Privacy & New Media

EPIC

Nov. 5, 2020

California voters this week approved Proposition 24, the California Privacy Rights Act, with 56% of voters supporting the measure. EPIC previously published an analysis of Proposition 24, nothing that the measure “would make some important improvements to privacy protections for California residents, particularly through the establishment of a California Privacy Protection Agency.” In 2018, the State of California enacted the California Consumer Privacy Act of 2018 (“CCPA”), the first comprehensive consumer privacy law enacted in the United States. Proposition 24 significantly changes the CCPA. EPIC has also published a resource to help California residents exercise their rights under the CCPA.

The content in this post was found at:
<https://epic.org/2020/11/california-voters-pass-califor.html>

Clicking the title or link will take you to the source of the post and was not authored by the moderators of privacynnewmedia.com.

EPIC

Nov. 9, 2020

 

The FTC has reached a settlement with Zoom requiring the company to address data security but fails to address user privacy. Writing in dissent, Commissioner Slaughter said, “When companies offer services with serious security and privacy implications for their users, the Commission must make sure that its orders address not only security but also privacy.” Commissioner Chopra, also dissenting, wrote “The FTC’s status quo approach to privacy, security, and other data protection law violations is ineffective.” In July 2019, EPIC sent a detailed complaint to the FTC citing the flaws with Zoom and warning that the company had “exposed users to the risk of remote surveillance, unwanted video calls, and denial-of-service attack.” In April 2020, EPIC wrote to Chairman Simons urging the FTC to open an investigation. EPIC has long advocated for the creation of a U.S. data protection agency.

EPIC

Sept. 29, 2020

Individuals alleging that a landlord discriminated against them by using a tenant-screening algorithm will face a higher burden of proof under a new rule that went into effect last Thursday. The rule creates a defense to a discrimination claim under the Fair Housing Act where the “predictive analysis” tools used were not “overly restrictive on a protected class” or where they “accurately assessed risk.” Last October, EPIC and several others warned the federal housing agency that providing such a safe-harbor for the use of algorithms in housing without imposing transparency, accountability, or data protection regulations would exacerbate harms to individuals subject to discrimination. The agency did modify its rule following comments from EPIC and others, removing a complete defense based on use of an “industry standard” algorithm or where the algorithm was not the “actual cause” of the disparate impact. But the final rule simply replaces the word “algorithm” with “predictive analysis” and includes vague “overly restrictive” and “accurate assessment” standards. The Alliance for Housing Justice called the rule “a vague, ambiguous exemption for predictive models that appears to confuse the concepts of disparate impact and intentional discrimination.”

The content in this post was found at:

<https://epic.org/2020/09/new-housing-regulation-limits-.html>

Clicking the title or link will take you to the source of the post and was not authored by the moderators of privacynnewmedia.com.

Oct. 1, 2020

Facebook has announced the integration of Facebook Messenger and Instagram. Early last year, Facebook had released plans to integrate WhatsApp, Messenger, and Instagram, breaking the promises Facebook made when it acquired WhatsApp. After yesterday’s announcement, Facebook declined to give a timeline for when WhatsApp integration would occur. In 2014, EPIC and the Center for Digital Democracy warned the FTC that Facebook incorporates user data from companies it acquires, and that WhatsApp users objected to the acquisition.

The content in this post was found at:

<https://epic.org/2020/10/facebook-integrates-instagram-.html>

Clicking the title or link will take you to the source of the post and was not authored by the moderators of privacynnewmedia.com.

Oct. 1, 2020

 

TikTok, responding to a recent letter from EPIC, said that user privacy “will remain a priority for TikTok” if and when a deal with Oracle is finalized—but stopped short of agreeing to EPIC’s full demands. Last month, after Oracle reached a tentative agreement to serve as TikTok’s U.S. partner and “independently process TikTok’s U.S. data,” EPIC sent letters to both companies warning them of their legal obligation to protect the privacy of TikTok users. The deal would pair one of the largest brokers of personal data with a social network of 800 million users, posing grave privacy and legal risks. Although TikTok responded that it was “committed to helping ensure that any transfer and processing of personal data . . . complies with applicable law” and the company’s privacy policies, TikTok did not agree to other EPIC demands, including a commitment not to merge user data with Oracle products.

