An Amazon spokeswoman called a Thursday report by Consumer Watchdog alleging deceptive pricing (see 1707070048) "misleading." The company is "obsessed with maintaining customer trust, and work[s] hard to provide meaningful reference prices," the spokeswoman emailed us. Amazon uses "a variety of systems to validate reference prices provided by manufacturers, vendors and sellers against actual prices recently found across Amazon and other retailers.”

The National Hispanic Media Coalition wants the FCC to extend the comment and reply deadlines for the 2015 rules and reclassification of broadband as a Communications Act Title II service NPRM, it said in a Friday news release and motion. The comments deadline for docket 17-108 is July 17 and the reply deadline is Aug. 16. As of Friday, more than 5.1 million comments have been filed. NHMC said it filed several Freedom of Information Act requests to the FCC for "evidence critical to the proceeding." Its initial May 1 FOIA request sought open internet consumer complaints filed since the 2015 order became effective and documents on the open internet ombudsperson's interactions with internet users. NHMC Director-Legal Affairs Carmen Scurato said the FCC documents would provide "essential insight" into maintaining the 2015 order. "The FCC has confirmed that there is an overwhelming amount of responsive documents, therefore the disclosure of this information must be paired with sufficient time for members of the public to review and contribute meaningful input,” she said. NHMC said the more than 47,000 consumer complaints, plus the ombudsperson documents would help answer the NPRM's questions about consumer harm, safeguards and positive impact of reclassification. The FCC didn't comment.

Consumer Watchdog wants federal regulators to block Amazon’s $13.7 billion Whole Foods buy (see 1706160020) until “the online retailing giant” ends the “deceptive pricing practices that falsely lead consumers to believe they are getting deals with discounted prices,” the nonprofit told the FTC and DOJ in a Thursday letter. Amazon frequently displays a “reference price” for comparison with a “current sale price,” giving buyers the false impression they're saving money, said Consumer Watchdog. “Our research shows that these reference prices often have no basis in reality. Amazon is not competing on the basis of price in a way that would benefit consumers. Rather, it is competing deceptively by claiming a discount from an entirely bogus price.” Amazon representatives didn’t comment Friday.

The FCC, which has a public database of more than 5 million net neutrality comments with filers' names, addresses and email addresses, should collect only personally identifiable information (PII) it needs and de-identify data made public, wrote Technology Policy Institute research fellow Sarah Oh and research associate Brandon Silberstein in a RealClearPolicy commentary. "If there is one saving grace to the FCC’s public disclosure problem, it’s that its system is so bad that it’s hard to know which comments are real and which are machine-generated," they wrote. Bot-generated comments are also a problem and the FCC should use CAPTCHA technology or require users to create accounts to verify that humans are actually submitting comments, they wrote. Groups on both sides of the net neutrality issue are claiming hundreds of thousands of comments from either side are phony (see 1705310019). Oh and Silberstein wrote the FCC should follow FTC recommendations on data accuracy and security, collection limit and retention practices. The FCC's system has no privacy safeguards and may be collecting more PII than it needs, they said. "The highly publicized nature of the net neutrality-Title II proceedings simply serves to increase the exposure risk," they said.

Access Now said U.S. expansion and misuse of surveillance authorities is just one of several issues that could be a problem for the viability of the EU-U.S. Privacy Shield. The privacy organization sent a 16-page letter Wednesday to Bruno Gencarelli, head of the European Commission's Data Protection Unit, who's seeking feedback (see 1707050019) from nongovernmental groups ahead of the September review (see 1704200034). In a Thursday news release, Access Now U.S. Policy Manager Amie Stepanovich called Section 702 of the Foreign Intelligence Surveillance Act Amendments Act "one of the most invasive" U.S. tools (see 1706070047) but said making substantive changes to it would show the U.S. is seriously committed to human rights. "Without this commitment, though, it’s hard to see how Privacy Shield can survive,” she added. Section 702, which permits U.S. intelligence agencies to spy on foreign targets overseas, will sunset Dec. 31 unless reauthorized. Access Now also cited other issues, including: "the absence of an operating" five-member Privacy Civil Liberties Oversight Board, which has four vacancies; an insufficiently independent ombudsperson, who lacks investigatory powers; inadequate redress mechanisms for individuals; repeal of FCC broadband privacy regulations (see 1705180029); and extreme vetting of travelers to the U.S., including access to social media accounts (see 1702210007).

Blue Global Media, which the FTC said "enticed" consumers to complete online loan applications, agreed to settle charges that the company sold sensitive information to other entities with "little regard to how it would be used," said the agency in a Wednesday news release. The commission voted 2-0 to file the complaint and proposed stipulated order in the U.S. District Court for the District of Arizona. The complaint said the Arizona-based company and CEO Christopher Kay operated at least 38 websites that solicited loan applications and collected information including names, addresses, email addresses, birth dates, bank routing numbers, driver's license and state identification numbers, phone numbers and Social Security numbers. The FTC said the company then sold the consumer information "indiscriminately without consumers' knowledge or consent." When consumers complained, the company didn't investigate or take action, the agency said. The company is barred from misrepresenting that it can provide favorable loan rates and terms. It must also secure personal data, identify and verify the types of businesses with which it shares the data and must get consumers' consent for disclosures, the FTC said. The order includes a $104 million judgment, which is suspended because of defendants' inability to pay, said the agency. A company website didn't work Wednesday and a phone number rang several times before disconnecting.

