The U.S. needs a uniform national privacy law that allows for “contextual” user consent, the Business Roundtable said Thursday, offering a framework. The organization, which includes AT&T, Comcast and Verizon, called for varying degrees of consent for data collection. “Opt-in consent may be required as part of a risk-based privacy practice for data processing that presents higher risks to the rights and interests of individuals,” the framework said.

Among seven agencies meeting requirements for protecting privacy when sharing threat information that have policies to assist in receiving and sharing cybersecurity information are DOJ, the departments of Homeland Security and Commerce and Office of the Director of National Intelligence, GAO reported Thursday. They met eight provisions of the Cybersecurity Information Sharing Act (see 1512180052) “relevant to the removal of personal information from cyber threat indicators and defensive measures,” GAO said. It said it incorporated into the report, “as appropriate,” technical comments from DHS, DOJ and DOD, another agency meeting the criteria.

Consumer Protection Bureau Director Andrew Smith’s list of clients causing him to recuse himself from FTC proceedings is more extensive than originally reported (see 1807190040). Responding to Public Citizen's Freedom of Information Act appeal, the agency released a new list of 120 companies, some overlapping. Clients include Amazon, Equifax, LinkedIn, Microsoft, PayPal, Twitter, Uber and Verizon. Those conflicts expire in May 2020. Smith told us the agency’s work continues to get done, even in instances of recusal, because the FTC has “talented and capable” career staff and five commissioners. There’s plenty of work to do outside the client list, he said, citing ISP policy.

The White House will follow up Thursday’s tech executive meeting (see 1811300036) with additional tech-related gatherings, administration officials said during a news-media call speaking on condition they not be identified. Asked if Amazon, Apple and Facebook were invited Thursday, an official said she believed everyone who was invited attended. Apple CEO Tim Cook was floated as a potential participant for future meetings. Apple and Amazon didn’t comment. Facebook wasn't invited Thursday, a spokesperson said. Thursday’s attendees were said to have included Google CEO Sundar Pichai, Microsoft CEO Satya Nadella, IBM CEO Ginni Rometty, Qualcomm CEO Steve Mollenkopf, Oracle CEO Safra Catz, Massachusetts Institute of Technology President Rafael Reif, Carnegie Mellon University President Farnam Jahanian, Blackstone Group CEO Stephen Schwarzman and former Secretary of State Henry Kissinger. Administration participants included White House Deputy Chief of Staff-Policy Coordination Chris Liddell, Deputy U.S. Chief Technology Officer Michael Kratsios, U.S. Trade Representative Robert Lighthizer, National Economic Council Director Larry Kudlow, National Economic Council Deputy Director-Economic Policy Shahira Knight and advisers Jared Kushner, Ivanka Trump and Kevin Hassett. The meeting was to have focused on artificial intelligence, 5G and quantum computing.

Social media platforms must act quickly to counter fake news or face possible regulation, the European Commission said Wednesday. It announced a plan against disinformation aimed at protecting democratic systems and public debate before 2019 national and local elections, including a "rapid alert system" among EU institutions and countries to make it easier to share data and assess disinformation campaigns, and close monitoring of a self-regulatory code of practice signed in October by Facebook, Google, Twitter and Mozilla. Signatories "should swiftly and effectively implement" commitments, focusing on actions urgent for elections, the EC said. That includes ensuring transparency of political advertising, ramping up efforts to shutter fake accounts, labeling non-human interactions, and cooperating with fact-checkers to detect disinformation campaigns and make fact-checked content more visible. The plan seeks better detection via more specialized staff and data analysis tools, backed by a funding increase from 1.9 million euros ($2.2 million) to 5 million euros ($5.8 million); and for promoting media literacy among Europeans. Platforms have until the end of 2018 to update the EC on compliance, and must report monthly January-May. Without satisfactory progress, the EC may propose further measures, including regulation, it said. Asked at a news briefing whether 5 million euros was enough to counter the massively financed activities of Russia Today, Sputnick and Russian trolls, EC Digital Single Market Vice-President Andrus Ansip said the goal isn't to recreate the kind of propaganda machine Russia has but to detect disinformation, find out who's behind it and use facts to debunk lies. Asked whether the EC has faith that Facebook will tackle disinformation given that the platform allowed Russian bots to access its services -- discovered in a U.K. parliamentary inquiry -- Justice Commissioner Vera Jourova said everything the EC does concerning self-regulatory measures affecting information and technology companies is based on "trust and check." Google and Facebook didn't comment. Twitter's "No. 1 priority is improving the health of the public conversation," a spokesperson said. "Tackling coordinated disinformation campaigns is a key component." He said Twitter is working on a partnership with UNESCO on online media and information literacy.

