WASHINGTON, August 8, 2019 – News of another data breach at Facebook marketing partner Hyp3r on Thursday prompted more demands for federal privacy legislation.
According to the non-profit group Public Knowledge, Hyp3r collected public records of Instagram users’ geolocation, personal bios, followers, metadata and photos – all without users’ consent.
“It’s well past time for Congress to enact strong, comprehensive federal privacy legislation,” said Dylan Gilbert, policy fellow at Public Knowledge.
As long as companies operate free of strong consumer privacy and security laws, he said, companies will continue to turn a blind eye to user privacy and security violations.
Instagram, which is owned by Facebook, said it has terminated its partnership with Hyp3r. Hyp3r had been using data harvesting tools to download users’ Instagram stories that are supposed to auto-delete after 24 hours.
Hyp3r also reportedly took advantage of a security lapse in the Instagram app to harvest posts tagged with geofenced locations. In both cases, only public accounts were compromised.
In the wake of Facebook’s Cambridge Analytica scandal, Instagram had begun disabling parts of its API, including location tools. However, Instagram’s faulty implementation of API rollbacks prompted Hyp3r to create tools that take advantage of these discrepancies, according to a report in Gizmodo.
Hyp3r saved the content and then used the information to build and sell extensive profiles of users’ daily lives, said Gilbert. While this was done in violation of Instagram’s rules, Hyp3r appears to have been free of any meaningful oversight from Instagram or Facebook.
Rules should be put in place that will empower consumers to better control their data, said Gilbert. The situation is also unsurprising, given that Facebook likely indirectly profited from Hyp3r’s data collection via the Facebook ad manager tool.
(Photo from Hyp3r’s Twitter stream.)
Experts Wrangle Over Whether Online Children Protection Legislation Needs Overhaul
‘We can’t keep overhauling the regulatory structure.’
WASHINGTON, June 21, 2022 – Observers at an Information Technology and Innovation Foundation event on Wednesday urged Washington not to take legislation protecting children online down the path of congressional overhaul, instead preferring guidance for the existing text to come from its administrator, the Federal Trade Commission.
The Child Online Privacy Protection Act, passed in 1998, includes online data protections for children under 13. In 2013, as designated by Congress, the FTC updated enforcement rules, giving parents more control over the online collection of their children’s personal information.
Since then, new advances in technology and social media has brought COPPA to the attention of many who consider substantive changes are needed, including privacy experts, senators and U.S. President Joe Biden, who addressed it in his State of the Union address earlier this year.
Some lawmakers have long called for an age increase for those protections through legislative reforms, which came before lawmakers this month introduced a proposal for the first federal privacy law, which would include data privacy protections for children under 17.
“We can’t keep overhauling the regulatory structure,” said Julia Tama, partner at law firm Venable LLP. “It takes a big investment for companies to come up to speed.”
Instead, she said, she wants “improvements on what we have rather than replacing it with a completely different framework.”
In May, the FTC issued a policy statement that will guide its enforcement of COPPA. It focused on four provisions: limiting the amount of data collected for children’s access to educational tools; restricting types of data collected and requiring reasons for why they are being collected; prohibiting ed tech companies from holding on to data for speculative purposes; and prohibiting the use of the data for targeted advertising purposes.
Graham Dufault, senior director for public policy at the App Association, said the FTC should be responsible for potential provisions made to COPPA. “The FTC’s enforcement of COPPA is a really important thing for us.”
But panelist James Cooper, associate professor of law and director of the program on economics and privacy at George Mason University, said COPPA isn’t in need of any major revisions. He said if the legislation requires change, he doesn’t want to see it done through FTC policy statements and instead should come from the crafters in Congress.
“If the FTC feels [the need to] expand COPPA beyond its current boundaries, it should go back to Congress,” Cooper said.
Expand Online Protections for 17-Year-Olds in Draft Federal Privacy Law, Committee Urged
The draft privacy law includes a provision to enhance privacy protections online for children under 17.
WASHINGTON, June 16, 2022 – Panelists before the subcommittee on consumer protection and commerce recommended Tuesday that a newly-crafted draft for federal privacy legislation introduced earlier this month include online protections for 17-year-olds.
The draft of the American Data Privacy and Protection Act, which would be the first federal privacy law, includes a provision to enhance privacy protections online for children under 17, including restrictions on Big Tech platforms’ data collection and targeted advertisements to those age groups.
But testimony from Jolina Cuaresma, senior counsel on privacy and technology policy at Common Sense Media, suggested that the language include 17-year-olds as well.