A coalition of civil society groups filed an amicus brief last week in a suit that involves the government preventing Facebook from notifying some users their information is being sought possibly in connection to the Jan. 20 presidential inauguration protests, blogged the Electronic Frontier Foundation Wednesday. The EFF-led coalition, which also includes Access Now, the Center for Democracy & Technology and New America’s Open Technology Institute, filed the brief last week. EFF staff attorneys Nate Cardozo and Andrew Crocker blogged that the case is sealed but Facebook is fighting several gag orders for search warrants for user content. They said Facebook petitioned the D.C. Court of Appeals -- after it lost a challenge in D.C. Superior Court -- to open the proceeding to amicus briefs "and to reveal that Facebook argues that 'neither the government’s investigation nor its interest in Facebook user information' is a secret." (A search of the case in the court's online system was unsuccessful.) Cardozo and Crocker speculated the warrants are related to the presidential inauguration day protests when D.C. police "arrested hundreds of protestors, charging many with felony rioting." More than 200 people were arrested and indicted on felony rioting charges in protests during the day, according to media reports. Cardozo and Crocker wrote that in late January some defendants had received a notice from Facebook that law enforcement had subpoenaed their noncontent account information. The gag orders, said EFF, infringe on the First Amendment and invade Facebook users' rights "to speak and associate anonymously on a matter of public interest" and be given notice and the opportunity to challenge the warrants. "As we point out in our brief, if the government’s investigation into the Facebook accounts is already known, there’s no way that a gag can prevent any harm flowing from notifying the users and allowing them to challenge the search warrants," wrote Cardozo and Crocker. Oral argument for the case is scheduled for September even though the case is sealed, they added. A Facebook spokesman emailed there "are important First Amendment concerns with this case, including the government’s refusal to let us notify three people of broad requests for their account information in connection with public events." He said the company appreciates the support of companies and civil society organizations "in arguing for people’s constitutional rights to learn about and challenge these search warrants.”

The Center for Digital Democracy is urging the EU-U.S. Privacy Shield be suspended because Europeans' personal information isn't being adequately protected. "EU citizens and consumers who deal with companies enrolled in the Privacy Shield program confront a serious erosion of their data protection and privacy rights," wrote CDD Executive Director Jeff Chester in a Wednesday letter to Bruno Gencarelli, head of the European Commission's Data Protection Unit. Gencarelli formally requested feedback from CDD and other nongovernmental organizations as the agreement approaches its first review in September (see 1704200034). Chester wrote that EU data protection authorities should suspend the program "in light of its lack of any policies, rules, or enforcement that would provide [meaningful] adequacy or equivalency" and U.S. companies should operate under the general data protection regulation that will take effect next year. Chester said there's "no effective legal framework" protecting consumer privacy in the U.S. and that Privacy Shield allows "far-reaching data use practices" with key EU policies being ignored. He added self-certification is "both inadequate and dangerous" and the program's website is full of "typos, broken links, and sloppy data entry" suggesting a "disregard for its operations." There were 2,274 organizations enrolled in the program as of Wednesday, according to the Privacy Shield website.

The U.K.'s Royal Free NHS Foundation Trust "failed to comply" with the nation's data protection law when it provided personal data of about 1.6 million patients to Google, said the Information Commissioner's Office, the country's data protection watchdog, in a Monday news release. “Our investigation found a number of shortcomings in the way patient records were shared for this trial. Patients would not have reasonably expected their information to have been used in this way, and the Trust could and should have been far more transparent with patients as to what was happening," said Information Commissioner Elizabeth Denham. It asked the trust or hospital network to make changes to comply with the law. The data shared was part of a "trial to test an alert, diagnosis and detection system for acute kidney injury," the release said. In 2016, the trust forged a five-year deal with Google DeepMind, an artificial intelligence unit, to develop an app for better detection. The trust said in a statement it fully cooperated with the ICO investigation that began more than a year ago and welcomes guidance on how patient data can be processed to test new technology. "We are now doing much more to keep our patients informed about how their data is used," it added. Google didn't comment. ICO said the data protection law isn't a hindrance to innovation but "it does need to be considered wherever people's data is being used."

A federal judge granted Facebook's motion to dismiss a class-action lawsuit that alleged the company violated people's privacy by tracking their browsing activity on third-party websites. Judge Edward Davila of the District Court for the Northern District of California said in Friday's decision (in Pacer) the plaintiffs lacked standing and failed to state a claim. In the case, which dates from 2012 and previously was dismissed before a second amended complaint was filed, several plaintiffs alleged Facebook used "like" buttons in third-party websites to track their private internet browsing history. "Plaintiffs allege that Facebook’s cookies enable it to uniquely identify users and correlate their identities with their browsing activity, even when users are logged out of Facebook," wrote Davila. He said in the second amended complaint the plaintiffs alleged Facebook's actions violated the Wiretap Act, the Stored Communications Act and the California Invasion of Privacy Act (CIPA), among other statutes. Under the Wiretap Act and CIPA, Davila said, plaintiffs alleged Facebook intercepted their communications through acquisition of URL data. But he said Facebook doesn't intercept communications because a user's web browser automatically sends information to Facebook and the third-party website. Davila said the second amended complaint contains "no new facts that establish economic harm or loss" and therefore lacks standing. A Facebook spokeswoman said the company was pleased with the ruling. Plaintiffs' lawyers didn't comment.