Director of National Intelligence Avril Haines should direct intelligence agencies to limit purchases of data about Americans when collection of the data meets FTC standards, Sen. Ron Wyden, D-Ore., wrote in a letter Thursday. Wyden released documents he said confirm that the NSA “buys Americans’ internet records, which can reveal which websites they visit and what apps they use.” He noted the FTC issued a recent order (see 2401090081) holding “that data brokers must obtain Americans’ informed consent before selling their data.” The federal government shouldn’t be “funding and legitimizing a shady industry whose flagrant violations of Americans’ privacy are not just unethical, but illegal,” Wyden wrote. “To that end, I request that you adopt a policy that, going forward, IC elements may only purchase data about Americans that meets the standard for legal data sales established by the FTC.” He urged the DNI to direct agencies to inventory purchased data, determine whether it meets FTC standards, and purge whatever doesn’t. DNI didn’t comment.
The FTC is examining Alphabet, Amazon and Microsoft to see if they are unfairly exerting undue control over AI markets, Chair Lina Khan announced Thursday.
Passing a data broker registration bill would help Washington state better understand the industry's scope, Rep. Shelley Kloba (D) said Friday as the state’s House Consumer Protection Committee heard testimony on Kloba’s HB-2277 during a livestreamed hearing. The bill would require data brokers to register with the state. Submitted information would appear on a public website. Brokers are selling data that people generate during daily activities online, through connected devices and while driving cars, said Kloba: It often happens without a person’s permission. The committee also mulled multiple AI bills, including HB-1934, which would establish an AI task force and HB-1951, which attempts to prevent algorithmic discrimination. "Sometimes we have to put guardrails around things to protect people's civil liberties and to keep people safe,” said HB-1934 sponsor Rep. Travis Couture (R). Rep. Clyde Shavers (D) said his HB-1951 is an “incremental first step to make sure that the use of artificial intelligence helps, not harms us."
The California Privacy Protection Agency, the nation's first dedicated privacy regulator, has “many investigations underway,” Executive Director Ashkan Soltani said at a partially virtual CPPA board meeting Friday. Soltani estimated that the agency has received about 100 complaints from consumers since forming in 2021. The CPPA’s data broker registry is up and running after a 2023 bill transferred it to the agency from the California DOJ, Soltani said. Many have since registered and CPPA plans to publish a list of registrants in March, he said. Staff is preparing a proposed rulemaking package including cybersecurity risk assessments, automated decision-making technology for the next board meeting, said Soltani: Staff is incorporating feedback from board members after the Dec. 8 meeting (see 2312080064). In addition, staff is writing draft language and speaking with possible legislative authors for a potential bill that would require browser vendors to let users exercise their California privacy rights through a global opt-out signal, said Maureen Mahoney, deputy director-policy and legislation. “We’re confident that we have adequate resources to effectively sponsor the bill.” CPPA's board voted at last month’s meeting to advance the legislative proposal. The board considered a draft 2024-27 strategic plan with the mission statement: “Protect consumers’ privacy, ensure that businesses and consumers are well-informed about their rights and obligations, and vigorously enforce the law against businesses that violate consumers’ privacy rights.”
Data brokers don’t have a “free license” to sell sensitive location data, FTC Chair Lina Khan said Tuesday, announcing the agency’s first ban on selling location data. The agency announced a nonmonetary settlement with Virginia-based X-Mode Social and Outlogic, its successor. Until May, the company lacked policies "to remove sensitive locations from the raw location data it sold,” the FTC said. X-Mode/Outlogic didn’t “implement reasonable or appropriate safeguards against downstream use of the precise location data it sells, putting consumers’ sensitive personal information at risk,” it added. The commission approved a consent order 3-0 with the company. X-Mode now faces fines of up to $50,120 per violation for future infractions. X-Mode must implement a program with continuous review of its data sets and prevent disclosure of sensitive location data. In addition, it must delete all location data it previously collected. Sen. Ron Wyden, D-Ore., applauded the agency for “taking tough action to hold this shady location data broker responsible.” He said that in 2020, he “discovered that the company had sold Americans' location data to U.S. military customers through defense contractors.” The FTC action is “encouraging,” but Congress needs to pass legislation allowing regulators to hold data brokers more accountable, Wyden said. An attorney for X-Mode didn’t comment Tuesday.