PRIVACY BEAT: Two Silicon Valley lawmakers call for federal agency to regulate consumer data; privacy lobby backs initiative

Privacy Beat

Your weekly privacy news update.

1. Two Silicon Valley lawmakers call for a federal agency to regulate consumer data; privacy lobby backs initiative

Two U.S. Congress members whose districts include Silicon Valley introduced HR4978, the “Online Privacy Act of 2019” in a news release accompanied by expressions of support from key privacy advocates, including Free Press, Public Knowledge, the Electronic Privacy Information Center (EPIC) and Soshana Zuboff, the emeritus Harvard Business School professor and book author who has popularized the phrase “surveillance capitalism.”

“This legislation is a game-changer in several key ways,” Zuboff wrote in her endorsement of the proposal from two Democrats. “First, it reframes the privacy debate from the notoriously flawed regime of ‘notice and consent’ to the human rights of users. Also, the Act establishes a long-overdue Digital Privacy Agency with important new investigatory, legal, and law enforcement powers.”

“The [act] sets out strong rights for internet users, promotes innovation and establishes a data-protection agency,” wrote Caitriona Fitzgerald, EPIC’s policy director.  She said it “changes the privacy debate.” 

The bill includes two provisions that most Republicans and tech-industry lobbyists have so far argued are non-starters at the federal level — a private right-of-action for consumers, and no federal preemption of state laws such as the California Consumer Privacy Act. 

The measure argues for data minimization and purpose limitations. It expressly allows journalists to use or disclose personal information for investigative journalism no differently than they do today, as long as it is not used for non-journalistic purposes. The independent data-security web site Decipher’s detailed analysis of the bill’s language said  it “places significant restrictions on the kinds and amount of personal data companies can collect and what they can do with that information while they have it.”

The bill full text and summary are available online, along with a section-by-section breakdown

“Encouraging to see federal activity on this front, particularly as it racks closely to the proposed initiative,” tweeted Ashkan Soltani, one of the principal architects of the California Consumer Privacy Act, which takes effect Jan. 1. 

One sponsor, Rep. Zoe Lofgren, of San Jose, Calif., wrote that she consulted with more than 100 academics, businesses, regulators and advocacy organizations to “craft a comprehensive set of protections for users and their data.” She thanked EPIC for supporting the measure. The other co-sponsor, Rep. Anna G. Eshoo, D-Calif., represents California’s 18th Congressional District — the heart of Silicon Valley. 

RELATED LINKS:

Silicon Valley’s congresswomen want a new tech regulator | Ryan Tracy, Wall Street Journal

Silicon Valley Dems unveil bill creating U.S. privacy agency | Law360.com 

Bipartisan data-portability act introduced by Hawley, Warner, Blumenthal | Kimberly Gold, Reed Smith

Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More

2. Spanish academics profile 13 initiatives at data-privacy cutting edge; decry “winner-take-all” as unsustainable

Three researchers at a Spanish business school focused on innovation and social good have published a 125-slide report  (in English) that includes case studies of 13 initiatives on the cutting edge of data privacy.  The report, published Oct. 17, is entitled, “My Data, My Rules: From data extractivism to digital empowerment.”  The authors are Liliana Arroyo, Obaid Amjad and David Murillo of the Esade Ramon Llull University Institute for Social Innovation in Barcelona. 

“In a ‘winner takes all’ economy, the present balance between private profit, collective benefits and individual agency has become unsustainable,” the trio writes. “A host of vices, ranging from fiendishly complex web privacy policies to opaque, pervasive malpractices in the commercial exploitation of users’ personal data explain why the debate on individual empowerment, sovereignty and self-determination is heating up.”

They say individuals’ battle for ownership of their data is now echoed in many research projects and legal frameworks (such as the GDPR and the California Privacy Act), spawning a number of start-ups and social innovation projects. They say their report “takes a thought-provoking look at digital empowerment through ownership of one’s personal data. The academic debates on such empowerment now go beyond avoiding harm from data misuse to consider how users could be given more choice.”

The three cases analyzed in the greatest detail present the best practices for empowerment in their respective fields.

  • Digital Estonia, an electronic administration initiative, represents the public sector. 

  • Cozy Cloud, a French start-up offering storage solutions “with an interesting anti-GAFA (Google, Amazon, Facebook and Apple) proposal”, is an example of a private initiative. 

