The Senate Commerce Committee bipartisan working group’s goal is to negotiate privacy legislation differences “in the next month,” Sen. Jerry Moran, R-Kan., told us Tuesday. The group includes Moran, Commerce Chairman Roger Wicker, R-Miss., Sen. Richard Blumenthal, D-Conn., and Sen. Brian Schatz, D-Hawaii. Staffers for the lawmakers are exploring privacy principles and specific legislative provisions, Moran, Schatz and Blumenthal told us. “There is no deadline, but I am encouraging, pushing that this be addressed, that we get to the point at which the senators can sit down and try to resolve any additional, remaining differences in the next month,” Moran said. The group is in more advanced discussions than “principles,” Wicker told us. It hasn’t reached the point where draft legislation is circulating, Blumenthal told us. Staff is weighing principles and “specific provisions,” he said, noting draft legislation can’t be written with principles. “There’s no deadline. We want to get it right,” Blumenthal told us. “We have to make it bipartisan. We have to get the Republican leadership.” Wicker was asked whether he has a privacy hearing in mind for April. “I don’t know that we’ve scheduled that, but we’re going to have lots more witnesses on data privacy,” he told reporters. The committee received criticism from privacy and consumer groups when an initial list for its first privacy hearing of the year featured an all-industry panel (see 1902220041).
Karl Herchenroeder
Karl Herchenroeder, Associate Editor, is a technology policy journalist for publications including Communications Daily. Born in Rockville, Maryland, he joined the Warren Communications News staff in 2018. He began his journalism career in 2012 at the Aspen Times in Aspen, Colorado, where he covered city government. After that, he covered the nuclear industry for ExchangeMonitor in Washington. You can follow Herchenroeder on Twitter: @karlherk
Removing liability protections from Section 230 of the Communications Decency Act results in heavier content moderation, evidenced by impacts of a new anti-sex trafficking law (see 1806290044), Facebook Public Policy Manager Lori Moylan said at the Cato Institute Friday. Moylan said it’s likely some Conservative Political Action Conference attendees might argue that without Section 230 protections, Facebook “would no longer accidentally take down any conservative political speech,” which is “simply not true.”
Breaking up big tech platforms like Facebook could “very potentially” help with political censorship issues related to anti-competitive behavior, Sen. Ted Cruz, R-Texas, told us, responding to questions about the FTC’s newly formed tech competition task force (see 1902270063). Facebook’s acquisitions of Instagram and WhatsApp are an “obvious place to inquire,” said Cruz, the agency’s Office of Policy Planning director in the early 2000s. “I hope the task force looks at both antitrust issues and consumer protection issues and in particular, the political censorship that we’ve seen from big tech.” He called the group “long overdue.”
Senate Commerce Committee Chairman Roger Wicker, R-Miss., ranking member Maria Cantwell, D-Wash., and industry officials are open to passing a federal privacy law that’s stronger than California’s. Cantwell suggested during the committee’s first privacy hearing in 2019 that federal law should be stronger, at a minimum. Wicker sounded hopeful about prospects for privacy legislation during a later Incompas event, saying it's one of his “must-pass” priorities for the committee this year (see 1902270018).
Owners of musical.ly, a video social networking app now called TikTok, reached a record $5.7 million settlement with the FTC over claims the company illegally collected children’s personal data, the agency announced Wednesday. It’s the largest civil penalty the FTC, whose members unanimously approved, has collected under the Children’s Online Privacy Protection Act. Musical.ly failed to seek parental consent for collecting names, email addresses and other data from users younger than 13, the FTC alleged in a complaint filed by DOJ. “We take enforcement of COPPA very seriously, and we will not tolerate companies that flagrantly ignore the law,” Chairman Joe Simons said in a statement. “These practices reflected the company’s willingness to pursue growth even at the expense of endangering children,” said Commissioners Rohit Chopra and Rebecca Kelly Slaughter. They said executives should face more accountability in future cases. The company has implemented changes that now direct TikTok users into “age-appropriate” app sections, it said: “The new environment for younger users does not permit the sharing of personal information, and it puts extensive limitations on content and user interaction.” Sen. Ed Markey, D-Mass., urged future “higher monetary penalties that will actually [incentivize] COPPA compliance.” More than 200 million worldwide users, 65 million registered in the U.S., downloaded the app. Accounts were publicly available by default, the FTC said, and public reports show adults contacted children through the app. The app includes a feature that lets users discover other users within a 50-mile radius. App operators received thousands of complaints from parents that their underage children had accounts, the FTC said. “This case should put tech companies on notice that continued disregard for COPPA will result in penalties and consumer mistrust that can seriously impact their business,” said Common Sense Media CEO Jim Steyer.