If the bill becomes law, she said this would provide a substantial upgrade to the Child Online Protection Privacy Act, which provides online protections for children under 13. “We need to cover all minors under the draft’s protections,” Cuaresma said, adding, “one in four children between the ages of 9 and 17 have had a sexual encounter with an adult online.”
With ongoing discussion about potential changes to COPPA and ensuring children’s privacy online due to increasing use of online educational tools and social media, Rep. Kathy Castor, D-Fl, stated during the hearing, “there is room for improvement in the draft for children’s protections.”
Big Tech regulation
Witnesses also said the draft should make clearer limits for Big Tech companies. Caitriona Fitzgerald, deputy director of the Electronic Privacy Information Center, said, “technology companies have too much power” and have been unregulated for too long. She urged the bill to define responsibilities more clearly for big tech companies, individuals, states, and federal entities.
Chairman Frank Pallone Jr. of the energy and commerce committee stated that if the bill passes, “our kids will be protected from abusive advertising and data transfers, and businesses will be required to protect consumer data or face real consequences.
“Comprehensive national privacy legislation is necessary to limit the excesses of Big Tech and ensure Americans can safely navigate the digital world,” said Pallone.
Draft of Bipartisan ‘Years-in-the-Making’ Privacy Bill Released
The bill is bipartisan, and a joint effort between the House Energy and Commerce Committee and the Senate Commerce Committee.
WASHINGTON, June 3, 2022 – Leaders of the House Committee on Energy and Commerce and the Senate Commerce Committee announced on Friday a discussion draft of a “comprehensive” data privacy bill that they say has been in the making for years.
The bipartisan bill overall addresses a national data privacy framework, a set of consumers’ data privacy rights and appropriate enforcement mechanisms.
The release was announced by the House committee’s Chairman Frank Pallone, D-N.J., its ranking member Rep. Cathy McMorris-Rodgers, R-Wash., and the Senate committee’s ranking member Sen. Roger Wicker, R-Miss.
“In the coming weeks, we will be working with our colleagues on both sides of the aisle to build support and finalize this standard to give Americans more control over their personal data,” they said.
“We welcome and encourage all of our colleagues to join us in this effort to enable meaningful privacy protections for Americans and provide businesses with operational certainty. This landmark agreement represents the sum of years of good faith efforts by us, other members, and numerous stakeholders as we work together to provide American consumers with comprehensive data privacy protections.”
They called the release of the draft a “critical milestone.”
The proposed bill would grant Americans protections against discriminatory use of their data, require covered entities to minimize on the front end the data they collect, enforce loyalty duties and prevent customers from needing to pay for privacy, prohibit targeted advertising for covered entities, enhance data protections for children and minors and establish “regulatory parity” across the internet.
Child privacy has been a particular topic of interest on Capitol Hill, with several high profile hearings taking place with social media companies to investigate their practices of catering to teenage users.
- FCC Opens Broadband Data Collection Program
- FCC Commissioner Supports Rural Telco Efforts to Implement ‘Rip and Replace’
- States Must Ease Zoning, Permit Regulations for Broadband Buildouts
- Broadband Prices Decline, AT&T’s Fiber Build in Texas, Conexon Partners for Build in Georgia
- Leo Matysine: The Impact of C-Band on Advancements in Mobile and Fixed Broadband
- Proposed Antitrust Legislation Not the Way to Regulate Big Tech, Panelists Say
Signup for Broadband Breakfast
Broadband Roundup2 months ago
Google Facing App Store Suit, Shareholder Suit Against Twitter Buy, Fiber Optic Technician Training Nationwide
Fiber2 months ago
AT&T Q1 Reflects Fiber Growth, Fixed-Wireless Still Plays Crucial Role for Rural Americans
Broadband Roundup3 weeks ago
Crypto Regulation Bill, Ziply Fiber Acquires EONI, AT&T Tests 5G via Drone
Broadband Roundup1 month ago
AT&T and DISH Agreement, FCC Adds More States in Robocall Fight, $50M from Emergency Connectivity Fund
Fiber2 weeks ago
AT&T Says Gigabit Download Speed Demand Continues to Grow
Broadband Roundup3 weeks ago
Global Tech Competition Bill, AT&T Hits 20 Gbps Symmetrical, Hargray Fiber in Georgia
#broadbandlive3 months ago
Broadband Breakfast for Lunch on June 8, 2022 — Preparing for Federal Broadband Funding with the Rural Utilities Service’s Christopher McLean
Broadband Roundup2 months ago
AT&T’s 911 Tech, Russia Cyberattacks, Musk’s Twitter Would Reinstate Trump