US seeks data on how Facebook, Twitter, TikTok and others use personal data

WASHINGTON - The Federal Trade Commission is seeking information from Facebook, Twitter and other social media and video streaming companies about how they use the personal information that they collect on their users, the U.S. agency said on Monday.

In addition to Facebook Inc and Twitter Inc, the orders requesting data were sent to Facebook subsidiary WhatsApp, Amazon.com Inc, China's ByteDance unit TikTok, Discord Inc, Reddit Inc, Snap Inc, and Google subsidiary YouTube LLC.

The FTC is seeking to learn how the companies collect data on users, how they decide which advertisements to show and how algorithms are used, among other information, the agency said in a statement. It is also seeking information about how the companies' practices affect children and teenagers.

The companies have 45 days to respond to the orders, which are usually used to generate policy or recommend legislation.

In a joint statement, two Democratic members of the commission, Rohit Chopra and Rebecca Slaughter, and one Republican, Christine Wilson, noted their impetus for the order.

"Never before has there been an industry capable of surveilling and monetizing so much of our personal lives," they wrote. "Social media and video streaming companies now follow users everywhere through apps on their always-present mobile devices. This constant access allows these firms to monitor where users go, the people with whom they interact, and what they are doing. ... Too much about the industry remains dangerously opaque.

Discord said it looked forward to answering the FTC's questions. "We make no money from advertising, selling user data to advertisers, or sharing users' personal information with others. Instead, the company generates its revenue directly from users through a paid subscription service," a spokesperson said in an email statement.

None of the other companies immediately responded to a request for comment. 

(Reporting by Diane Bartz Editing by Sonya Hepinstall and Richard Chang)

-reuters-

Google to pay up to $200 million to FTC on YouTube probe - source

WASHINGTON - Alphabet Inc's Google will spend up to $200 million to settle a Federal Trade Commission investigation into YouTube's alleged violation of a children's privacy law, a person briefed on the matter told Reuters.

Politico reported the settlement is expected to be between $150 million and $200 million. The settlement is set to be announced next week and will be the largest ever fine imposed for violating the Children’s Online Privacy Protection Rule by collecting personal information from kids without parental consent.

Google declined to comment.

The FTC voted 3-2 to approve the settlement and sent it to the justice department as part of the review process, Reuters confirmed, citing a person familiar with the matter. The Washington Post reported the settlement's approval in July but did not detail the amount of the civil penalty.(https://politi.co/2ZtIM5G)

The settlement will far surpass the previous record set in February, a $5.7 million civil penalty imposed on Musical.ly, which did not ask for users' ages for three years. The online library for Musical.ly – now known as TikTok – features music popular with kids.

Sen. Ed Markey, a Democrat, said Friday "the FTC appears to have let YouTube off the hook with a nominal fine for violating users’ privacy online. And in this case, Google’s intrusions on kids' personal info are at issue. We must come down hard on companies that infringe on children’s privacy."

On Thursday, Google launched YouTubeKids. The company said it built the site "to create a safer environment for kids to explore their interests and curiosity, while giving parents the tools to customize the experience for their kids."

Parents can select from three different age groups to choose age-appropriate content - preschool, ages 5-7 and 8-12. Katharina Kopp, deputy director of the Center for Digital Democracy, said Friday "a settlement amount of $150-200 million would be woefully low, considering the egregious nature of the violation, how much Google profited from violating the law, and given Google’s size and revenue."

She added the fine "would effectively reward Google for engaging in massive and illegal data collection."

In April 2018, the center, joined by other groups, filed an FTC complaint alleging YouTube profited from kids "without first providing direct notice to parents and obtaining their consent as required by law. Google uses this information to target advertisements to children across the internet and across devices." 

source: news.abs-cbn.com

Facebook to pay record $5 billion US fine over privacy violations

WASHINGTON - Facebook Inc will pay a record-breaking $5 billion fine to resolve a government probe into its privacy practices and the social media giant will restructure its approach to privacy, the US Federal Trade Commission said on Wednesday.

The FTC voted 3-2 along party lines to adopt the settlement, which requires court approval, even as Democrats said the settlement did not go far enough or require a large enough fine.

"Despite repeated promises to its billions of users worldwide that they could control how personal information is shared Facebook undermined consumers' choices," said FTC Chairman Joe Simons, a Republican, in a statement.

But Democratic FTC Commissioner Rohit Chopra said the penalty provided "blanket immunity" for Facebook executives "and no real restraints on Facebook's business model" and does "not fix the core problems that led to these violations."

Facebook declined to comment ahead of the settlement's public release.

The FTC said that Facebook's data policy was deceptive to "tens of millions" of people who used Facebook's facial recognition tool and also violated its rules against deceptive practices when it did not disclose phone numbers collected to enable a security feature would be used for advertising.

Under the settlement, Facebook's board will create an independent privacy committee that removes "unfettered control by Facebook CEO Mark Zuckerberg over decisions affecting user privacy."
Facebook also agreed to exercise greater oversight over third-party apps.

Chopra and Democratic FTC Commissioner Rebecca Slaughter, who opposed the settlement, said the $5 billion penalty may be less than Facebook's gains from violating users' privacy.

