Netflix opened a Paris office and will “significantly increase” investment in France, it said Friday: The "creative hub" will bring "opportunities for us to work with the best and most exciting creative talent in France,” it said. The company launched in France in 2014.

Mozilla is trimming less than 9 percent of its employees, to "just over a 1,000 going forward," a spokesperson emailed Thursday. "To fund innovation," some "roles" were eliminated, CEO Mitchell Baker blogged Wednesday. "Mozilla has a strong line of sight to future revenue generation, but we are taking a more conservative approach to our finances. This will enable us to pivot as needed to respond to market threats to internet health, and champion user privacy and agency."

The FTC unanimously finalized settlements with five companies over allegations they falsely claimed certification under the EU-U.S. Privacy Shield framework (see 1909030063), the agency said Thursday. The FTC alleged DCR Workforce, Thru, LotaData and 214 Technologies didn’t have PS certification, as claimed. It alleged LotaData falsely claimed Swiss-U.S. PS certification. EmpiriStat allowed its certification to lapse, failed to verify annually that statements about its PS practices were accurate, and didn’t affirm it would continue to apply PS protections to personal information collected while participating in the program, the commission alleged. “All five companies are prohibited from misrepresenting their participation in the EU-U.S. Privacy Shield framework, any other privacy or data security program sponsored by the government, or any self-regulatory or standard-setting organization,” the FTC said. EmpiriStat must apply protections to personal information it collected while participating in the program, or return or delete the information.

Not all are concerned by the sale said to be worth $1 billion of the .org registry. Google Chief Internet Evangelist Vint Cerf backed the transaction Tuesday. Members of Congress and many domain name interests and nonprofits have concerns about the Internet Society selling the Public Interest Registry to Ethos Capital (see 2001070053), and the private equity buyer made some commitments (see 1912230002). Cerf noted .org previously was managed by other companies. He noted they are Network Solutions, SAIC and VeriSign: Transferring that operation to ISOC to create PIR gave the society about $50 million yearly "to fund the Internet Society’s work in promoting a more accessible and secure Internet." It "limited PIR’s ability to invest in improvements to the operation of .org or even the creation of new products and services for the non-profit community," wrote Cerf, ISOC president 1992-95. Google didn't say Wednesday if it backs Cerf. Last week, Georgia Institute of Technology School of Public Policy's Milton Mueller blogged that the sale shows the registry's worth. "Rather than recoiling in horror at the number, we need to accept its value as a fact and derive policies," the professor said. "Any new owner is going to be in exactly the same position as ISOC or Ethos unless there are protections in the Registry Agreement of the sort we have asked for."

Google outlined a path to make third-party tracking cookies on its Chrome browser obsolete within two years. “After initial dialogue with the web community, we are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete,” blogged Justin Schuh, director-Chrome engineering, Tuesday. In August, Google unveiled Privacy Sandbox on developing open standards to enhance web privacy. The company now encourages engagement from “the ecosystem” on the proposals. It said first trials are expected by year-end, beginning with conversion measurement, followed by personalization. Internet users are demanding more privacy -- including transparency, choice and control over how their data is used -- "and it’s clear the web ecosystem needs to evolve to meet these increasing demands,” Google said. Firefox and Safari reacted to user concerns by blocking third-party cookies, leading to “unintended consequences that can negatively impact both users and the web ecosystem,” Schuh said. “By undermining the business model of many ad-supported websites, blunt approaches to cookies encourage the use of opaque techniques such as fingerprinting (an invasive workaround to replace cookies), which can actually reduce user privacy and control.”

The FTC, Congress and three state attorneys general should investigate whether popular Google Play Store apps are “systematically violating users’ privacy,” consumer groups wrote Tuesday. The groups cited a Norwegian Consumer Council report accusing 10 apps -- Grindr, Tinder, OkCupid, Happn, Clue, MyDays, Perfect365, Qibla Finder, My Talking Tom 2 and Wave Keyboard -- of “sharing information they collect on users with third-party advertisers without users’ knowledge or consent.” American Civil Liberties Union of California, Campaign for a Commercial-Free Childhood, the Center for Digital Democracy, Consumer Action, Consumer Federation of America, Consumer Reports, the Electronic Privacy Information Center, Public Citizen and U.S. PIRG signed. They specifically targeted AGs in California, Texas and Oregon. “Consumers are unable to make an informed choice because the extent of tracking, data sharing, and the overall complexity of the adtech ecosystem is hidden and incomprehensible to average consumers,” they wrote. Clue doesn’t share any users’ health or menstrual cycle data, nor does it sell any user data to any third-party service, including advertisers, “and we never will,” a spokesperson said. “Clue does share anonymised data with carefully-vetted researchers within academic institutions working to improve female reproductive health, and we do so without any financial gain.” MyDays users agree to well-defined transparency and privacy policies “so they can see what happens with the Data and what the User can do about,” a spokesperson said. Google and owners of the other various apps didn’t comment. An FTC spokesperson confirmed receiving the letter.

