisers that have included you in their tailored audiences" will be available, it said. Plus, personalization and data settings will give users more power over how Twitter uses their data such as opting out including for sharing with third parties. When users log in, their device will be associated with their account for authentication and personalization purposes, said Twitter. Changes to the privacy policy include expanding how it uses and stores data from other websites that integrate Twitter content like embedded tweets, the company said. Twitter also said it updated how non-personal, aggregated and device-level data is shared, including some data linked to users' names but only when they give consent in the policy.

A student privacy guide is available for parents, the Parent Coalition for Student Privacy (PCSP) and Campaign for a Commercial-Free Childhood (CCFC) announced Tuesday. The toolkit provides an overview of federal student data laws, tips to protect children's privacy, a guide to understand privacy policies, sample opt-out forms and questions to ask schools. PCSP co-Chair Rachael Stickland said many parents are "under the false impression" that their children's records are stored in a paper file in the principal's office. A recent Electronic Frontier Foundation report said student privacy is being compromised by major tech companies without parents' knowledge (see 1704140050). "You shouldn’t need a PhD or law degree to ensure that your child’s sensitive student data isn’t shared with commercial entities," said CCFC Executive Director Josh Golin.

Mattel should stop production of Aristotle, a baby monitor with artificial intelligence like Amazon Echo, the Campaign for Commercial-Free Childhood said Tuesday in a news release as it launched a petition. The Wi-Fi-enabled device watches and listens to children with a camera and mic, stores data about the child’s activity and shares it to other apps and online retailers, CCFC said. "Aristotle is no friend to babies or children -- it’s a marketing device and a data-collecting intruder into family privacy," said Executive Director Josh Golin. Mattel didn’t comment.

The Illinois Senate passed “right-to-know” privacy legislation that would require commercial website operators collecting customer information to notify customers upon request by the customer. Senators voted 31-21, with seven not voting Thursday, to send SB-1502 to the House. “As the federal government continues to roll back regulations that would allow companies like Google and Facebook to sell and share your personal data, the need for state regulations has become absolutely vital,” sponsor state Sen. Michael Hastings (D) said in a news release Friday. “The price of surfing the web shouldn’t mean sacrificing your privacy and personal information.” As written, the bill doesn’t cover ISPs. “However, there is intent for this to be clarified in the House,” a Hastings spokeswoman emailed. “The House plans on amending the bill to exempt phone and cable companies.” In Minnesota, State Rep. Paul Thissen (D) introduced a bill Friday requiring Internet companies to reimburse individual consumers for the value of personal information they provide, starting in 2019. It would require the Public Utilities Commission to set the value. "Our economy is becoming increasingly dominated by a handful of incredibly powerful companies who make huge amounts of money trading on the personal information of Americans," Thissen said in a news release Friday. "It's time for Minnesotans to have ownership of their own personal information recognized and to share in the profits made off the sale of that information." The bill would apply to ISPs and website operators, Thissen emailed us. The state lawmaker is also the sponsor of an ISP privacy amendment to Minnesota’s omnibus jobs bill. A joint conference negotiating the omnibus dropped the privacy language, but Thissen said he still believes it could be added back. Proposed state ISP privacy rules are running into roadblocks in some of more than 10 jurisdictions seeking to challenge President Donald Trump and Congress for using the Congressional Review Act to kill FCC privacy rules (see 1705030041).

Sixty-eight percent of Americans polled in April said access to the internet is a privilege, and 32 percent it's a "human right," according to an online survey of 2,000 people released Thursday by virtual private network provider AnchorFree. Of those who said the internet is a privilege, 42 percent said ISPs should provide safe and secure access; of those who said the internet is a right, 41 percent said government is responsible for secure access. "Neither government nor the private sector is taking responsibility for consumers’ online privacy," said AnchorFree CEO David Gorodyansky in a news release. "It now squarely rests on each individual." Eighty percent are more concerned about online privacy and security now than a year ago, the survey found.

Consumer Watchdog filed a formal complaint with the FTC claiming Uber deceptively tracked its app users after they deleted the app from their iPhones, said John Simpson, the public interest group's Privacy Project director, Thursday. In the complaint, Simpson said the commission should first must make sure that users who have deleted the app aren't being tracked and then enjoin Uber from engaging in the practice. The FTC also should make sure that the company's privacy policy "accurately and clearly describes" its actual practices, which Simpson said it likely doesn't. The complaint stems from a recent story by The New York Times that said Uber "had been secretly identifying and tagging iPhones even after its app had been deleted and the devices erased" and hiding the practice from Apple. "It is important that the Commission take a position to block this unfair and deceptive activity, for based on the company's record it is likely to engage in the activity again," wrote Simpson. The iPhone app is the main focus, but Consumer Watchdog said the FTC also should review the Android app to see if Uber is conducting similar tracking of users. An Uber spokesperson emailed that the company "absolutely" doesn't track users or their locations if they have deleted the app. "As the New York Times story notes towards the very end, this is a typical way to prevent fraudsters from loading Uber onto a stolen phone, putting in a stolen credit card, taking an expensive ride and then wiping the phone -- over and over again," said the spokesperson, adding that similar techniques are used in detecting and blocking suspicious logins to protect accounts. The spokesperson also said The New York Times allegations date back to early 2015, before Uber hired its first chief security office and centralized all security functions. An FTC spokeswoman confirmed the agency received the complaint but couldn't comment beyond that.

If an American company self-certifies with the EU-U.S. Privacy Shield, ​it can be sued for not living up to the principles established under the trans-Atlantic data transfer program, said the FTC in a blog post giving advice about compliance. The commission will pursue enforcement actions for misleading consumers about the participation in the framework or other international certification programs like it did under the old safe harbor agreement, wrote Guilherme Roschke, counsel-International Consumer Protection, and Hugh Stevenson, deputy director, Office of International Affairs. They said Thursday that companies should be careful about adopting a template or industry sample to create a privacy policy and make sure all of the framework's requirements are covered. "You're making promises you need to keep," they wrote, adding firms constantly must reassess their practices, review their privacy policies and check that their certifications don't lapse. "The FTC has sued companies that failed to maintain their annual certification, but still claimed to participate," they added. The Department of Commerce said Wednesday the Swiss-U.S. Privacy Shield framework started to accept applications (see 1704130005).