"Until we address Facebook's core financial incentives for risking our personal privacy and national security, we will not be able to prevent these problems from happening again," Chopra said.

The FTC Republican majority argued the settlement "significantly diminishes Mr. Zuckerberg's power -- something no government agency, anywhere in the world, has thus far accomplished."

The Republican commissioners led by Simons said if the FTC had gone to court "it is highly unlikely that any judge would have imposed a civil penalty even remotely close to this one."

They called the settlement -- in light of what the FTC might have been able to win in a court fight -- "a complete home run."

The Republican majority noted that Zuckerberg and other company executives will have to sign quarterly certifications attesting to the company's privacy practices.

The FTC said Zuckerberg or others filing a false certification could face civil and criminal penalties.

Facebook also is barred from asking for email passwords to other services when consumers sign up.

Facebook is barred from using telephone numbers obtained in a security feature, like two-factor authentication, for advertising and must get user consent if it plans to use data from facial recognition technology.

FTC DECIDED TO SETTLE PROBE

The settlement stems from the company's alleged violations of a 2012 FTC settlement order over privacy issues.

Slaughter said the FTC should have taken Facebook and Zuckerberg to court.

Slaughter also criticized the FTC's decision to grant Facebook and its executives a release from liability for any claims that prior to June 12, 2019 it violated the FTC 2012 settlement as "far too broad" and said the FTC failed "to impose any substantive restrictions on Facebook's collection and use of data from or about users."

Chopra added that by "settling the commission -- and the public -- may never find out what Facebook knows... It is difficult to conclude that the commission got the better end of the bargain."

The FTC has been investigating allegations Facebook inappropriately shared information belonging to 87 million users with the now-defunct British political consulting firm Cambridge Analytica.

The FTC also said Wednesday that Cambridge's former CEO Alexander Nix and former app developer Aleksandr Kogan, who worked with the company, had agreed to a settlement with the FTC that will restrict how they conduct business in the future.

The settlement comes a day after the US Justice Department said on Tuesday it was opening a broad investigation of major digital technology firms into whether they engage in anti-competitive practices, the strongest sign the Trump administration is stepping up its scrutiny of Big Tech.

The review will look into "whether and how market-leading online platforms have achieved market power and are engaging in practices that have reduced competition, stifled innovation, or otherwise harmed consumers," the Justice Department said in a statement.

The Justice Department did not identify specific companies but said the review would consider concerns raised about "search, social media, and some retail services online" -- an apparent reference to Alphabet Inc, Amazon.com Inc and Facebook Inc, and potentially Apple Inc . 

(Reporting by David Shepardson; Editing by Lisa Shumaker)

source: news.abs-cbn.com

Google launch event overshadowed by privacy firestorm

Google was supposed to be focusing Tuesday on its launch of a new smartphone and other devices, but the event was being overshadowed by a firestorm over a privacy glitch that forced it to shut down its struggling social network.

The Silicon Valley giant said Monday it found and fixed a bug exposing private data in as many as 500,000 accounts, but drew fire for failing to disclose the incident.

The revelation heightened concerns in Washington over privacy practices by Silicon Valley giants after a series of missteps by Facebook that could have leaked data on millions.

"In the last year, we've seen Google try to evade scrutiny -- both for its business practices and its treatment of user data," Senator Mark Warner said in a statement.

Warner said that despite "consent" agreements with the US Federal Trade Commission "neither company appears to have been particularly chastened in their privacy practices" and added that "it's clear that Congress needs to step in" for privacy protections.

Marc Rotenberg, president of the Electronic Privacy Information Center, said the latest breach suggests the FTC has failed to do its job in protecting user data.

"The Congress needs to establish a data protection agency in the United States," Rotenberg said. "Data breaches are increasing but the FTC lacks the political will to enforce its own legal judgments."

Rising tensions

The internet search leader had already faced tensions with lawmakers after it decided against sending its top executive to testify at a hearing on privacy and data protection, prompting the committee to leave an empty seat for the company.

Last month, Google indicated it would send chief executive Sundar Pichai to testify before Congress.

Google has also been in the crosshairs of President Donald Trump, who alleged that its search results were biased against conservatives, although there was little evidence to support the claim.

The rising tensions come with Google holding an event in New York widely expected to release its Pixel 3, the upgraded premium smartphone that aims to compete with high-end devices from Apple and Samsung.

The Pixel phone is part of a suite of hardware products Google is releasing as part of an effort to keep consumers in its mobile ecosystem and challenge rivals like Apple and Amazon.

On Monday, Google said it was unable to confirm which accounts were affected by the bug, but an analysis indicated it could have been as many as 500,000 Google+ accounts.

Google did not specify how long the software flaw existed, or why it waited to disclose it.

The Wall Street Journal reported that Google executives opted against notifying users earlier because of concerns it would catch the attention of regulators and draw comparisons to a data privacy scandal at Facebook.

Earlier this year, Facebook acknowledged that tens of millions of users had personal data hijacked by Cambridge Analytica, a political firm working for Donald Trump in 2016.

