Twenty-seven percent of internet users in 17 countries said they’re willing to share personal data in exchange for benefits or rewards such as lower costs or personalized service, GfK reported Friday. Those ages 30-40 are most likely to share data such as health, financial, driving records or energy use for rewards, with China (38 percent), Mexico (30 percent) and Russia (29 percent) topping the list. U.S. respondents skewed slightly lower at 25 percent willing to share data (23 percent who disagreed with the statement). Germany (40 percent), France (37 percent) and Brazil (34 percent) have the most internet users unwilling to share data for rewards, the report said. GfK interviewed more than 22,000 consumers ages 15 and older online last summer.

Facebook revamped a tutorial aimed at helping users better understand and enhance their privacy and security on its website. In a Thursday news release, the company said the "Privacy Basics" site, which provides 32 interactive guides in 44 languages, can help users quickly find information about privacy topics such as who can see their photos, comments and friends, plus tips and tools like managing privacy settings, advertising and security. "This is part of Facebook’s overall effort to make sure you have all the information you need to share what you want with only the people you want to see it," said Facebook. The improvements are part of the annual Data Privacy Day, on Saturday. In a separate announcement, Facebook said it also improved which videos will be presented on the site's news feed based on viewer engagement. Product Manager Abhishek Bapna and Research Scientist Seyoung Park wrote in a blog post the company will consider "percent completion" of a video. "If you watch most or all of a video, that tells us that you found the video to be compelling -- and we know that completing a longer video is a bigger commitment than completing a shorter one," they wrote. They said they don't expect significant changes in distribution, but longer videos may get a slight bump while shorter videos a slight decrease. The change will be rolled out over the next few weeks.

Several civil society and technology companies hailed the reintroduction of the Email Privacy Act (HR-387) that would update the 1986 Electronic Communications Privacy Act (see 1701090017), which currently allows law enforcement agencies to access people's emails that are older than 180 days old without a warrant. CTA President Gary Shapiro said in a news release that "this common-sense bill would ensure online communications are treated with the same privacy protections as physical mail and instill confidence that consumers' personal data is legally protected, no matter where it is stored." Free Press Action Fund Government Relations Manager Sandra Fulton said Americans "expect their cloud-based communications to receive the same privacy protections that the framers of the Fourth Amendment promised for our ‘papers and effects.’ The Email Privacy Act makes this expectation a reality." Information Technology and Innovation Foundation Vice President Daniel Castro said rules about accessing electronic communications in criminal probes "have simply not kept up with advances in modern technology" and treat data stored in the cloud different than data stored in a local computer. He said Congress should make it a top legislative priority to safeguard privacy and Fourth Amendment protections. Center for Democracy & Technology Vice President-Policy Chris Calabrese, who helped negotiate with congressional staff to craft the popular bill last year, said that "private communications is clearly one thing everyone in Congress can agree on." The ACT|The App Association, BSA|The Software Alliance, Electronic Frontier Foundation and Information Technology Industry Council also urged quick passage of the bill.

Sen. Ed Markey queried Genesis Toys and Nuance Communications about what data they collect on children with internet-connected toys My Friend Cayla and i-Que Intelligent Robot. Consumer and privacy groups told the FTC Tuesday that the toys may collect and use personal information from children in violation of the Children’s Online Privacy Protection Act and rules prohibiting unfair and deceptive practices (see 1612060021). Markey, who authored COPPA when he was in the House, sent identical letters to each company Tuesday. “Given the sensitive nature of children’s recorded speech, I believe that Genesis Toys and Nuance must take responsible steps to protect children’s privacy and comply with the Children's Online Privacy Protection Act (COPPA),” Markey wrote. The senator asked for responses by Jan. 3.

Tech industry collaboration to remove terrorist propaganda sets a “troubling precedent,” Center for Democracy and Technology said Tuesday. Facebook, Microsoft, Twitter and YouTube pledged Monday to curb the spread of terrorist content. “CDT is deeply concerned that this joint project will create a precedent for cross-site censorship and will become a target for governments and private actors seeking to suppress speech across the web,” wrote CDT Free Expression Project Director Emma Llansó in a blog post. The companies buckled to pressure from governments in the U.S., EU and elsewhere, commencing “a dangerous slide down the slippery slope to centralized censorship of speech online,” she said. Google blogged Monday that the companies would create a shared industry database of hashes for violent terrorist imagery or terrorist recruitment videos and images they removed from services. “By sharing this information with each other, we may use the shared hashes to help identify potential terrorist content on our respective hosted consumer platforms,” Google said. The company didn’t comment Tuesday on the CDT post.