  • MIDATA.coop is a cooperative platform from Switzerland that enables people to control the reuse of their health data.

In addition to these examples, the report also analyses 10 other initiatives engaged in a variety of public, private and activist interests: Blue Button US, CitizenMe, Digi.me, Meeco, MyData Global Network, Mydex CIC, Savvy.Coop, Sesam Key, SOLID and Tactical Technology Collective.

RELATED LINK:

3. Mozilla, Center for Human Tech seek funds and survey responses to help curb privacy and other abuses

Two technology non-profit organizations have launched separate outreach efforts aimed at figuring out how society should manage unintended negative consequences of artificial intelligence and big data. 

On Tuesday, the Center for Humane Technology emailed a “dear friends” appeal to help by taking a 15-minute survey by Nov. 17 “if you are currently working in technology, or recently left.” Tristan Harris, the CHT’s co-founder and executive director, said the survey results would help with CDT’s mission to make sure technology does not make humans vulnerable. “To change how products are built, we need a clear understanding of the culture that’s creating them today,” he wrote. He said the results would be widely shared. 

Meanwhile, a day earlier the Mozilla Foundation emailed thousands of supporters asking for donations to help with what it said has become the primary focus of its long-term work — a drive to promote “trustworthy AI [artificial intelligence].”   At stake, Mozilla said, are data privacy, unfair bias or discrimination, content trust and algorithmic transparency.

The Mozilla Foundation is sole owner of Mozilla Corp., the for-profit maker of the Firefox browser and related services.  “We’re experienced at building effective coalitions to get big things done, and our global network of millions of supporters is a potent force to bring consumer demand for positive change to the market,” the foundation’s email said. 

RELATED: 

Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat

4. In announcing lawsuit in probe of Facebook, Becerra praises CCPA and looks forward to enforcing it

Tech-industry watchers wondering why California Attorney General Xavier Becerra has been quiet as 47 other states launched probes of Facebook got an initial answer this week — he’s already at work.  And he ties the work to the California Consumer Privacy Act (CCPA). 

Becerra called a news conference on Wednesday to announce the filing of a lawsuit in state court in San Francisco alleging Facebook has not fully complied with subpoenas for internal company documents and emails. (California Attorney General Says Facebook Won’t Comply with Subpoenas.) Facebook told The Daily Beast it had “cooperated extensively” and provided “hundreds of thousands of documents” to the attorney general’s office. 

Becerra’s petition to the court specifically noted that, in the words of the court papers, “Facebook broadly refuses to answer the interrogatories or comply with the subpoenas as required” and has refused to conduct a complete search for responsive documents, including, Becerra believes, emails of either CEO Mark Zuckerberg or COO Sheryl Sandberg. 

In the news conference, streamed live by his office, he said he realized he was refusing to confirm or deny investigations into big tech. In this case, he said, the court filing revealed the Facebook probe so he acknowledged it.  But he wouldn’t discuss the scope of the Facebook probe more broadly. 

Instead, he praised the CCPA. 

“In America, this is the only law in place to try to help protect your privacy in meaningful ways and so it will be a watershed moment come next year when this law takes effect and we are able to start enforcing it,” he said.

He continued: “When you look at the new consumer-privacy law you will get a sense of California consumers who will have more control over the use of their data,” said Becerra. “CCPA, which only California has…no one else has this level of protection for consumers when it comes to the use of the Internet.”

EVENTS

RELATED LINKS

CCPA UPDATES 

GDPR UPDATES

ADVERTISING TECH 

PERSONAL PRIVACY 

IDENTITY

PRIVACY BUSINESS 

QUOTE OF THE WEEK

First, a pre-selected checkbox that a user must actively uncheck to prevent giving their consent (i.e., an opt-out) does not amount to valid consent under the e-Privacy Directive, in conjunction with the GDPR, because it is not an active consent…second, it does not make a difference whether the information stored or accessed via the cookies constitutes personal data, the GDPR consent standard should still apply to the e-Privacy Directive’s consent rule…Lastly, website operators will need to ensure that users are provided with “clear and comprehensive” information to inform their decision as to whether or not to consent to the use of cookies.

Attorneys William Long, Elanor Dodding, and Jasmine Agyekum of Sidley Austin LLP law firm in Nov. 4, analysis of the impact of European case law and regulation on the “cookie”.

Share Share

Tweet Tweet

Share Share

Forward Forward

Facebook

Twitter

Website

Copyright © 2019 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp