Ohio legislators amended a comprehensive privacy bill by unanimous voice vote at a House Government Oversight Committee hearing Wednesday. Rep. Rick Carfagna (R) said the new version of HB-376 is “more nuanced” about how it classifies businesses, differentiating between data controller at the front end and processors in the backend. The amended bill would preempt local privacy rules, give consumers a right to opt out of targeted advertisements and align various definitions more closely with other states’ bills, Carfagna said. Businesses wouldn’t have to respond to requests for pseudonymous data, he said. The lawmaker said he worked on the amendment with industry groups including the State Privacy and Security Coalition and BSA|The Software Alliance. The Ohio Association for Justice (OAJ), a trial lawyers group, and the American Civil Liberties Union Ohio opposed HB-376. Enforcement only by the state attorney general isn’t enough to protect Ohioans, said OAJ Trustee Curtis Fifner: The bill should allow private lawsuits, at least when the AG decides not to prosecute a claim. The measure is full of “exploitable loopholes” allowing businesses to “circumvent” privacy protections, said ACLU Ohio Chief Lobbyist Gary Daniels: it gives consumers a “right to know” but not to act, he said. Ohio bills typically get three hearings in committee before going to the floor; Wednesday’s was the third.

NTIA plans three virtual "listening sessions" this month focusing on "the intersection of privacy, equity, and civil rights." NTIA said the sessions will provide information as it works on a report into "the ways in which commercial data flows of personal information can lead to disparate impact and outcomes for marginalized or disadvantaged communities." The sessions will be at 1 p.m. EST Dec. 14-16.

Massachusetts legislators heard bills to rein in facial recognition technology at a Joint Judiciary Committee virtual hearing Tuesday. Facial recognition dangerously facilitates government surveillance, and the technology discriminates against people of color, said Senate Majority Leader Cynthia Stone Creem (D). “This is happening,” said Creem, including in Massachusetts schools where districts are using facial identification on kids without parents’ knowledge. Her bill (S-47) would ban such government ID in public locations. Police could perform a facial recognition search with a warrant or in emergencies. Several municipalities including Springfield already ban facial surveillance, said state Rep. Orlando Ramos (D) in support of his similar H-135. The tech is “inconsistent, inaccurate and overall dangerous” for people of color who are frequently misidentified, he said. Current state law regulates law enforcement but not non-police entities like schools and public transportation, he said. Regulating government use of facial recognition is a “good start,” but Rep. Dylan Fernandes (D) is more concerned about a private company using the tech for profit, he said. His H-117 would cover anyone “including corporate affiliates, that collects, stores, or processes facial recognition data,” but not government. Facial ID could have “vast consequences for our society, but there are very few rules guiding it,” said Fernandes.

Privacy groups urged Massachusetts legislators to dismiss industry concerns about a possible state privacy law. In response to industry warning about high compliance costs at a hearing last month (see 2110130060), AccessNow, the Electronic Frontier Foundation, American Civil Liberties Union Massachusetts and other bill supporters wrote Wednesday to the Joint Committee on Advanced Information Technology, the Internet and Cybersecurity. The measure applies to “large-scale, for-profit corporations,” they said. The law would contain several exceptions and fines would be scaled by company size, they added. Voluntary commitments to privacy are insufficient, the consumer privacy groups said. Don’t wait for federal law, which doesn’t seem likely anyhow, they said. “Any potential future federal law should be the floor and not the ceiling of privacy legislation ... The U.S. is a vast country with many significant variations in state-level consumer protection laws, and companies can and do comply.”

House Republicans issued draft legislation Wednesday that would establish a national privacy law and an FTC privacy bureau. Commerce Committee ranking member Cathy McMorris Rodgers, Wash., and Consumer Protection Subcommittee ranking member Gus Bilirakis, Fla., said the U.S. needs a national standard that supports small business, promotes transparency and incentivizes data security. Republicans laid out principles to guide the legislative discussion. They announced various assignment areas for members, including proper data retention practices to protect cybersecurity, blockchain technology, privacy-by-design policies, anti-discrimination and proper FTC and state attorney general enforcement. “Moving beyond a patchwork of state and local laws will ensure consumers are protected no matter where they live in the United States,” said Internet Association CEO Dane Snowden. “The bill properly prioritizes a primary FTC enforcement approach and gives consumers meaningful controls over their own data.”

Facebook is “shutting down” its face scanning system, Vice President-AI Jerome Pesenti announced Tuesday “as part of a company-wide move to limit the use of facial recognition in our products.” Users who opted into the technology won’t be automatically recognized in photos and videos, and Facebook will “delete more than a billion people’s individual facial recognition templates,” he said. That includes more than a third of the platform's users. “We need to weigh the positive use cases for facial recognition against growing societal concerns, especially as regulators have yet to provide clear rules,” he said.

The FTC report on ISPs' “rampant abuse” of consumer data should be enough to get Congress to pass privacy legislation, said Sen. Ron Wyden, D-Ore. “Whether it’s advertisers, tech companies or Big Cable, corporate America is showing absolute contempt for the idea that consumers can control personal details.” Repeal of net neutrality regulations had “opened the floodgates” to ISPs’ unchecked use of browsing data, he said Friday: “The FCC needs every tool available to stop cable companies from gouging consumers and selling their data.” NCTA said Thursday the report shows “a highly distorted view of ISP data collection policies and inappropriately attempts to lump broadband providers into the same category as the Big Tech platforms.” Cable ISPs take their responsibilities to protect consumer data seriously, and consistent rules are needed across the internet, NCTA said.

YouTube, TikTok and Snap will testify at a Senate Consumer Protection Subcommittee hearing Tuesday at 10 a.m. in 253 Russell. The hearing will examine how social media impacts children’s health and privacy issues. Scheduled witnesses are Leslie Miller, YouTube vice president-government and public policy; Michael Beckerman, TikTok head-public policy, Americas; and Jennifer Stout, Snap vice president-global public policy.

The FTC will deliberate Oct. 21 whether to publicly share evidentiary findings from an agency study on the privacy practices of major ISPs, the commission announced Thursday. Publishing of the findings is subject to a commission vote. In 2019, the FTC issued Section 6(b) orders to AT&T, Comcast, Google Fiber, T-Mobile, Verizon and advertising affiliates. Staff will present study findings at the virtual open meeting, which is to begin at 1 p.m. EDT. Speaker registration and comments are due Monday.

The FTC should use its full authority to ensure tech companies uphold new policies created in response to the U.K.’s new children’s privacy law, Sen. Ed Markey, D-Mass., wrote the agency Friday with Reps. Kathy Castor, D-Fla., and Lori Trahan, D-Mass. Full authority includes Section 5, they said, noting the U.K. law took effect in September. They encouraged the agency “to use every tool at your disposal to vigilantly scrutinize companies’ data practices and ensure that they abide by their public commitments.” The FTC didn't comment.