Zoom must implement a “comprehensive security program” and adhere to biennial independent third-party privacy assessments, the FTC announced Monday in a finalized deal (see 2011100024). The company must “review any software updates for security flaws prior to release and ensure the updates will not hamper third-party security features,” the agency said. Commissioners voted 3-2, with the two Democrats dissenting, as they did in the initial vote. Acting Chair Rebecca Kelly Slaughter noted “widespread opposition” comments. The decision is “particularly troubling in light of" DOJ recently charging a “Zoom employee with allegedly participating in a scheme to surveil, disclose, and censor political and religious speech of individuals” worldwide at the direction of Chinese leadership, she said. The agency “must think beyond its status quo approach of simply requiring more paperwork, rather than real accountability relying on a thorough investigation,” said Commissioner Rohit Chopra. Commissioner Christine Wilson noted the inclusion of “targeted fencing in relief that provides privacy protections to consumers.” Provisions address the type of conduct seen with the DOJ charges, she said. “Advancements we have made to our platform are well-documented, and we are continuously improving our privacy and security programs,” a company spokesperson emailed. “We remain committed to fulfilling the expectations of the millions of people who trust and rely on our platform.”
The Senate Homeland Security Committee is investigating the SolarWinds cyberattack and exploring a potential hearing, Chairman Gary Peters, D-Mich., told us: “We’re going to do an investigation, look into that and look at a potential hearing.” Microsoft, Google, FireEye and several federal agencies were potentially exposed in the Russia-linked attack (see 2101190067).
John Kennedy, R-La., plans legislation that could require social media users use legal identities, he told us Thursday. He and several other senators offered differing reactions about Facebook’s oversight board, which released its first content moderation decisions Thursday, overturning four of five Facebook post removals.
Expect increased agency oversight and a concerted effort to update antitrust laws in 2021, said Senate Antitrust Subcommittee Chair Amy Klobuchar, D-Minn., Wednesday at a Public Knowledge virtual event. Facebook Oversight Board Member Jamal Greene said to expect the board’s first content moderation decisions “within days,” on a panel at the State of the Net (SoTN) virtual conference.
Sen. Mazie Hirono, D-Hawaii, is circulating online content-related legislation for potentially addressing civil rights violations in housing markets, Fordham University law professor Olivier Sylvain said Tuesday at the State of the Net conference. Hirono has been in discussions with Virginia Democratic Sens. Mark Warner and Tim Kaine about Communications Decency Act Section 230 (see 1908060064). Her office didn’t comment about a potential bill.
Rep. Suzan DelBene, D-Wash., will reintroduce her privacy legislation (see 1912060035) sometime this quarter, an aide told us Friday. Observers said in interviews that this is the best chance Congress has had in recent years to pass a comprehensive privacy bill, in light of President Joe Biden’s election and a Democratic House and Senate.
President Joe Biden designated FTC Commissioner Rebecca Kelly Slaughter as acting chair, the agency announced Thursday. “I am deeply honored and grateful to lead an agency that is critical to helping the U.S. economy get back on its feet and function more fairly for all Americans,” Slaughter said.
The Department of Homeland Security will do a “thorough review” of its cybersecurity detection programs as a result of the Russia-linked SolarWinds attack, President-elect Joe Biden’s DHS secretary nominee, Alejandro Mayorkas, told the Senate Homeland Security Committee Tuesday. Mayorkas said the department will review its Einstein program and the continuing diagnostics and mitigation program to ensure they’re “appropriately designed and effectively executed.”
DOJ won’t terminate the ASCAP and BMI consent decrees, Antitrust Division Chief Makan Delrahim said Friday (see 2101070048). He recommended the department continue reviewing the music licensing decrees every five years.
Flo Health, developer of a popular women’s fertility-tracking app, misled users and improperly shared users' sensitive health data with third-parties including Facebook and Google, the FTC alleged in a 5-0 settlement announced Wednesday. Despite promises to keep the data private, Flo “disclosed health data from millions of users of its Flo Period & Ovulation Tracker app to third parties that provided marketing and analytics services to the app, including Facebook’s analytics division, Google’s analytics division, Google’s Fabric service, AppsFlyer, and Flurry,” the FTC said. Commissioners Rohit Chopra and Rebecca Kelly Slaughter dissented in part, saying the agency should have charged the company with violating the Health Breach Notification Rule, for which the agency has never brought action. Commissioner Noah Phillips disagreed with the Democrats: “We have never applied the Rule to a health app such as Flo in the past, in part because the language of the Rule is not so plain. And I do not support announcing such a novel interpretation of the Rule here, in the context of an enforcement action.” The company faces civil penalties of up to $43,792 for any future violations. Flo didn’t share usernames, addresses or birthdays, a spokesperson emailed, noting the settlement included no admission of wrongdoing: “We do not currently, and will not, share any information about our users’ health with any company unless we get their permission. We have a comprehensive privacy framework with a robust set of policies and procedures to safeguard our users’ data.” The consent order includes a company compliance review, the spokesperson added.