Privacy Insider newsletter: April 27, 2021

Welcome to Privacy Insider, a round-up of the week's most important stories.

For those of us who've been watching the regulatory space surrounding data privacy in the U.S., there was some important news out of the Supreme Court last week. If you missed it, the court ruled that the Federal Trade Commission can't continue using the method it's been using to get money from companies accused of deceiving or being unfair to consumers.

It's an important ruling because the FTC is the only privacy cop we've got here in the U.S. While states attorneys general can bring cases, federally, the FTC is responsible for protecting consumers. So when the court ruled that it was taking away a powerful enforcement tool, the immediate question that came to mind became: Who's going to man the post now? Will companies become more reckless or noncompliant with privacy laws if they know the cop on the beat has been hobbled?

To be clear, the FTC can still get money from guilty companies. But it has to use a lengthy administrative process — Section 19 of the FTC Act —  to do so, one that doesn't allow it to move nimbly.

Both of the sources I spoke to for the story I wrote on this (included below) say while the court's ruling does cripple the agency in the short term, it's likely legislators will react by introducing bills that would give the FTC increased powers once and for all. One lawmaker has introduced a bill to do just that by amending the FTC Act itself.

"The COVID-19 pandemic has given rise to an increase of scams and fraud that prey on consumers' fears and financial insecurities," Cardenas said in a statement upon releasing the bill. "Inaction is not an option and will only embolden these bad actors."

The good news for the FTC is there's a lot of bipartisan support to help it do its job by increasing federally allocated funds to give it the resources and staffing it needs. But now, it's up to Congress to get it done.

Whether it will and how long that could take is anyone's guess. 

Enjoy reading, and I'll see you next week! 

1. Bipartisan bill would ban gov’t access to data brokers’ troves

   Two U.S. Senators have proposed legislation that would require government agencies to get a court order to access data from data brokers, TechCrunch reports. Senators Ron Wyden, D-Ore., and Rand Paul, R-Ky., say the Fourth Amendment Is Not for Sale Act would close a loophole law enforcement agencies commonly use for access to sensitive data they wouldn’t normally have. “There’s no reason information scavenged by data brokers should be treated differently than the same data held by your phone company or email provider,” Wyden said.
   Read Story

   2. Supreme Court strips FTC of ‘strongest tool’ 

   Last week, the Supreme Court ruled that the U.S. Federal Trade Commission cannot go directly to court to fine companies accused of deceptive business practices. That's a big hammer to bring down because the Federal Trade Commission is the de facto privacy enforcer in the U.S. The agency often enforces privacy and data protection cases under its Section 5 mandate to protect consumers from unfair or deceptive practices. This piece looks at the ruling’s potential impact on policing privacy in the U.S.
   Read Story

   3. Google’s contact-tracing app wasn’t as private as promised

   While Google promised anonymity and privacy to those adopting their COVID-19 contact tracing apps, it fell short, The Markup reports. Researchers at privacy analysis firm AppCensus found that preinstalled apps on Android devices can access data the contact tracking apps store in system logs, the report states. AppCensus told Google about the privacy flaw in February, but the company failed to address it. A Google spokesperson said an update “will be complete in the coming days.”
   Read Story

   4. Months later, Apple rolls out hotly contested privacy feature

   This week, Apple finally released its new privacy feature for iPhone and iPad operating systems. When users install the App Tracking Transparency update, device apps will have to get user consent to track their online movements. Apple and Facebook have been feuding publicly for months. Facebook says Apple is forcing apps to charge for services instead of relying on ads, and Apple says it’s protecting users as data, including sensitive data, is increasingly amassed on smartphones.
   Read Story

   5. Chinese regulators publish draft guidelines for app privacy 

   Chinese regulators published draft guidelines on how apps must protect user privacy, Reuters reports. The rules say apps must disclose the personal information they’ll collect and why. They also say apps can’t collect personal data without consent and that they should send users a notification when processing sensitive information like race, biometrics, location or financial data. Regulators are seeking comment from the public until May 26.
   Read Story

   6. Despite privacy rule violations, court approved FBI’s warrantless surveillance

   The U.S. Foreign Intelligence Surveillance Court approved the FBI’s use of a warrantless surveillance authority last year even though it also found the FBI had repeatedly violated rules in place to protect Americans’ privacy, The Washington Post reports. In a redacted court ruling made public on April 26, the judge said while there was evidence of misuse, the FBI had improved its systems and training since then and “the coronavirus pandemic has limited the government’s ability to monitor compliance,” the report states.
   Read Story