Prime members accounted for about 68% of Amazon shoppers in Q4, said Consumer Intelligence Research Partners Tuesday, estimating U.S. member count at 142 million. Amazon had strong growth in Prime memberships -- at a 2016 rate -- due partly to COVID-19, said analyst Josh Lowitz, projecting 30 million additional members in 2020. The company didn't comment.

Pass legislation to make it harder for dominant companies to buy smaller competitors in the same market, DOJ Antitrust Division Chief Makan Delrahim said Tuesday (see 2101150067). “For firms with more than 50 percent market share in any defined market, there should be a presumption that further acquisitions in that same market are anticompetitive.” His proposal would let combining companies rebut those findings if they can show the parties “post-transaction would not be able to exercise market power” or “the anticompetitive effects of the transaction are insubstantial, or outweighed by the procompetitive benefits.” He said the top issue facing Congress and his successor involve “market integrity and market power in the increasingly concentrated digital marketplace.” So “pass legislation to introduce bright line rules and alter the burdens of proof in civil merger cases in order to effectively combat certain excessive market concentration.”

Draft standard contractual clauses (SCCs) for data transfers to third countries offer stronger protections for data subjects but still need tweaking, EU data privacy watchdogs said. The European Data Protection Board and European Data Protection Supervisor welcomed proposed European Commission proposals aimed at addressing some key issues in the European Court of Justice Schrems II judgment, which annulled Privacy Shield (see 2009100001). Some text "could be improved or clarified," including the scope of the SCCs, obligations for onward transfers and aspects of the assessment of third-country laws on access to private data by public authorities. Changes should ensure EU citizens' personal data receives an "essentially equivalent" level of protection when it's transferred to third countries, said EDPS Wojciech Wiewiorowski.

Google's “unilateral decision” declaring its Fitbit buy closed (see 2101140006), despite ongoing DOJ oversight of the transaction, “is a stark demonstration of the corporation's disregard for democratic governance,” said Open Markets Institute Executive Director Barry Lynn Friday. He urged the incoming Biden administration to “immediately make clear that it intends to block” Google/Fitbit because the deal “is bad for Americans and to demonstrate that it will not abide further disrespect by Google of democratic rule of law.” DOJ and Google didn’t respond to questions.

The National Institute of Standards and Technology extended to March 1 its comment period for identifying and estimating cybersecurity threats for enterprise risk management, the agency said Thursday. The original deadline was Feb. 1.

The Biden administration should prioritize addressing the threat of international discriminatory taxes against U.S. companies, the Computer & Communications Industry Association said Thursday. CCIA noted that the Office of the U.S. Trade Representative released reports in its Section 301 investigations into digital services taxes, concluding that DSTs in the U.K., Spain and Austria are “discriminatory against U.S. tech firms.” CCIA President Matt Schruers said: “Absent a proportionate response, U.S. exports will be unfairly singled out in other countries. Moreover, the proliferation of unilateral national taxes undermines the crucial work being done by the community of nations at the [Organisation for Economic Co-operation and Development], and risks the ability of negotiators to achieve consensus.”

The process for canceling Amazon Prime potentially constitutes unfair and deceptive practices under Section 5 of the FTC Act, Public Citizen wrote the agency Thursday. Users have to click through several pages to cancel memberships, and it’s a confusing process with numerous links in an effort to get the user to maintain the subscription, the organization wrote: “Amazon Prime’s subscription model is a ‘roach motel,’ where getting in is almost effortless, but escape is an ordeal. As a general rule, it should not be more difficult to unsubscribe than to subscribe from a digital service.” The agency received the letter, a spokesperson emailed. “Amazon makes it clear and easy for Prime members to cancel their subscription at any time, whether through a few clicks online, with a quick phone call, or by turning off auto renew in their membership options,” emailed a spokesperson. “Customer trust is at the heart of all of our products and services and we strongly disagree with any claim that our cancellation process creates uncertainty.”

Teladoc, claimed to be the oldest U.S. telemedicine platform, with roots dating to 2002, was “thrown a million curve balls” after the COVID-19 pandemic hit in March, CEO Jason Gorevic told a prerecorded CES 2021 workshop. “Overnight, literally our volume doubled,” and the availability of telehealth services became ubiquitous, he said. “We always thought this was inevitable. This wasn’t a surprise to us. We just didn’t think it was going to happen overnight and that it was going to take a global pandemic to be the catalyst for that.” Gorevic estimated Teladoc did more than 10 million “virtual visits” in 2020. Consumers went from the “awareness-building phase” of telemedicine “straight through to the adoption phase, into the expectation phase" in just "a matter of months,” he said. “That almost never happens.” Gorevic predicts that a year from now, consumers will look to virtual-care visits as “the destination for all of their healthcare needs, not just for a slice of their healthcare needs, and we’re already seeing that.” He estimates 60% of Teladoc visits are for “noninfectious diseases.”

Flo Health, developer of a popular women’s fertility-tracking app, misled users and improperly shared users' sensitive health data with third-parties including Facebook and Google, the FTC alleged in a 5-0 settlement announced Wednesday. Despite promises to keep the data private, Flo “disclosed health data from millions of users of its Flo Period & Ovulation Tracker app to third parties that provided marketing and analytics services to the app, including Facebook’s analytics division, Google’s analytics division, Google’s Fabric service, AppsFlyer, and Flurry,” the FTC said. Commissioners Rohit Chopra and Rebecca Kelly Slaughter dissented in part, saying the agency should have charged the company with violating the Health Breach Notification Rule, for which the agency has never brought action. Commissioner Noah Phillips disagreed with the Democrats: “We have never applied the Rule to a health app such as Flo in the past, in part because the language of the Rule is not so plain. And I do not support announcing such a novel interpretation of the Rule here, in the context of an enforcement action.” The company faces civil penalties of up to $43,792 for any future violations. Flo didn’t share usernames, addresses or birthdays, a spokesperson emailed, noting the settlement included no admission of wrongdoing: “We do not currently, and will not, share any information about our users’ health with any company unless we get their permission. We have a comprehensive privacy framework with a robust set of policies and procedures to safeguard our users’ data.” The consent order includes a company compliance review, the spokesperson added.

The Russian government-sponsored hack of SolarWinds Orion software used for network management systems (see 2012170050) prompted Microsoft President Brad Smith to use his prerecorded CES 2021 keynote Wednesday to urge tech industry action to write new cybersecurity “rules of the road.” World governments “have spied on each other for centuries,” said Smith. “But we’ve long lived in a world where there were norms and rules that created expectations about what was appropriate and what was not, and what happened with SolarWinds was not.” The breach amounted to a “mass, indiscriminate global assault on the technology supply chain that all of us are responsible for protecting,” said Smith. The attack distributed 18,000 “packages” of malware on network infrastructures globally, he said. “It is a danger that the world cannot afford.” The tech industry needs to use “our collective voice to say to every government around the world that this kind of supply chain disruption is not something that any government or any company should be allowed to pursue,” he said. “I hope we’ll come out of this CES and move forward with this as one of our clarion calls for the future.”