 

EPIC
March 9, 2020

The Department of Health and Human Services finalized rules that require insurance and healthcare companies to provide patient access to their medical data in a format suitable for cellphones and other electronic devices. However, federal privacy protections under HIPAA no longer apply once patients transfer their data to consumer apps, creating serious risks to medical privacy. The CEO of the American Medical Association warned regulators that “These practices jeopardize patient privacy, commoditize an individual’s most sensitive information, and threaten patient willingness to utilize technology to manage their health.” Tech firms pushed for these changes. Last year, the Wall Street Journal reported that Google’s ‘Project Nightingale’ intends to amass health data on millions of Americans. There will be a six-month period before the rule goes into effect.

The content in this post was found at:

<https://epic.org/2020/03/new-rule-promotes-patient-acce.html>

Clicking the title or link will take you to the source of the post and was not authored by the moderators of privacynnewmedia.com.

Proskauer Lex Blog: Media and Technology Blog
Jeffrey Neuburger
March 8, 2020

In continuing its push to enforce its terms and policies against developers that engage in unauthorized collection or scraping of user data, Facebook brought suit last month against mobile marketing and data analytics firm OneAudience LLC. (Facebook, Inc. v. OneAudience LLC, No. 20-01461 (N.D. Cal. Complaint filed Feb. 27, 2020)). Facebook alleges that OneAudience harvested Facebook users’ profile data and device data in contravention of Facebook’s terms and developer policies. OneAudience purportedly gathered this data by paying app developers to bundle OneAudience’s software development kit (SDK) into their apps and then harvesting data for those users that logged into those apps via Facebook credentials.

Facebook users, including developers and page administrators, are required to assent to Facebook’s terms and various platform policies when a Facebook account is created. According to Facebook’s Complaint, . . .

In its Complaint, Facebook alleged that around September 2019, OneAudience offered to pay app developers to bundle its SDK into their apps. The SDK allegedly allowed OneAudience to collect data about users’ devices and their Facebook (and some other social media) accounts in instances where the user logged into the particular app using their Facebook credentials (e.g., the “Sign in with Facebook” option). The data included user names, email addresses, country, time zone, Facebook ID, and, in limited instances, gender, all of which were allegedly used by OneAudience for targeted marketing services. OneAudience also allegedly collected device data such as call logs, cell tower and other geolocation data, contacts, browser information, email, and information about installed apps.

More

The content in this post was found at:

<https://newmedialaw.proskauer.com/2020/03/08/facebook-brings-suit-against-mobile-marketing-firm-for-siphoning-user-data-without-authorization/>

Clicking the title or link will take you to the source of the post and was not authored by the moderators of privacynnewmedia.com.

Today the FCC announced proposed fines against T-Mobile, AT&T, Verizon, and Sprint for selling customers’ location information. FCC Chairman Ajit Pai said: “This FCC will not tolerate phone companies putting Americans’ privacy at risk.” The companies are given an an opportunity to respond to the FCC before the Commission makes a final decision.

[ed: some pundits note that the amounts, when divided amoung the 4 companies, amount to little more than a slap on the wrist. All 4 companies have appealed the proposed ruling/fine and as of Sept, 2020, have not paid fines that are yet to be finalized by the FCC]

The content in this post was found at:

<https://epic.org/2020/02/fcc-proposes-fines-for-wireles.html>

Clicking the title or link will take you to the source of the post and was not authored by the moderators of privacynnewmedia.com.

Proskauer New Media and Technology Blog
Jeffrey Neuburger
August 31, 2020

Last week, a putative privacy-related class action was filed in California district court against financial analytics firm Envestnet, Inc. (“Envestnet”), which operates Yodlee, Inc. (“Yodlee”). (Wesch v. Yodlee Inc., No. 20-05991 (N.D. Cal. filed Aug. 25, 2020)). According to the complaint, Yodlee is one of the largest financial data aggregators in the world and through its software platforms, which are built into various fintech products offered by financial institutions, it aggregates financial data such as bank balances and credit card transaction histories from individuals in the United States. The crux of the suit is that Yodlee collects and then sells access to such anonymized financial data without meaningful notice to consumers, and stores or transmits such data without adequate security, all in violation of California and federal privacy laws.

The content in this post was found at:

Financial Data Aggregator Faces Consumer Privacy Suit over “Surreptitious” Collection of Banking Information

Clicking the title or link will take you to the source of the post and was not authored by the moderators of privacynnewmedia.com.