FCC Adopts a NPRM for Privacy Proposal; FTC Chairwoman Wants IoT Threat Addressed; Consumer Reports Hit with Privacy Class Action; DOJ Accesses Shooter’s Phone and Drops Apple Suit


FCC Adopts a NPRM for Privacy Proposal

On Thursday, March 31 in a 3-2 party-line vote, the FCC advanced a Notice of Proposed Rulemaking (NPRM) for broadband privacy. The proposed rules would restrict ISP’s use of basic consumer data and require consumer consent for certain types of data collection.  Although ISPs under the rule could still collect basic consumer data to market communications- related services to subscribers, ISPs would have to allow users to opt-out of that data collection.  On the other hand, ISPs would have to allow used to opt-in to the use and sharing of other types of data, such as browsing history and physical location.  Under the proposed rules, providers are also required to share how data is used or shared with consumers.  Some have criticized the proposed rules, arguing that they have the potential to create an uneven enforcement regime as companies have the potential to face varied FCC and FTC standards.

FTC Chairwoman Wants IoT Threat Addressed

On Thursday, March 31, FTC Chairwoman Edith Ramirez urged manufacturers of Internet of Things (IoT) devices to “design devices that take into consideration unexpected uses of their IoT data, and the potential for misuse.” In a speech at the American Bar Association’s conference on IoT in Washington, DC, Chairwoman Ramirez outlined a series of steps that she recommends manufacturers take as they develop new IoT technology.  Drawing on common privacy practices, Chairwoman Ramirez advised manufacturers to provide consumers with clear notice of data collection practices and to allow consumers to opt in or out of particular data collection practices.  She also encouraged manufacturers to build security into devices from the outset and keep track of issues through a device’s life cycle.   The FTC plans to hold a series of workshops this fall to look at a series of issues arising from new technology, such as smart televisions and UAVs.

Consumer Reports Hit with Privacy Class Action

A Consumer Reports reader filed a putative class action in the Southern District of New York yesterday.  The complaint alleged that the magazine’s publisher sold subscriber’s personal information, such as age, gender, ethnicity, and income, to supplement the profits it derives from subscribers.  Plaintiff argues that he has been bombarded by a “barrage” of mail and telephone offers because of the sale of his data and that the magazine never provided him with an opportunity to opt out of the sale of his information.  This lawsuit comes on the heels of a $7.5 million settlement against magazine publisher Meredith corp. in Michigan, for the sale of its subscriber’s data.

DOJ Accesses Shooter’s Phone and Drops Apple Suit

The DOJ announced on March 28 that it successfully gained access to the San Bernardino shooter’s iPhone and withdrew its controversial attempt to require Apple to unlock the phone on its behalf. According to the FBI, it was contacted by a third party that provided it with a method of accessing the phone and, with this method, FBI accessed the phone.  This brings the hotly contested legal battle to an anticlimactic end and leaves open the question of whether the government can force a technology company to provide access to its devices.  It also leaves space for a potential legislative solution that might provide guidance to avoid future access controversies.