A Maine privacy bill with strict data minimization standards is moving to the final stages. The joint Judiciary Committee voted 7-1 Tuesday evening to say that the Democratic caucus’ LD-1977 “ought to pass,” while rejecting a Republican alternative (LD-1973). A nuanced exemption for broadband providers, currently in LD-1977, could mean that the proposed law would still apply to mobile services provided by a company that’s covered by the state’s 2019 ISP privacy law, two consumer privacy advocates said Wednesday.
Pennsylvania House members approved legislation Tuesday that would establish age-verification and content-flagging requirements for social media companies. The House Consumer Protection Committee advanced HB-2017 to the floor with a 20-4 vote. Four Republicans voted against, citing privacy and free speech concerns. Introduced by Rep. Brian Munroe (D), the bill would grant the attorney general sole authority to impose penalties against platforms that fail to gain proper age verification and parental consent or fail to flag harmful content for parents. The committee removed a private right of action from the legislation during Tuesday’s markup. Munroe said the bill requires platforms to strengthen age verification by requiring consent from a parent or legal guardian. It also requires that they monitor chats and notify parents of sensitive or graphic content. Once notified, parents can correct the problem, said Rep. Craig Williams (R). Rep. Lisa Borowski (D) called the bill a “small step” toward better protecting young people. Rep. Joe Hogan (R) said legislation shouldn’t increase Big Tech's control over what’s permissible speech, citing data abuse from TikTok. He voted against the bill with fellow Republicans, Reps. Abby Major, Jason Ortitay and Alec Ryncavage. The Computer & Communications Industry Association urged legislators to reject the proposal, saying increased data collection requirements create privacy issues, restrict First Amendment rights and conflict with data minimization principles.
Meta is violating the EU data protection law by requiring users to pay for ad-free service or consent to the use of their personal data, eight European consumer groups alleged Thursday. Meta didn't immediately comment. The groups, from the Czech Republic, Denmark, Greece, France, Norway, Slovakia, Slovenia and Spain, are European Consumer Organisation (BEUC) members. In complaints filed with their national data protection authorities (DPAs), they charged the tech giant with failing to comply with GDPR principles of fair processing, data minimization and purpose limitation. Moreover, they said Meta has no valid legal basis to justify the massive data sweep it carries out on Facebook and Instagram users because the choice it gives them can't lead to free and informed consent. "Meta has tried time and time again to justify the massive commercial surveillance it places its users under," said BEUC Deputy Director-General Ursula Pachl. "Its unfair 'pay-or-consent' choice is the company's latest effort to legalise its business model." In recent years several DPAs have tried to force Meta to change the legal basis for collecting and processing people's data, and the company's "last resort" is to obtain users' consent for those activities by offering them the choice to either pay to see a supposedly ad-free service or consent to the company's full commercial surveillance with ads, BEUC said. Asked why BEUC didn't file the complaint with the DPA in Ireland, where Meta is headquartered, a spokesperson said the organization wanted to involve national data protection authorities that can then take ownership of the issue when those authorities transfer the matter to the Irish authority. In addition, he said, BEUC wanted to involve its members because they know the procedural rules of their own DPAs and to maximize coverage of the issue to show that it affects all Europeans.
Meta is violating the EU data protection law by requiring users to pay for ad-free service or consent to the use of their personal data, eight European consumer groups alleged Thursday. Meta didn't immediately comment. The groups, from the Czech Republic, Denmark, Greece, France, Norway, Slovakia, Slovenia and Spain, are European Consumer Organisation (BEUC) members. In complaints filed with their national data protection authorities (DPAs), they charged the tech giant with failing to comply with GDPR principles of fair processing, data minimization and purpose limitation. Moreover, they said Meta has no valid legal basis to justify the massive data sweep it carries out on Facebook and Instagram users because the choice it gives them can't lead to free and informed consent. "Meta has tried time and time again to justify the massive commercial surveillance it places its users under," said BEUC Deputy Director-General Ursula Pachl. "Its unfair 'pay-or-consent' choice is the company's latest effort to legalise its business model." In recent years several DPAs have tried to force Meta to change the legal basis for collecting and processing people's data, and the company's "last resort" is to obtain users' consent for those activities by offering them the choice to either pay to see a supposedly ad-free service or consent to the company's full commercial surveillance with ads, BEUC said. Asked why BEUC didn't file the complaint with the DPA in Ireland, where Meta is headquartered, a spokesperson said the organization wanted to involve national data protection authorities that can then take ownership of the issue when those authorities transfer the matter to the Irish authority. In addition, he said, BEUC wanted to involve its members because they know the procedural rules of their own DPAs and to maximize coverage of the issue to show that it affects all Europeans.
