Blumenthal

This week, the Senate Judiciary Subcommittee on Privacy, Technology and the Law held a hearing to discuss the Location Privacy Protection Act of 2014, a bill reintroduced in March by Senator Al Franken (D-MN).  Most concerned with the potential for misuse and abuse of location data for purposes of stalking and perpetrating domestic violence, Senator Franken, who chairs the Subcommittee on Privacy, made clear at the hearing his view that, “Stalking apps must be shut down.”  Franken clarified, however, that his bill is not only intended to protect victims of stalking, but provides basic privacy safeguards for sensitive location information pertaining to all consumers.  Most critically, Senator Franken suggested that because location data lacks sufficient legislative protection, some of the most popular apps used widely by average consumers have been found to disclose users’ precise location to third parties without obtaining user permission.  Further, he noted that in light of stalking apps that are deceptively labeled as something else, such as “parental monitoring,” it is necessary to create a law with basic rules for any service that collects location information.

The witnesses representing law enforcement, federal agencies, and consumer-advocacy and anti-domestic violence groups gave testimony sharing Senator Franken’s concerns, and also suggested that industry self-regulation in this area so far has not been consistent or transparent.  Jessica Rich, Director of the Federal Trade Commission’s Bureau of Consumer Protection, for example, noted that broadly speaking, while many industry groups and individual companies purport to adopt the opt-in model as a best practice, enforcement has shown that the standard is in fact not complied with on a regular basis. 

In response, witnesses representing industry largely rejected the notion that legislation like Senator Franken’s is needed at this time.  Expressing particular worry that laws and regulations are inflexible and can quickly become outdated in the face of rapidly evolving technologies, Lou Mastria, Executive Director of the Digital Advertising Association (“DAA”), testified that innovation is better served by self-regulation, which can adapt to new business models because it is more “nimble” than government regulation, as subcommittee ranking member Senator Jeff Flake (R-AZ) phrased it.  Mr. Mastria pointed to the DAA’s Self-Regulatory Principles as an effective framework for self-regulation.  Sally Greenberg, Executive Director of the National Consumers League, however, contested the usefulness of DAA’s code, calling it weak, “full of holes,” and “late to the game,” especially in the face of her view that there is “monumental evidence that self-regulation is not working.”Continue Reading Senate Subcommittee Examines “Stalking Apps” Bill

Yesterday, the U.S. Senate Committee on Commerce, Science, and Transportation held a hearing entitled, “What Information Do Data Brokers Have on Consumers, and How Do They Use It?”   Committee members expressed interest in bringing about greater transparency to what information is collected by data brokers and how it is used at the hearing, which consisted of a single panel of witnesses from the FTC’s Bureau of Consumer Protection, the World Privacy Forum, Experian, and the Direct Marketing Association.

In advance of the hearing, Chairman John D. Rockefeller IV (D-WV) released a majority staff report summarizing the Commerce Committee’s investigation into how data brokers collect, compile, and sell consumer information.  The staff report notes that data brokers serve a beneficial function in enabling companies to provide customers with products and services specific to their interests and needs, but that certain data brokers “operate with minimal transparency” and that consumer profiling can raise “unintended privacy issues.”  For this proposition, the staff report cited media reports that a major retailer had developed a pregnancy prediction model to enable the company to target marketing towards expectant mothers. 

According to the Committee’s staff report, a perceived lack of transparency may present further concerns when data broker information “end[s] up in the hands of predatory businesses seeking to identify vulnerable consumers, or when marketers use consumers’ data to engage in differential pricing.”

Senate Commerce Committee members generally echoed these concerns at yesterday’s hearing.  For example:Continue Reading Senate Panel Examines Data Broker Industry; Releases Staff Report

By Emily Borgen

Legislation was reintroduced in the Senate last week that would allow Internet users to opt out of certain forms of online tracking.  The bill [PDF] was previously introduced in 2011.

The “Do-Not-Track Online Act of 2013,” introduced on February 27 by Senators Rockefeller (D-W.Va.) and Blumenthal (D-Conn.), would require the Federal Trade

Earlier today, members of Congress and regulators gathered for a symposium on “The Impact of Media on the Health & Well-Being of Children.”   Participants included Congressman Edward Markey (D-MA), Congresswoman Debbie Wasserman Schultz (D-FL), Senator Richard Blumenthal (D-CT), Jon Leibowitz, Chairman, Federal Trade Commission, and Mignon Clyburn, Commissioner, Federal Communications Commission, as well as researchers and members of the public interest community.  In response to a question, Chairman Leibowitz informed the audience that the FTC expects to issue a revised Children’s Online Privacy Protection Act (“COPPA”) Rule by “the end of the year and hopefully sooner.” 

During their remarks, Congressmen Markey and Wasserman Shultz each expressed support for the Do Not Track Kids Act of 2011 (H.R. 1895), which we have blogged about here.  The bill would expand privacy protections for minors under the age of 18, including a prohibition on the use of personal information for targeted marketing to minors and a requirement that website operators provide “eraser buttons” to enable the deletion of personal information shared publicly by minors.  Senator Blumenthal also indicated that he was supportive of the legislative proposal, which he described as “common sensical,” although he stated that there likely would be substantial concern among advertisers and other stakeholders about implementation issues.Continue Reading Members of Congress Examine Impact of Media and Marketing On Children

Rep. Eliot Engel (D-NY) recently introduced a bill in the U.S. House of Representatives that would prohibit employers from requiring current and prospective employees to disclose website usernames, passwords, and other online content.  The Social Networking Online Protection Act (SNOPA), H.R. 5050, also would apply to students at colleges, universities, and K-12 schools, and impose

Yesterday, Maryland became the first state to pass legislation banning employers from asking employees or job applicants to provide their passwords to social media sites.  The legislation also prohibits employers from taking, or threatening to take, disciplinary action on employees or applicants who refuse to disclose such information. The bill now has to be signed

Yesterday, the Senate Judiciary Committee approved legislation introduced by Committee Chairman Patrick Leahy (D-VT) (S. 1151) that would require firms to develop comprehensive data security programs and would impose a federal breach notice obligation on firms.  The same day, the Committee also approved amended versions of breach notification measures introduced by Sen. Dianne

Last Thursday, the Senate Judiciary Committee began its consideration of the several pending data security bills by marking up S. 1151, the legislation introduced by Sen. Patrick Leahy (D-VT). 

S. 1151 would require business entities to develop a data privacy and security plan for protecting sensitive personally identifiable information, require agencies and business entities to notify U.S. residents in the event of a security breach involving such information, and impose criminal penalties for intentionally and willfully failing to provide notice of a security breach.

The original version of the bill also contained separate privacy requirements for data brokers, but a substitute amendment deleting that title was adopted by the Committee on Thursday.  The panel also accepted an amendment proposed by Sen. Chuck Grassley (R-IO), which clarified that the definition of “exceeds authorized access” in the Computer Fraud and Abuse Act does not include violations of Internet terms of service agreements or employment agreements restricting computer access, and a separate manager’s amendment which limited civil liability and penalties.Continue Reading Senate Judiciary Committee Weighs Data Security Legislation

As The Hill and other news outlets are reporting, Sen. Richard Blumenthal (D-CT) — who previously was one of the most active state attorneys general on privacy and data security issues before joining the Senate in 2011 — has introduced data protection legislation. This will be the eighth breach notification bill introduced on Capitol Hill