Spotify CEO Daniel Ek issued an apology to users Friday for the confusion its new terms and conditions and privacy policy (see 1508180012) have caused, particularly on what kinds of information the streaming music service accesses and what the company does with the data. In its new privacy policy, Spotify asks permission to access photos, mobile device location, voice controls and contacts, Ek wrote in a blog post. “If you don’t want to share this kind of information, you don’t have to.” The information will be used to allow users to customize their experience, he said. The new privacy policy will be updated to reflect the additional explanations Ek provided, he said.

LG’s G Watch R becomes Wi-Fi capable with the most recent Android Wear update, allowing users to receive notifications and other information without a Bluetooth connection, said LG Friday. Over the next several days, LG’s G Watch, G Watch R and Watch Urbane will receive the Firmware Over-the-Air update, said the company. All three smartwatches will support interactive watch faces available from Google Play. With the interactive faces, users can tap on specific areas of the display to see additional information, said the company. The latest update also will allow LG Android Wear devices to support app-specific functions such as displaying a four-day weather forecast or performing translations in multiple foreign languages on the watch itself without having to use a connected phone, said the company.

The Education Department is seeking public input on its draft guidance on protecting student medical privacy, wrote its Chief Privacy Officer Kathleen Styles in a blog post this week. “Recently, the Department has been asked if it is possible and/or appropriate for campus officials to share confidential medical records from on-campus services with university attorneys in the context of litigation between a university and a student,” Styles wrote. This sharing is potentially “allowable” if the university attorneys have a “legitimate educational interest” in the records, she said. But sharing a student’s sensitive medical records “may discourage the use of medical services provided on campus,” Styles said. Citing the Health Insurance Portability and Accountability Act, Styles said the department wants to “set the expectation that, with respect to litigation between institutions of higher education and students, institutions generally should not share student medical records with school attorneys or courts, without a court order or written consent.” Litigation directly related to the medical treatment itself or to the payment of medical treatment would be exempt, she said. Public comments on the proposed guidance will be accepted until Oct. 2.

Some particularly onerous reporting requirements "are tangible and significant" enough that the small-provider exemption to the updated transparency rules adopted in the FCC 2015 net neutrality order should be made permanent, the American Cable Association said in an ex parte filing posted Thursday in docket 14-28. It detailed a meeting that ACA staff including Ross Lieberman, senior vice president-government affairs, had with Consumer and Government Affairs Bureau staffers to elaborate on the ACA's position (see 1508060057). Collecting and disclosing information regarding various network practices such as use of filters and other means of addressing congestion, "would be burdensome, particularly because traffic management practices change as traffic types and patterns evolve," ACA said. Similarly, directly notifying customers about usage triggers "would burden smaller providers, particularly those that do not have automated notification systems in place," ACA said. While not objecting to the general obligation of notifying customers about network practices, ACA said smaller ISPs "should have flexibility in determining the specific information to be provided and how it should be disclosed."

A year after Yelp publicized its gender and ethnic diversity data, the company has had a 124 percent growth rate in the number of women in engineering globally, an 86 percent growth rate in the number of African-Americans/black employees in the U.S., and an 88 percent growth rate in the number of Hispanics/Latinos in the country, Head-Diversity and Inclusion Rachel Williams wrote in a blog post Thursday. “We’re proud of what we’ve been able to accomplish over the course of a year,” Williams said. “My vision for diversity and inclusion is to be less tethered to specific numbers and to be more focused on ensuring that Yelp continues to be a 'Best Place to Work' for all of our employees, no matter their age, sexual orientation, race, ethnicity, disability or economic status.” To help create an inclusive environment, Yelp is offering unconscious bias training, working with community organizations and nonprofits, and has elevated employee-driven and grassroots groups, Williams said. Yelp recruiters have been encouraged to recruit from underrepresented communities, she said.

ICANN has “every expectation” it will be able to complete the ongoing Internet Assigned Numbers Authority (IANA) transition process before its contract with NTIA expires Sept. 30, 2016, ICANN CEO Fadi Chehadé said Thursday during a conference call. NTIA said Monday that it intends to extend its contract with ICANN to administer the IANA functions a full year beyond the existing Sept. 30, 2015, contract deadline to allow additional time to plan and execute the transition. That extension provides some additional breathing room for the IANA transition but doesn’t leave much time for additional delays, stakeholders told us (see 1508190064). Any further extension beyond Sept. 30, 2016, would be problematic because it would cause uncertainty among ICANN stakeholders about the IANA transition’s future, given that the extended deadline will occur so close to the 2016 presidential election, Chehadé said. The election itself shouldn’t “have a direct impact” on the IANA transition because of the “almost complete consensus” among members of Congress about the transition’s value, he said.

Adobe released a security update to address a vulnerability that may allow a remote attacker to obtain sensitive information from an affected system, said an alert from the U.S. Computer Emergency Readiness Team Tuesday. The security updates are for LiveCycle Data Services versions 4.7, 4.6.2, 4.5 and 3.0x, the alert said. Microsoft also released a critical security update to address a vulnerability in Internet Explorer, said a U.S. Computer Emergency Readiness Team alert Wednesday. Exploitation of the vulnerability could allow a remote attacker to take control of an affected system if the user viewed a specially crafted webpage, it said.

A subsidiary of Seagate Technology agreed to buy software and hardware storage systems supplier Dot Hill Systems in a cash transaction valued at $694 million, Seagate said in a news release Tuesday. Dot Hill's board unanimously approved the transaction, which is expected to close in Q4 pending regulatory approval, the release said.

FTC Chairwoman Edith Ramirez will be the opening speaker at the agency’s first Start with Security conference, to be held next month and focus on the challenges startups and developers face in creating secure applications, an FTC news release said Wednesday. Experts that built security programs at high-growth startups including Dropbox, Etsy, Pinterest and Twitter will “provide startups and developers with practical guidance on integrating security into their application development lifecycles,” it said. FTC Chief Technologist Ashkan Soltani will partake in a “fireside chat” on security issues, and panels are slated on how startups can build a culture of security, how to effectively model threats, train developers, ensure secure coding practices, scale security testing, and respond to hackers who find bugs in products, and embracing security features as a key part of products, the agency said. The event is from 10 a.m. until 4 p.m., Sept. 9, at the University of California Hastings College of the Law in San Francisco. The free event is open to the public. The second Start with Security event is Nov. 5 in Austin.

A former staffer at the U.S. Embassy in London, Michael Ford, 36, was charged Tuesday with nine counts of cyberstalking, seven counts of computer hacking to extort and one count of wire fraud, for “engaging in a hacking and cyberstalking scheme in which, using stolen passwords, he obtained sexually explicit photographs and other personal information from victims’ email and social media accounts, and threatened to share the photographs and personal information unless the victims ceded to certain demands, a Justice Department news release said.