U.S. home entertainment spending increased 8.93 percent in Q4 to $6.82 billion and jumped 8.44 percent for the year to $25.17 billion, reported the Digital Entertainment Group Monday. Subscription streaming was the industry’s lifeblood, rising 26.04 percent in Q4 to $4.32 billion and increasing 23.73 percent for the year to $15.9 billion, said DEG. Packaged media sales slid further, declining 17.81 percent in Q4 to $1.02 billion, it said.

Consumer Reports petitioned 25 camera vendors Monday to raise the standard for product security and privacy after recent incidents with connected cameras. The advocacy group is “alarmed by recent security incidents involving Ring, Wyze, Guardzilla and other connected camera products,” said Ben Moskowitz, director-Consumer Reports’ Digital Lab. Due to the “sensitive nature" of the data the devices collect, it urged manufacturers to incorporate additional security measures such as requiring multifactor authentication, emailing users when a login occurs from a new device or IP address, and increasing password protection against credential stuffing and brute-force dictionary attacks. CR’s ratings will continue to change to reflect the stronger data security and privacy practices it believes are essential for consumer protection. Letters were sent to ADT/LifeShield, Arlo, August, Blink, Canary, D-Link, Eufy/Anker, Frontpoint, Guardzilla, Honeywell Home, iSmartAlarm, Logitech, Google/Nest, Netvue, Night Owl, Ooma, Remo-Plus, Ring, Samsung SmartThings, Scout, SimpliSafe, TP-Link, Wyze and Zmodo. ADT, Google and Samsung didn't comment. Honeywell spun off its home business almost two years ago, a spokesperson emailed now: Home and do-it-yourself "products are now under Resideo, which manufacturers and markets those products. They simply license the Honeywell name." Resideo didn't comment on CR's request.

The Supreme Court should strike down Oracle’s lawsuit against Google’s use of Java programming code (see 1911150052) because innovation relies on interoperability and fair use, tech companies, groups and scholars told the court Monday. Computer innovation depends on “collaborative development and seamless interoperability,” which require reuse of functional code, said Microsoft. The company cited long-applied flexibility of fair use doctrine to address software issues. Eighty-three computer scientists agreed, saying the computer industry has long relied on free use of software interfaces to foster innovation and competition. Supreme Court precedent excludes program interfaces from copyright’s scope, said two intellectual property scholars. Public Knowledge and others urged the court to hold that the Java application programming interface “is uncopyrightable, in accordance with longstanding tradition, industry practice, and common sense.” PK's brief included the R Street Institute and the Niskanen Center. Functional aspects of Oracle’s code are “not copyrightable, and even if they were, employing them to create new computer code falls under fair use protections,” said the Electronic Frontier Foundation. “Successful software development requires platform [single sign-on] compatibility,” said a group that included Mozilla, MapBox, Etsy and Wikimedia Foundation. Prior court decisions dictate that “copying incidental to software reverse engineering does not infringe copyright,” said the Computer & Communications Industry Association. Google copied “less than 0.5% of the Java application programming interface into Android to make it easier for Java programmers to write apps for Android smartphones,” CCIA said, saying interoperability is key to innovation and success, including Oracle’s success. Oracle previously noted that half of Google’s petition had been rejected, while the other half doesn't "even purport to present a circuit conflict." The top court rejected review of whether Oracle’s creative computer code is copyrightable in 2015, that company wrote. It didn't comment now.

The Commerce Department should establish a bright-line process similar to the export administration regulations’ entity list for identifying supply chain threats, USTelecom said in comments Friday. The Information Technology Industry Council recommended Commerce designate foreign adversaries threatening the supply chain with specific criteria. In response to President Donald Trump’s May executive order, Commerce proposed new procedures for reviewing transactions, including imports, that involve information and communications technology and services seen as potential national security threats (see 1911260044). Commerce's bright-line process should rely on Homeland Security Department “risk assessment and related tools to draw lines between prohibited and permitted transactions,” USTelecom said. The association asked Commerce to coordinate its transaction evaluations with other agencies at “every step.” ITI called for a narrow scope for what transactions will trigger security reviews and a waiver process. It urged avoiding duplicative transaction reviews with export administration regulations, international traffic in arms regulations and the Committee on Foreign Investment in the U.S. Commerce's proposed rules are “overly-broad and highly subjective,” BSA|The Software Alliance said Friday. The proposed procedures would let Commerce “launch a review of virtually any ‘transaction’ involving almost any form of commercial technology, regardless of whether it has a clear nexus to national security or to a foreign adversary,” BSA wrote, saying it would create much industry uncertainty. The EO directs Commerce to issue regulations barring technology from foreign companies -- like Huawei and ZTE -- from U.S. networks.