Minnesota legislators on Wednesday advanced an age-appropriate design bill modeled after a California law that was recently deemed unconstitutional.
Maryland this week moved one step closer to becoming the 15th state to pass comprehensive online privacy legislation by hosting debate in both chambers on Tuesday and Wednesday.
The Utah Commerce Department received backlash from the communications industry and other groups about age-verification methods proposed in rules for implementing the 2023 Utah Social Media Regulation Act. The department’s Consumer Protection Division last week sent us written comments received by its Feb. 5 deadline on October's proposed rules.
A Thursday House Communications Subcommittee hearing on communications infrastructure cybersecurity issues is expected to include the FCC’s Secure and Trusted Communications Networks Reimbursement Program and the thus far unsuccessful push to allocate another $3.08 billion to fully pay back participants (see 2311070050). However, just one of four scheduled witnesses mentions the matter in written testimony. Other items the House Commerce Committee identifies in a memo ahead of the hearing include the FCC’s NPRM seeking to establish a schools and libraries cybersecurity pilot program, the commission’s voluntary Cyber Trust Mark cybersecurity labeling effort for smart devices (see 2308100032) and concerns about Chinese telecom equipment manufacturers’ potential threat to U.S. IoT devices. The hearing is scheduled to begin at 10 a.m. in 2123 Rayburn.
New Jersey legislators passed a comprehensive data privacy bill and proposed telephone line abandonment rules during floor sessions Monday. The Assembly voted 47-27 to pass S-332 after substituting into the bill language from A-1971. The Senate voted 34-1 for A-1100, which would require removing phone and cable lines that don’t terminate at both ends to equipment or to a customer premise, aren't in a safe condition or haven’t been operated for at least 24 consecutive months. The state privacy bill will “protect for the first time in New Jersey history our citizens’ and our children’s data, including personally identifiable information and sensitive data, and join the dozen-plus states that have beaten us to it,” said Assembly Judiciary Committee Chairman Raj Mukherji (D), who sponsored A-1971. “With no comprehensive federal framework to address this, unlike in Europe, it’s fallen to the states to fill the gaps and protect our citizens’ data.” Mukherji highlighted the bill’s inclusion of a universal opt-out mechanism, which would support using a browser plugin or setting to opt out of many sites. The Assembly adopted amendments to the privacy bill at a Dec. 21 floor session. Changes include clarifying that a controller isn’t required to authenticate opt-out requests and that the consumer’s option to opt out applies to data selling or targeted ads, according to a floor statement. Also, the amended bill extended the deadline for controllers to comply to six months from four. In addition, lawmakers added an exemption for data subject to the Gramm-Leach-Bliley Act. The Assembly Judiciary Committee passed A-1971 in December (see 2312180067), many months after the Senate approved S-332 last February (see 2302030065). Consumer Reports believes "the bill improved substantially as it has moved through the legislative process," said CR Policy Analyst Matt Schwartz. "The bill now includes baseline consumer privacy protections" and a universal opt-out mechanism that will make it "far more usable for consumers than what was previously being considered," he said. However, "we see room for improvement, particularly relating to the bill's data minimization and enforcement provisions." The Assembly passed the line abandonment bill last March (see 2303010017). The New Hampshire House last week completed a comprehensive privacy bill (SB-255). It passed the state's Senate last March (see 2303170035). The House Judiciary Committee amended and advanced the bill in November (see 2311080062).