Makers of connected "smart" toys should provide clear privacy notices, give "meaningful" ways for parents to consent to collection and use of their children's data, and protect that information as a way to build trust with parents, said a Future of Privacy Forum and Family Online Safety Institute paper Thursday. Building on a June event, FPF and FOSI analyzed privacy and security implications of such toys -- like the speech-activated Dino and Hello Barbie Dream House or the wearable bracelet Pokemon Go Plus -- which can connect to the internet and, therefore, collect, process and share kids' data. "As connected toys become more popular, it is important for toymakers to be transparent about their data practices and to mitigate security risks," said FPF CEO Jules Polonetsky in a news release. "Federal law provides key safeguards, but more can be done to build trust.” The Children's Online Privacy Protection Act may apply to such devices, but the organizations say companies "should go beyond COPPA's strictures by building privacy into the design and packaging of their toys." Even non-connected toys that use Bluetooth could raise privacy concerns by transmitting hardware-specific data that can be tracked by sensors in a store or shopping area, the paper said. Manufacturers should consider technical or policy measures to ensure such toys can be used in public spaces while providing appropriate privacy options, it added.

The FTC's Jessica Rich, who heads the agency's consumer protection bureau, will kick off a Dec. 7 event on smart TVs, featuring two panels that will explore advertising targeting technologies and data collection practices and safeguards, said the commission in a Monday news release with agenda details. The FTC said "virtually all" TV systems this year -- including apps, game consoles, set-top boxes, smart TVs and streaming devices -- track viewers' habits that allow advertisers to target ads even through consumers' phones and desktop browsers. The first panel -- with representatives from the Coalition for Innovative Media Measurement, comScore, Network Advertising Initiative, Samba TV and TiVo Research -- will discuss new measurement capabilities, how smart TVs are used in cross-device targeting and how consumer transparency and choice are being addressed. The second panel -- with experts from Consumer Reports, Direct Marketing Association, the Electronic Privacy Information Center, Public Knowledge and the University of California, Berkeley -- will talk about what viewers' data is being collected and shared, how consumers can be more informed about such practices and the legal protections they have. The 1-4:30 p.m. event will be held at 400 7th St. SW.

Third-party set-top box makers should be bound only by the same privacy rules that govern multichannel video programming distributors for data that “is derived exclusively from the MVPD data stream,” said Microsoft officials in a call with aides to FCC Chairman Tom Wheeler and Chief Technologist Scott Jordan Thursday, said an ex parte filing posted Tuesday in docket 16-42. “Overbroad application of the certification requirement would interfere with the collection and use of data to support other legitimate functions of multi-use devices, including operations to maintain the security of the device.” If third-party box makers are bound by the MVPD privacy rules' notice requirement, they should be allowed to provide that notice online, since unlike MVPDs, they don't send customers monthly bills, Microsoft said. A draft set-top box order is circulating but may not be OK'd by commissioners soon (see 1610180052).

Facebook and its Instagram unit, and Twitter gave Geofeedia, which markets a social media tool to law enforcement agencies as a way to monitor activists and protestors, access to user data, said the American Civil Liberties Union of California in a Tuesday blog post. The ACLU said it obtained records that showed such activities, and the companies acted to curb the access only after the civil liberties group reported findings to them. "Instagram cut off Geofeedia’s access to public user posts, and Facebook has cut its access to a topic-based feed of public user posts. Twitter has also taken some recent steps to rein in Geofeedia though it has not ended the data relationship," wrote ACLU Policy Attorney Matt Cagle. But he said the companies need to do more to protect users. The group learned of Geofeedia's agreements from public records requests to 63 California law enforcement agencies, with emails from company representatives "telling law enforcement about its special access to Twitter, Facebook, and Instagram user data." In an email to us, a Facebook spokesman said "this developer only had access to data that people chose to make public. Its access was subject to the limitations in our Platform Policy, which outlines what we expect from developers that receive data using the Facebook Platform. If a developer uses our APIs [application programming interface] in a way that has not been authorized, we will take swift action to stop them and we will end our relationship altogether if necessary.” The spokesman said Geofeedia's access to Instagram's API was terminated. Twitter said in a tweet that based on the ACLU report, "we are immediately suspending @Geofeedia’s commercial access to Twitter data."

Sen. Mark Warner, D-Va., is urging the SEC to investigate whether Yahoo fulfilled its obligation to inform investors and the public about the 2014 data breach that affected more than half a billion user accounts (see 1609220046 and 1609230026). In a Monday news release, which included the text of a letter to SEC Chairwoman Mary Jo White, Warner said, “Yahoo’s September filing asserting lack of knowledge of security incidents involving its IT systems creates serious concerns about truthfulness in representations to the public. The public ought to know what senior executives at Yahoo knew of the breach, and when they knew it.” He said the company may have known about the breach this summer and failed to file a Form 8-K about it, as required. Warner, co-founder of the Senate Cybersecurity Caucus, also asked the SEC to assess the adequacy of current disclosure thresholds since "fewer than 100 of approximately 9,000 publicly listed companies have reported a material data breach since 2010." Yahoo didn’t comment.