Sometimes, law enforcement needs outweigh the right to online privacy, said DOJ Criminal Division Deputy Chief-Computer Crime Michael Stawasz Wednesday, citing child sex-trafficking and copyright infringement. There has been a constructive discussion about privacy, but platforms don’t get a pass to aid and abet, Stawasz said during an International Institute of Communications panel. Providers should take privacy seriously but need to allow a space where effective investigations root out illegal behavior, he said, arguing law enforcement isn't asking for “back doors” but responsible conduct. Asked if anything of value was gained from DOJ’s recent tech-related meeting with state attorneys general (see 1809250033), Stawasz said he wasn’t invited, but the gathering was recognition of shared responsibilities by different levels of government. The U.S. system means state and local government handle most criminal law, but “I do see that changing to some degree because of the internet,” he said. FTC Commissioner Noah Phillips said in a keynote markets work properly when consumers have the information they need. It’s not clear how companies can share mass data with competitors and adequately protect privacy, said Software & Information Industry Association Senior Vice President-Public Policy Mark MacCarthy. One-size-fits-all regulation for content moderation will drive smaller companies out, said Engine Executive Director Evan Engstrom. The U.S. needs to create a healthy internet ecosystem without a regulatory regime only large platforms can comply with, he said. The expectation is for companies to be “socially responsible” now, said Oath Global Head-Business and Human Rights Nicole Karlebach.

Amazon repeated as No. 1 brand in net favorability with a 78.7 rating, Morning Consult reported Tuesday. The brand most people told friends about was Netflix, with 74 percent “very likely” to recommend it. Of 18-21-year-olds and millennials, 77 percent would be “very likely” to recommend the streaming service vs. 75 percent of Gen Xers and baby boomers (69 percent). Of retailers, 69 percent of survey respondents across household income levels said they had bought or were very likely to buy something from Walmart. Survey questions were fielded with over 1.5 million U.S. adults Q1 to early Q4.

Verizon's Oath agreed to pay $4.95 million for advertisements targeting youngsters under 13, New York Attorney General Barbara Underwood (D) announced Tuesday. Oath, formerly AOL, “conducted billions of auctions for ad space on hundreds of websites the company knew” were used to target underage users, the announcement said. The settlement requires Oath adopt “comprehensive reforms to protect children from improper tracking.” It's the largest penalty in Children's Online Privacy Protection Act enforcement history, Underwood’s office said. “We are pleased to see this matter resolved and remain wholly committed to protecting children’s privacy online,” an Oath spokesperson said.

The U.S. Postal Service should seize on e-commerce growth and charge market-based prices for mail and package items not deemed “essential postal services,” the Treasury Department said Tuesday. The long-awaited report was prompted by President Donald Trump’s criticism of Amazon (see 1804130059). Between 2010 and 2018, USPS package volume doubled from 3.1 billion pieces to 6.2 billion pieces, and revenue grew from $10.3 billion to $21.5 billion, said Treasury. The increase in package revenue hasn’t allowed the USPS to make up for dramatic declines in mail delivery. “Packages have not been priced with profitability in mind,” the report said. Charging market prices for package delivery will “allow the USPS to optimize its income in order to fund its operations, capital expenditures, and long-term liabilities,” the department said.

Google and DOJ agreed alleged victims don’t have the right to sue the company in a case involving its $8.5 million data privacy settlement (see 1811060054). The filings are in Frank v. Gaos (docket 17-961), a Supreme Court online privacy case where Google asks the high court to uphold the settlement directed to charitable and academic organizations instead of alleged victims. After oral argument (see 1810310043), the high court requested supplemental briefs on whether plaintiffs have the right to sue Google. Meanwhile, the petitioner and respondent agreed alleged victims have standing. Unauthorized sharing of user data warrants action in court, regardless of proof of further harm, consumers argued Friday. The opposing party, Competitive Enterprise Institute Litigation Director Ted Frank, agreed, arguing the “best view is that plaintiffs have sufficiently pled standing, because they allege a congressionally recognized injury consistent with those recognized in historical practice.” The alleged victims haven't established standing through required concrete injury, Google argued. The solicitor general argued, “Nothing in the common law suggests that disclosures of the kind forbidden by the [Stored Communications Act] categorically create concrete harms.”