Google has also faced increasing tensions over a reported search engine which would be acceptable to Chinese censors, and over its work for the US military.

On Tuesday, Google confirmed it is dropping out of the bidding for a huge Pentagon cloud computing contract that could be worth up to $10 billion, saying the deal would be inconsistent with its principles.

source: news.abs-cbn.com

Facebook 'not aware of any abuse' of data by phone makers

WASHINGTON - Facebook said Monday it did not know of any privacy abuse by cellphone makers who years ago were able to gain access to personal data on users and their friends.

The social media leader said it "disagreed" with the conclusions of a New York Times report that found that the device makers could access information on Facebook users' friends without their explicit consent.

Facebook enabled device makers to interface with it at a time when it was building its service and they were developing new smartphone and social media technology.

But the Times said the access continued even after Facebook agreed with the Federal Trade Commission in 2011 to better protect data and only share it after obtaining consumers' express consent.

Facebook, which came under attack early this year over British political consultant Cambridge Analytica's harvesting of personal data on 87 million Facebook users and their friends, did not deny the Times story but said it "disagreed" with the issues raised.

Before now-ubiquitous apps standardized the social media experience on smartphones, some 60 device makers like Amazon, Apple, Blackberry, HTC, Microsoft and Samsung worked with Facebook to adapt interfaces for the Facebook website to their own phones, the company said.

"We controlled them tightly from the get-go," said Ime Archibong, VP of Product Partnerships, in a statement.

"Partners could not integrate the user's Facebook features with their devices without the user's permission," he said.

"Friends' information, like photos, was only accessible on devices when people made a decision to share their information with those friends," he said.

Moreover, he added, "We are not aware of any abuse by these companies."

But the Times said that the user permissions were not always explicit as required by the 2011 consent decree with the FTC.

In addition, it said, its research showed that some device makers "could retrieve personal information even from users' friends who believed they had barred any sharing."

Facebook said it was winding up the interface arrangements with device makers as the company's smartphone apps dominate the service.

But the report raised concerns that massive databases on users and their friends -- including personal data and photographs -- could be in the hands of device makers as was the case with Cambridge Analytica.

Cambridge Analytica obtained the data without Facebook's permission and used it to help the election campaign of US President Donald Trump.

In April, Facebook chief executive Mark Zuckerberg apologized in Congress over the Cambridge Analytica fiasco, amid rising calls for more regulation of the company.

On Monday, some US lawmakers suggested calling him back to testify.

"Sure looks like Zuckerberg lied to Congress about whether users have 'complete control' over who sees our data on Facebook," said David Cicilline, a Democrat who serves on the House Judiciary committee.

"Facebook's secret data sharing partnerships raise urgent new reasons for stronger privacy protections," said Democratic Senator Richard Blumenthal.

source: news.abs-cbn.com

Ashley Madison dating site to pay $1.6-M over breach

WASHINGTON - The operators of the Ashley Madison affair-minded dating website agreed Wednesday to pay a $1.6 million penalty over a data breach exposing data from 36 million users, US officials announced.

Ashley Madison's Canadian parent company Ruby agreed to the penalty to settle charges with the US Federal Trade Commission and state regulators for failing to protect confidential user information.

The settlement comes after a hacker group last year released what was said to be personal data on millions of members of Ashley Madison, who were based in 46 countries. The fallout led to reports of blackmail and even suicides.

The financial penalty, split between the federal government and US states suing the company, would increase to $8.75 million to the FTC plus $8.75 million to states if Ashley Madison fails to abide by new information security practices and refrain from misleading consumers.

"This case represents one of the largest data breaches that the FTC has investigated to date, implicating 36 million individuals worldwide," said FTC chairwoman Edith Ramirez.

"The global settlement requires AshleyMadison.com to implement a range of more robust data security practices that will better protect its users' personal information from criminal hackers going forward."

NO COMPENSATION
Ramirez said the penalty being paid is too small to allow for "redress" or compensation to affected consumers, noting that compensation is rarely obtained in data security cases.

"We want them (the company) to feel the pain, we don't want them to profit from unlawful conduct," Ramirez told reporters in a conference call.

But she added that "it would not serve the public interest to put them out of business."

Earlier this year, the dating website -- whose motto had been "life is short, have an affair" rebooted, calling itself an "open-minded dating" service.

The company said at the time it will no longer use female "bots" or automated programs that respond to members pretending to be women on the hunt for men.

According to the FTC complaint, until August 2014, operators of the site lured customers, including 19 million Americans, with fake profiles of women designed to convert them into paid members.

The company failed to adequately protect users' personal information such as date of birth, relationship status and sexual preferences, according to the complaint.

The company confirmed the settlement, saying it would help it move past the hacking episode.

"Today is a pivotal day for our members and for Ashley Madison," said a statement from Ruby chief executive Rob Segal.

"Today's settlement closes an important chapter on the company's past and reinforces our commitment to operating with integrity and to building a new future for our members, our team and our company."

The settlement followed an investigation in cooperation with consumer protection authorities in Canada and Australia. Thirteen US states plus the federal District of Columbia joined the lawsuit.

source: news.abs-cbn.com