A California proposal to allow people without social security numbers (SSNs) to sign up for low-income telecom support was mostly supported in comments Friday at the California Public Utilities Commission. However, consumer advocates sought tweaks to the CPUC staff proposal to ensure maximum inclusion and disagreed with T-Mobile’s Assurance Wireless on whether accepting applications without SSNs should be mandatory. Other companies generally praised the staff plan while seeking more clarity on certain details.
The number of states with privacy laws reached 18 after Maryland Gov. Wes Moore (D) signed SB-541/HB-567 on Thursday. Vermont and Minnesota could soon join the ranks. While not first, Maryland “sets the new standard” for state privacy laws and “raises the bar” for Congress, said Caitriona Fitzgerald, Electronic Privacy Information Center (EPIC) deputy director, in an interview. Meanwhile, in California, the first state with a privacy law, board members of the California Privacy Protection Agency (CPPA) slammed the preemptive current draft of a privacy bill from Congress.
The American Privacy Rights Act is “an important bipartisan compromise” Congress can use as a foundation for passing a federal privacy law (see 2404160034), Senate Data Security Subcommittee Chairman John Hickenlooper, D-Colo., said Wednesday during a subcommittee hearing on protecting consumer data. Introduced by Senate Commerce Committee Chair Maria Cantwell, D-Wash., and House Commerce Committee Chair Cathy McMorris Rodgers, R-Wash., APRA provides a strong federal standard with data minimization rules, Hickenlooper said, so companies aren’t collecting “everything they can.” He noted states aren’t waiting for Congress on privacy. Indeed,16 states, including Colorado, have passed or are in the process of approving privacy laws. Without a federal privacy law, the U.S. risks further ceding its authority to states and foreign governments, which is creating regulatory “headaches” for businesses, ranking member Marsha Blackburn, R-Tenn., said.
Maine’s privacy bill died after lawmakers tried a second time to pass LD-1977 through the Senate on Wednesday. Earlier in the day, the House approved the bill, but the Senate narrowly defeated it (see 2404170069). Undaunted, the House insisted on acceptance, a procedural move that forces the other chamber to vote again. However, the Senate responded by insisting on rejecting the bill, leaving the bill to die in nonconcurrence. Privacy watchers said LD-1977 was notable for proposing strict data minimization standards (see 2403270045).
Maine’s comprehensive data privacy bill came up short in the state Senate on Wednesday. The bill appeared to fail when senators voted 15-18 on a Judiciary Committee majority recommendation that LD-1977 by Rep. Margaret O’Neil (D) “ought to pass.” The House narrowly passed the bill a day earlier in a 75-70 vote. The bill isn't necessarily dead. When the chambers disagree, Maine's legislative process allows each body to insist on their vote. This forces the other side to vote again. A conference committee could also be requested. Both chambers agreed to kill an alternative bill (LD-1973) by Sen. Lisa Keim (R). The House supported a majority recommendation that the bill “ought not to pass” by a 81-63 vote Wednesday. The Senate voted 18-14 for that recommendation on Tuesday. Privacy watchers said LD-1977 is notable for proposing strict data minimization standards (see 2403270045).
A key privacy negotiator for House Republicans said Tuesday he’s “optimistic” privacy legislation can be expedited and signed into law “very soon.” House Consumer Protection Subcommittee Chairman Gus Bilirakis, R-Fla., said in a statement Tuesday he was “glad” to see House Commerce Committee Chair Cathy McMorris Rodgers, R-Wash., and Senate Commerce Committee Chair Maria Cantwell, D-Wash., release “historic draft legislation” (see 2404080062). Bilirakis lauded the lawmakers for including a state preemption provision and data minimization measures: “The end result is a product that will help safeguard all Americans' sensitive data, maximize transparency, and empower users to control how their personal information is collected, used, and stored.” Sen. Jerry Moran, R-Kan., an original member of the Senate Commerce Committee’s privacy working group (see 1906270053), said Tuesday he expects the panel will hold hearings and “produce a bill that protects consumers and fosters an environment which promotes innovators and job creators.” A comprehensive federal privacy law would help solve issues related to children’s online data collection and foreign access to U.S. user information, he said.
The House Commerce Committee plans to mark up a bipartisan, bicameral privacy bill this month, Chair Cathy McMorris Rodgers, R-Wash., announced Sunday in a draft bill agreement with Senate Commerce Committee Chair Maria Cantwell, D-Wash.
Maryland legislators received strong responses after sending privacy and online safety bills to Gov. Wes Moore (D) for final approval. Consumer Reports (CR) applauded the General Assembly for the comprehensive privacy bill (SB-541/HB-567) that it said exceeded other states’ laws in certain ways. On the other hand, tech industry group NetChoice bemoaned a growing patchwork of state laws, 16 and counting.
The California Privacy Protection Agency posted guidance on complying with data minimization requirements of the California Consumer Privacy Protection Act (CCPA). It’s the Enforcement Division’s first CCPA advisory, the agency said Tuesday. “We intend for our Enforcement Advisories to promote voluntary compliance, but sometimes stronger medicine will be in order,” said Deputy Director of Enforcement Michael Macko. The division has noticed “that certain businesses are asking consumers to provide excessive and unnecessary personal information in response to requests that consumers make under the CCPA,” the advisory said.
Federal agencies have 60 days to designate a chief AI officer who will be responsible for ensuring the government is minimizing AI-related impacts on civil rights and safety, Vice President Kamala Harris said Thursday. Harris announced OMB policies designed to protect against risks like bias and discrimination. The White House sent a memorandum to all executive departments and agencies, as directed under President Joe Biden’s AI executive order. It applies to civilian and military agencies, but there are exceptions and waivers for national security and law enforcement. The memo lays out safeguards, including impact assessments, that agencies must adopt when using AI. OMB said AI systems are “rights-impacting” if there’s a “legal, material, binding or similarly significant effect” on rights. In addition, agencies would have to apply specific transparency standards including the publication of AI uses and justifications. The memo grants travelers the right to opt out of airport facial recognition systems that the Transportation Security Administration controls. Exceptions and waivers for national security, intelligence and law enforcement could “significantly undercut” the document’s intentions, the American Civil Liberties Union said in a statement Thursday. Harmful and discriminatory uses of AI by national security agencies and state agencies “remain largely unchecked,” ACLU Senior Policy Counsel Cody Venzke said. The ALCU highlighted risks associated with law enforcement’s use of algorithmic systems like facial recognition and predictive policing systems, which produce “harmful results.” The Center for Democracy & Technology credited OMB for following stakeholder recommendations about improving agency transparency and government procurement of AI services. CDT said the White House missed an opportunity for establishing data minimization standards. Moreover, the administration should have provided a redress process if a chief AI officer “inappropriately grants a waiver,” CDT added. There’s “no recourse to challenge the validity of the decision to exempt AI uses.”