The Senate confirmed Terrell McSweeny as an FTC commissioner by a 95-1 vote Wednesday. That fills the final commissioner seat, vacant since Jon Leibowitz left March 7, 2013. The Democrats now hold a 3-2 majority among commissioners, which has caused some observers to wonder if the FTC will take a more proactive stance on data privacy issues. “This may result in cases or issues being brought up that wouldn’t have been with an evenly split commission, for example in the privacy/data security area,” said Thomas Lenard, president of the industry-backed Technology Policy Institute (TPI), by email.

The FTC’s authority to oversee companies’ data security practices remains. The U.S. District Court in Newark, N.J., Monday rejected a company’s motion to dismiss an FTC suit over lax data security practices, arguing the commission doesn’t have the authority (http://bit.ly/Oyp7bb). The Wyndham hotel chain had pushed back against FTC authority after the commission filed a complaint alleging poor security measures had resulted in repeated data breaches.

Europe’s phone and Internet data traffic storage law is invalid, the European Court of Justice ruled Tuesday. To the joy of digital rights and privacy activists, the European Data Protection Supervisor (EDPS) and others, the court said the data retention directive (WID Dec 13 p11) “entails a wide-ranging and particularly serious interference” with fundamental rights, without the interference being “precisely circumscribed” to ensure that it’s limited to what’s strictly necessary. The judgment “finds that untargeted monitoring of the entire population is unacceptable in a democratic society,” said Digital Rights Ireland (DRI), one of the law’s challengers. The big question now is what happens to national laws based on the directive, some said in interviews.

Europe’s phone and Internet data traffic storage law is invalid, the European Court of Justice ruled Tuesday. To the joy of digital rights and privacy activists, the European Data Protection Supervisor (EDPS) and others, the court said the data retention directive (CD Dec 13 p25) “entails a wide-ranging and particularly serious interference” with fundamental rights, without the interference being “precisely circumscribed” to ensure that it’s limited to what’s strictly necessary. The judgment “finds that untargeted monitoring of the entire population is unacceptable in a democratic society,” said Digital Rights Ireland (DRI), one of the law’s challengers. The big question now is what happens to national laws based on the directive, some said in interviews.

The European Parliament appears likely to back broad data protection changes as well as a nonbinding report on NSA spying in a plenary vote Wednesday. In a debate Tuesday, Parliament members (MEPs) generally supported the proposal for a regulation on processing of personal data, although several voiced misgivings with some provisions. The own-initiative report by the Civil Liberties, Justice and Home Affairs (LIBE) Committee, on the impact of mass surveillance on EU citizens’ fundamental rights and trans-Atlantic cooperation, prompted impassioned debate. One center-right political group said it will oppose the report because it jeopardizes vital EU-U.S. trade and other agreements. Lawmakers slammed EU governments for their failure to reach speedy consensus on the data protection proposal and for not taking any action in the face of U.S. and other nations’ spying.

The European Parliament appears likely to back broad data protection changes as well as a nonbinding report on NSA spying in a plenary vote Wednesday. In a debate Tuesday, Parliament members (MEPs) generally supported the proposal for a regulation on processing of personal data, although several voiced misgivings with some provisions. The own-initiative report by the Civil Liberties, Justice and Home Affairs (LIBE) Committee, on the impact of mass surveillance on EU citizens’ fundamental rights and trans-Atlantic cooperation, prompted impassioned debate. One center-right political group said it will oppose the report because it jeopardizes vital EU-U.S. trade and other agreements. Lawmakers slammed EU governments for their failure to reach speedy consensus on the data protection proposal and for not taking any action in the face of U.S. and other nations’ spying.

The Do Not Track (DNT) process will continue to move forward, but in a piecemeal, dispersed fashion, instead of with one “big win,” said Peter Swire, former co-chair of the World Wide Web Consortium (W3C)-backed DNT discussions, during a Q-and-A at an International Association of Privacy Professionals (IAPP) conference. “I think we'll see a series of those wins,” with some coming from outside the W3C process, said Swire, who left the W3C process to become part of the five-person White House-appointed panel tasked with reviewing the government’s surveillance programs (WID Dec 19 p1). Swire’s W3C comments echoed those of FTC Chairwoman Edith Ramirez during her own IAPP Q-and-A session Thursday. “Although we haven’t heard much about it,” Ramirez said, “I think good work continues to take place in W3C."

The rapid expansion of telehealth, using a communications network for supporting healthcare functions, highlights an area of regulatory overlap among the FTC, Food and Drug Administration and the FDA’s parent agency, Health and Human Services (HHS), said industry and consumer advocates in interviews. They agreed mobile health apps will proliferate at a brisk rate in 2014, but differ on the need to regulate the sector. Consumer groups, industry groups and the government are working to decide the best way to oversee the occasionally lax, and minimally regulated, data security standards of telehealth devices like mobile health apps.

All federal Internet security legislation is likely “on hold for the time being,” said Commerce Department General Counsel Cameron Kerry at a Practising Law Institute panel Monday. The long-promised White House consumer protection proposal (CD Dec 2 p1) and updates to the Electronic Communications Privacy Act are both in a holding pattern, he said, while the White House continues to do background work with its big data task force (CD Jan 27 p1) and NTIA-facilitated codes of conduct (CD Dec 5 p11). Other panelists said a federal data breach notification law is potentially useful for consumers, businesses and U.S. trade relations with Europe, but could have a negative impact on data security if the law defangs state attorneys generals enforcement power (CD Jan 3 p5).

All federal Internet security legislation is likely “on hold for the time being,” said Commerce Department General Counsel Cameron Kerry at a Practising Law Institute panel Monday. The long-promised White House consumer protection proposal (WID Dec 2 p1) and updates to the Electronic Communications Privacy Act are both in a holding pattern, he said, while the White House continues to do background work with its big data task force (WID Jan 21 p1) and NTIA-facilitated codes of conduct (WID Dec 5 p10). Other panelists said a federal data breach notification law is potentially useful for consumers, businesses and U.S. trade relations with Europe, but could have a negative impact on data security if the law defangs state attorneys general enforcement power (WID Jan 3 p1).