|
1. Two Silicon Valley lawmakers call for a federal agency to regulate consumer data; privacy lobby backs initiative
Two U.S. Congress members whose districts include Silicon Valley introduced HR4978, the “Online Privacy Act of 2019” in a news release accompanied by expressions of support from key privacy advocates, including Free Press, Public Knowledge, the Electronic Privacy Information Center (EPIC) and Soshana Zuboff, the emeritus Harvard Business School professor and book author who has popularized the phrase “surveillance capitalism.”
“This legislation is a game-changer in several key ways,” Zuboff wrote in her endorsement of the proposal from two Democrats. “First, it reframes the privacy debate from the notoriously flawed regime of ‘notice and consent’ to the human rights of users. Also, the Act establishes a long-overdue Digital Privacy Agency with important new investigatory, legal, and law enforcement powers.”
“The [act] sets out strong rights for internet users, promotes innovation and establishes a data-protection agency,” wrote Caitriona Fitzgerald, EPIC’s policy director. She said it “changes the privacy debate.”
The bill includes two provisions that most Republicans and tech-industry lobbyists have so far argued are non-starters at the federal level — a private right-of-action for consumers, and no federal preemption of state laws such as the California Consumer Privacy Act.
The measure argues for data minimization and purpose limitations. It expressly allows journalists to use or disclose personal information for investigative journalism no differently than they do today, as long as it is not used for non-journalistic purposes. The independent data-security web site Decipher’s detailed analysis of the bill’s language said it “places significant restrictions on the kinds and amount of personal data companies can collect and what they can do with that information while they have it.”
The bill full text and summary are available online, along with a section-by-section breakdown.
“Encouraging to see federal activity on this front, particularly as it racks closely to the proposed initiative,” tweeted Ashkan Soltani, one of the principal architects of the California Consumer Privacy Act, which takes effect Jan. 1.
One sponsor, Rep. Zoe Lofgren, of San Jose, Calif., wrote that she consulted with more than 100 academics, businesses, regulators and advocacy organizations to “craft a comprehensive set of protections for users and their data.” She thanked EPIC for supporting the measure. The other co-sponsor, Rep. Anna G. Eshoo, D-Calif., represents California’s 18th Congressional District — the heart of Silicon Valley.
RELATED LINKS:
Silicon Valley’s congresswomen want a new tech regulator | Ryan Tracy, Wall Street Journal
Silicon Valley Dems unveil bill creating U.S. privacy agency | Law360.com
Bipartisan data-portability act introduced by Hawley, Warner, Blumenthal | Kimberly Gold, Reed Smith
|
|
Does your organization need customized privacy compliance solutions? ITEGA can help.
|
|
We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.
|
|
|
2. Spanish academics profile 13 initiatives at data-privacy cutting edge; decry “winner-take-all” as unsustainable
Three researchers at a Spanish business school focused on innovation and social good have published a 125-slide report (in English) that includes case studies of 13 initiatives on the cutting edge of data privacy. The report, published Oct. 17, is entitled, “My Data, My Rules: From data extractivism to digital empowerment.” The authors are Liliana Arroyo, Obaid Amjad and David Murillo of the Esade Ramon Llull University Institute for Social Innovation in Barcelona.
“In a ‘winner takes all’ economy, the present balance between private profit, collective benefits and individual agency has become unsustainable,” the trio writes. “A host of vices, ranging from fiendishly complex web privacy policies to opaque, pervasive malpractices in the commercial exploitation of users’ personal data explain why the debate on individual empowerment, sovereignty and self-determination is heating up.”
They say individuals’ battle for ownership of their data is now echoed in many research projects and legal frameworks (such as the GDPR and the California Privacy Act), spawning a number of start-ups and social innovation projects. They say their report “takes a thought-provoking look at digital empowerment through ownership of one’s personal data. The academic debates on such empowerment now go beyond avoiding harm from data misuse to consider how users could be given more choice.”
The three cases analyzed in the greatest detail present the best practices for empowerment in their respective fields.
-
Digital Estonia, an electronic administration initiative, represents the public sector.
-
Cozy Cloud, a French start-up offering storage solutions “with an interesting anti-GAFA (Google, Amazon, Facebook and Apple) proposal”, is an example of a private initiative.
-
MIDATA.coop is a cooperative platform from Switzerland that enables people to control the reuse of their health data.
In addition to these examples, the report also analyses 10 other initiatives engaged in a variety of public, private and activist interests: Blue Button US, CitizenMe, Digi.me, Meeco, MyData Global Network, Mydex CIC, Savvy.Coop, Sesam Key, SOLID and Tactical Technology Collective.
RELATED LINK:
|
|
|
3. Mozilla, Center for Human Tech seek funds and survey responses to help curb privacy and other abuses
Two technology non-profit organizations have launched separate outreach efforts aimed at figuring out how society should manage unintended negative consequences of artificial intelligence and big data.
On Tuesday, the Center for Humane Technology emailed a “dear friends” appeal to help by taking a 15-minute survey by Nov. 17 “if you are currently working in technology, or recently left.” Tristan Harris, the CHT’s co-founder and executive director, said the survey results would help with CDT’s mission to make sure technology does not make humans vulnerable. “To change how products are built, we need a clear understanding of the culture that’s creating them today,” he wrote. He said the results would be widely shared.