The U.S. credit reporting system needs to be overhauled, House Financial Services Committee Chairman Maxine Waters, D-Calif., and ranking member Patrick McHenry, R-N.C., agreed during a hearing Tuesday. Waters suggested the U.S. might need to completely rebuild the credit reporting industry to “put consumers first.” She urged support for her Comprehensive Consumer Credit Reform Act, which amends the Fair Credit Reporting Act, revising requirements for disputes over consumer credit information reported by consumer reporting agencies. McHenry said the credit reporting system is broken. The Fair Credit Reporting Act, which governs the industry, was written for the pre-internet era, he said. The three companies testifying are an oligopoly, he said. Equifax CEO Mark Begor expressed regret about the 2017 cyber breach (see 1809070053). Since the incident, the company has invested more than $80 million to assist affected consumers, including a free identity theft protection service that expires in November, he said. Experian North America CEO Craig Boundy said his company supports a federal data security and breach notification standard. TransUnion CEO James Peck committed to working with the committee, regulators and industry to make credit reporting “stronger, fairer and more accurate.”
It makes no sense for Republicans to support a privacy bill that doesn’t pre-empt state law, House Commerce Committee ranking member Greg Walden, R-Ore., told us before the committee’s first 2019 privacy hearing. “We should look at what’s best for the country. Maybe it is California’s law. I don’t think so personally, but we should get schooled up on” state laws, he said.
The Senate Commerce Committee’s privacy hearing Wednesday will be the first in a series with various stakeholders, a Senate aide said Friday, responding to criticism for announcing an all-industry witness panel (see 1902210055). The committee received similar criticism last year when then-Chairman John Thune, R-S.D., hosted an all-industry panel (see 1809260050) before holding a follow-up hearing with privacy experts.
Uniform software bill of materials (SBOM) standards will lead to more cyber-secure industry and government entities (see 1806060036), NTIA working group officials said Wednesday on a conference call. The agency is gathering feedback from software vendors, IoT manufacturers, medical device manufacturers, civil society and various sectors to improve transparency of software components and digital security.
Regulators and policymakers should find ways to maximize international data flow through legislation and trade deals that recognize the public’s right to data privacy, Apple, IBM and BSA|The Software Alliance representatives said Thursday. It’s not about reducing data privacy enforcement, said Apple Global Trade and International Affairs chief Lisa Pearlman, moderating a Washington International Trade Association panel. Finding balance between restricting and enabling data transfers is “one of the biggest challenges,” she said. IBM Market Access and Trade Director Steve Stewart said the more stringent data localization requirements, the less businesses can operate and compete. He noted two-thirds of IBM’s revenue comes from outside the U.S. It’s critical to get cross border data flow rules correct, said BSA Policy Director Joseph Whitlock. He claimed 98 percent of all international data ever gathered was created in the past two or three years. China is the most significant threat to international data flows, C&M International CEO Robert Holleyman said. In China, domestic companies have a clear advantage over international competitors because of data localization standards, he said. Artificial intelligence will have broad, economywide impacts on trade, said Brookings Institution Global Economy and Development Senior Fellow Joshua Meltzer. Large data sets are necessary to improve AI accuracy, he said.