The House plans to vote this week on foreign surveillance legislation, an aide for House Speaker Mike Johnson, R-La., told us Friday.
Data Brokers and Delete Acts
Data brokers aggregate and sell personal data—often without clear user awareness. In response, many U.S. states are passing “delete acts” and other laws to increase transparency, require registration and give users control over data sales. These laws will reshape compliance and collection practices for brokers and companies relying on third-party data. This page tracks legislation, rulemaking and enforcement trends affecting the data brokerage industry.
Recent House legislation attempting to force ByteDance to divest TikTok raises constitutional issues and doesn’t address broader privacy concerns, Sens. Ron Wyden, D-Ore., and Rand Paul, R-Ky., told reporters Thursday, creating a bipartisan roadblock in the upper chamber.
Bills meant to protect kids online advanced in multiple state legislatures this week. On Wednesday, the Vermont Senate unanimously passed a children’s privacy bill (S-289) requiring an age-appropriate design code. It will go to the House. The same day in Illinois, the House Consumer Protection Committee voted 9-0 to advance a kids’ social media bill (HB-5380) that would require large social media platforms to make application programming interfaces (API) available so that third-party software providers can create tools for parents to manage their children’s activity on the platform. And in Alabama, the Senate Judiciary Committee cleared the House-passed HB-164 with a short amendment. The bill would require a reasonable age-verification method to restrict those younger than 18 from accessing pornographic websites. On Tuesday, Alabama’s Senate Fiscal Responsibility Committee cleared a privacy bill (SB-213) that would require data brokers to register with the state. A Pennsylvania House committee that day advanced a social media bill requiring age verification (see 2403190050).
The House on Wednesday unanimously approved TikTok-related legislation that would ban data brokers from transferring “sensitive” U.S. information to “foreign adversaries” such as China. Meanwhile, the Senate Commerce Committee and the Senate Intelligence Committee are planning a joint hearing about their legislative options.
The House voted 352-65 Wednesday to approve legislation that would ban TikTok in the U.S. if Chinese parent company ByteDance doesn’t divest the app in six months (see 2403120062).
Prepare for more California privacy activity in coming months, California Privacy Protection Agency Senior Privacy Counsel Lisa Kim said Wednesday. Kim previewed CPPA enforcement, rulemaking and legislative work at a virtual FCBA privacy symposium Wednesday. A growing patchwork of state privacy laws makes it difficult for businesses to create a good consumer experience for making privacy choices, said corporate privacy practitioners during a later panel.
The House Commerce Committee on Thursday unanimously passed legislation (see 2403050051) that could lead to a U.S. ban on the popular Chinese-owned social media app TikTok. The legislation is poised for floor action after gaining public support from House Speaker Mike Johnson, R-La., on Thursday.
The House Commerce Committee on Thursday will mark up two national security-related bills targeting TikTok, including one from Chair Cathy McMorris Rodgers, R-Wash., and ranking member Frank Pallone, D-N.J.
President Joe Biden on Wednesday signed an executive order directing DOJ to establish rules blocking large-scale transfers of Americans’ personal data to entities in hostile nations.
Avast misrepresented itself and sold user data without consent, the FTC alleged in a $16.5 million settlement announced with the U.K.-based software company Thursday. Since at least 2014, Avast has collected consumer browsing data through its browser extensions and antivirus software, according to the FTC complaint. Until 2020, Avast’s subsidiary Jumpshot sold the browsing information to more than 100 third parties, including “advertising, marketing and data analytics companies and data brokers,” the agency said. The company claimed it used an algorithm that removed identifying information but failed to “sufficiently anonymize consumers’ browsing information that it sold in non-aggregate form through various products,” the agency said. Chair Lina Khan said in a joint statement with Commissioners Rebecca Kelly Slaughter and Alvaro Bedoya: “Exposing people’s detailed browsing data in ways that can be traced back to them marks an invasion of privacy and is likely to cause substantial injury. ... Businesses that sell or share browser history data without affirmatively obtaining people’s permission may be in violation of the law.” An attorney for Avast didn't comment.