Meanwhile, a day earlier the Mozilla Foundation emailed thousands of supporters asking for donations to help with what it said has become the primary focus of its long-term work — a drive to promote “trustworthy AI [artificial intelligence].” At stake, Mozilla said, are data privacy, unfair bias or discrimination, content trust and algorithmic transparency.
The Mozilla Foundation is sole owner of Mozilla Corp., the for-profit maker of the Firefox browser and related services. “We’re experienced at building effective coalitions to get big things done, and our global network of millions of supporters is a potent force to bring consumer demand for positive change to the market,” the foundation’s email said.
RELATED:
|
|
4. In announcing lawsuit in probe of Facebook, Becerra praises CCPA and looks forward to enforcing it
Tech-industry watchers wondering why California Attorney General Xavier Becerra has been quiet as 47 other states launched probes of Facebook got an initial answer this week — he’s already at work. And he ties the work to the California Consumer Privacy Act (CCPA).
Becerra called a news conference on Wednesday to announce the filing of a lawsuit in state court in San Francisco alleging Facebook has not fully complied with subpoenas for internal company documents and emails. (California Attorney General Says Facebook Won’t Comply with Subpoenas.) Facebook told The Daily Beast it had “cooperated extensively” and provided “hundreds of thousands of documents” to the attorney general’s office.
Becerra’s petition to the court specifically noted that, in the words of the court papers, “Facebook broadly refuses to answer the interrogatories or comply with the subpoenas as required” and has refused to conduct a complete search for responsive documents, including, Becerra believes, emails of either CEO Mark Zuckerberg or COO Sheryl Sandberg.
In the news conference, streamed live by his office, he said he realized he was refusing to confirm or deny investigations into big tech. In this case, he said, the court filing revealed the Facebook probe so he acknowledged it. But he wouldn’t discuss the scope of the Facebook probe more broadly.
Instead, he praised the CCPA.
“In America, this is the only law in place to try to help protect your privacy in meaningful ways and so it will be a watershed moment come next year when this law takes effect and we are able to start enforcing it,” he said.
He continued: “When you look at the new consumer-privacy law you will get a sense of California consumers who will have more control over the use of their data,” said Becerra. “CCPA, which only California has…no one else has this level of protection for consumers when it comes to the use of the Internet.”
|
|
RELATED LINKS
CCPA UPDATES
GDPR UPDATES
ADVERTISING TECH
PERSONAL PRIVACY
-
New York Times writer explains access to consumer data scoring | Kashmir Hill, NYTimes
-
Think you’re anonymous online? A third of popular websites are ‘fingerprinting’ | Geoffrey Fowler, Washington Post
-
Snowden accuses FB, GG, big tech of abusing customers by collecting data, surveillance | Milly Vincent, DailyMail.com
-
Snowden says GDPR is ‘paper tiger’ until fines hit big tech | Steve Ranger, ZDNet
-
Edward Snowden says Facebook is just as untrustworthy as the NSA | Shirin Ghaffary, ReCode-Vox
-
Google says it won’t use your Fitbit data to target — but what else will it do? | Shirin Ghaffary & Rani Molla, ReCode-Vox.com
-
Mozilla to Congress: Don’t trust ISPs on data tracking | Marshall Erwin, Mozilla.org blog
-
Mozilla says ISPs are lying to Congress about encrypted DNS | Lisa Vaas, NakedSecurity blog
-
ACCESS Act Points the Way to a Post-HIPAA World | Adrian Gropper, Patient Privacy Rights
-
Firefox asks Congress to investigate ISP’s data-selling collection | Joseph Cox, Motherboard-Vice.com
-
Australian regulator sues Google claiming it mislead smartphone users | Teiss.co.uk
-
Chromium-based Microsoft browser out Jan. 15 will include new privacy features | Frederic Lardinois, TechCrunch.com
-
Facebook discloses privacy breach in developer group | Caitlin Welsh, Mashable.com
-
Indian businesses must take data privacy seriously, Omidyar advisors write | Sabhashish Bhadra & Roopa Kudva, Times of India
-
Would a ‘privacy information label help consumers, asks Omidyar analyst? | Subhashish Bhadra, Twitter.com
IDENTITY
PRIVACY BUSINESS
|
|
QUOTE OF THE WEEK
“First, a pre-selected checkbox that a user must actively uncheck to prevent giving their consent (i.e., an opt-out) does not amount to valid consent under the e-Privacy Directive, in conjunction with the GDPR, because it is not an active consent…second, it does not make a difference whether the information stored or accessed via the cookies constitutes personal data, the GDPR consent standard should still apply to the e-Privacy Directive’s consent rule…Lastly, website operators will need to ensure that users are provided with “clear and comprehensive” information to inform their decision as to whether or not to consent to the use of cookies.”
– Attorneys William Long, Elanor Dodding, and Jasmine Agyekum of Sidley Austin LLP law firm in Nov. 4, analysis of the impact of European case law and regulation on the “cookie”.
|
|
|
|
|