There’s an open secret among those who track the U.S. Senate Committee on Commerce, Science, and Transportation, where consumer data privacy bills are first considered. Why are some folks calling this summer the last chance to seal the deal around the fragile consensus on comprehensive federal privacy legislation? Because the leadership of the Republican side of the committee is very likely to change after the election this November. When Sen. Jim Inhofe, R-Okla., retires, Sen. Roger Wicker, R-Miss., — currently the ranking member on the Commerce Committee — will be next in line to replace him as chair of the Armed Services Committee (or as ranking member, if Republicans do not take control of the Senate). This would leave Ted Cruz, R-Texas, as the next in line for Republican leadership of the Commerce Committee because John Thune, R-S.D., serves as minority whip and Roy Blunt, R-Mo., is also retiring.

Vague reports of ongoing efforts to finalize bill text continue to trickle in. The trade press publication Communications Daily quoted Sen. Maria Cantwell, D-Ind., as saying, “Getting a strong bill is imperative, and I’m still hopeful. I hope in June we’ll be able to come and mark these bills up.” Cantwell also indicated that consensus had been reached on a tailored federal preemption of state consumer privacy laws, but that a private right of action remains a sticking point.

Here's what else happened since the last roundup:

  • The Federal Trade Commission said, again, purpose limitations really do matter. Once upon a time, not that long ago, there was a company that allegedly collected users’ phone numbers for security purposes and then used them for other not-disclosed purposes, including to serve targeted advertising. The date was 2019 and the company was Facebook. And then also the date was this Wednesday, and the company was Twitter. Twitter will pay $150 million for the violation of its prior consent order with the FTC.
  • Speaking of targeted advertising, what should the rules be for a post-cookie world? This weekend is the last chance to submit comments on the Network Advertising Initiative's draft guidelines for deterministic shared addressability identifiers.
  • And the FTC’s PrivacyCon is coming. Get those papers ready! Proposals are due July 29 for the virtual event on Nov. 1. The long list of potential topic areas illuminates the FTC’s current policy interests, including the two “focus topics” of automated decision-making systems and commercial surveillance. Other areas include “AI validation, explainability and benchmarking,” workplace monitoring, biometrics, novel remedies (algorithm deletion, mandated data practices), the impact of mergers and acquisitions transactions on privacy, child and teen issues, dark patterns, and the impacts of various interventions on privacy practices (regulation, design choices, etc.).
  • The National Artificial Intelligence Research Resource Task Force released its interim report for public comment. A joint project of the Office of Science and Technology Policy and the National Science Foundation, the task force was formed to create an implementation roadmap for a shared research infrastructure that would provide artificial intelligence researchers and students with access to computational resources, high-quality data, training tools, and user support. The draft report includes findings on privacy, civil rights and civil liberties requirements. Comments are due June 30 and there will be a public listening session for commenters on June 23 at 1 p.m. EDT.

Under scrutiny

  • PimEyes, a web-crawling facial recognition engine anyone can use, is the subject of an eye-opening The New York Times investigative report, calling the service “alarmingly accurate.”
  • Edtech companies are the subject of a Human Rights Watch Report, “How Dare They Peep into My Private Life?,” which finds that 89% of the reviewed education technology products “appeared to engage in data practices that put children’s rights at risk, contributed to undermining them, or actively infringed on these rights.”
  • Genomic data is the subject of a NIST blog post based on ongoing investigations into the unique privacy and security vulnerabilities of this type of data.
  • Spotify announced it is turning political ads back on for podcasts, along with “contextual targeting” based on topic.

Privacy people on the move

  • FTC Commissioner Alvaro Bedoya announced the staff for his office, including Danielle Estrada from the FTC’s Division of Privacy and Identity Protection and Aaron Rieke from Upturn.

Upcoming happenings

Please send feedback, updates and Ted Cruz memes to cobun@iapp.org.