Data Privacy: What Californians can do about creepy data collection in 2020

From today’s The Mercury News:

Starting New Year’s Day, Californians creeped out by the trove of personal data companies collect on their online shopping, searching and social media habits will get sweeping new privacy rights that will let them opt out of having their information sold or shared and let them demand that it be deleted.

“This is really a watershed moment for consumers,” said Scott W. Pink, a Menlo Park lawyer who advises companies on cybersecurity and privacy. “It’s the first law in the United States outside specialized industries like health care that provides consumers some degree of control and access over data collected on them.”

The California Consumer Privacy Act approved in June 2018 was inspired by public outrage over data breaches at major companies such as Facebook, Yahoo and Equifax that exposed consumers to potential fraud and misuse of their personal information, and by the European Union’s General Data Protection Regulation.

The new law requires that businesses disclose their data gathering and sharing practices and allows consumers to opt out of it and to demand that businesses delete collected information on them. It prohibits companies from penalizing consumers with higher rates or fewer services for exercising their privacy rights and from selling information about children under age 16 without their explicit consent.

But questions continue to swirl as companies scramble to comply. The state attorney general is still finalizing proposed regulations intended to guide consumers and businesses in order to meet a July deadline when enforcement is expected to begin.

And both consumer and business advocates continue to spar over whether the new privacy provisions go too far or not far enough, with proposed state and federal substitutes in the works.

Read the complete article here.

A brutal year: how ‘techlash’ caught up with Facebook, Google and Amazon

From The Guardian Online:

What goes up must come down, and in 2019, gravity reasserted itself for the tech industry.

After years of relatively unchecked growth, the tech industry found itself on the receiving end of increased scrutiny from lawmakers and the public and attacks from its own employees.

Facebook and Instagram ads were linked to a Russian effort to disrupt the American political process.
Social Media, Fake News, and the hijacking of democracy by reactionary forces at home and from abroad.

“The whole year has been brutal for tech companies,” said Peter Yared, chief executive officer and founder of data compliance firm InCountry. “The techlash we have seen in the rest of the world is just now catching up in the US – it’s been a long time coming.”

From new privacy legislation to internal strife, here are some of the major hurdles the tech industry has faced in the past year.

As the 2020 presidential race intensified, tech companies faced a growing backlash over the campaign-related content they allow on their platforms.Advertisement

In October, Facebook quietly revised its policy banning false claims in advertising to exempt politicians, drawing fierce criticism from users, misinformation watchdogs, and politicians. Following the change in policy, presidential candidate Elizabeth Warren took out advertisements on Facebook purposely making false statements to draw attention to the policy.

Democratic lawmaker Alexandria Ocasio-Cortez grilled Facebook’s chief executive, Mark Zuckerberg, over the policy change in a congressional hearing in October. “Do you see a potential problem here with a complete lack of factchecking on political advertisements?” Ocasio-Cortez asked, as Zuckerberg struggled to answer. “So, you won’t take down lies or you will take down lies?”

Meanwhile, other tech companies took the opposite stance.TikTok, whose reported 500 million users makes it one of Facebook’s largest rivals, made clear in a blogpost in October it would not be hosting any political advertisements.

And Facebook rival Twitter banned almost all political advertising in October. Google stated in November it would no longer allow political advertisers to target voters based on their political affiliations.

Read the complete article here.

Opinion: One Man Can Bring Equifax to Justice (and Get You Your Money)

From today’s New York Times:

On Dec. 19, District Judge Thomas Thrash of Atlanta will hold a final approval hearing for the Equifax 2017 data breach settlement. There’s a lot at stake. If the settlement is approved, the $31 million pool earmarked for claims will be paid out to some victims. Others will get free credit monitoring (because the cash reward set aside for victims was so small, if all 147 million people affected by the breach filed a claim, everyone would get just 21 cents).

There’s another option. As I wrote in a September column, victims could file a formal, legal objection, which would nullify the settlement. If Judge Thrash finds those objections convincing, Equifax’s class-action counsel wouldn’t receive their $77.5 million fee and Equifax would be liable again to face a substantial penalty for the breach. I’m happy to report quite a few people — maybe even a record number — did just that.

Over the past month Reuben Metcalfe, the founder of Class Action Inc., helped 911 individuals object (another 294 objected but did not provide signatures by the Nov. 19 deadline) by creating a chatbot tool that allowed victims to file objections automatically for the Equifax settlement at no cost (Class Action Inc. waived its 5 percent fee for Equifax). Theodore H. Frank, a lawyer who specializes in class-action suits, has jumped in the ring himself along with another victim, David Watkins. Frank’s objections, which are more formal and detailed than Metcalfe’s many automated ones, argue that the settlement is too broad and doesn’t take into account state-by-state protections for data breaches (in Utah, where Watkins lives, victims could claim damages up to $2,000).

Now it’s up to Judge Thrash to sift through the settlement and its objections and decide. Thanks to Metcalfe and Frank, he’s likely to be feeling some pressure. Back in September a class-action lawyer told me that even if only 1,000 people object, it can send a powerful message. Frank is hopeful the settlement will look weak on its own merits. “If the judge gives an honest look, he’ll realize it doesn’t meet muster,” he told me recently.

I’d argue there’s even more resting on Judge Thrash’s shoulders, including whether companies can get away with abusing our data in the future. Metcalfe, who has steeped himself in the world of class-action suits, suggested that the settlements, initially a method for accountability, have become a mechanism for companies to knowingly skirt liability for not protecting consumers. “It’s becoming cheaper to say sorry after the fact than to obey the law in the first place,” he told me.

This feels especially true in the world of data privacy, where breaches are so frequent that a discovery last week of an open database containing the personal information of 1.2 billion people hardly made news. We seem locked in a vicious cycle: Companies that gather and trade data have few checks or regulations. This allows them to collect more, which means more money. And deeper pockets make it harder to impose meaningful penalties that might deter repeat and future offenders (see: the Federal Trade Commission’s $5 billion slap on the wrist of Facebook). Judge Thrash, then, has a unique opportunity to make a statement by objecting.

Read the complete article here.

The Consumer Bureau’s Reckless Plan for Debt Collection

From today’s Wired Magazine:

WE LEARN IN email 101 that hyperlinks from unfamiliar senders are breeding grounds for scams. Microsoft has warned against clicking on foreign links for decades. The Federal Trade Commission has repeatedly cautioned Americans to be wary of malware and phishing expeditions. Last year, the Federal Communications Commission alerted consumers to a new cyber threat it dubbed “smishing”—targeting consumers with deceptive text or SMS messages—and urged consumers to “never click links, reply to text messages or call numbers you don’t recognize.”

The Consumer Financial Protection Bureau apparently skipped these lessons. Despite many warnings, the CFPB has proposed a rule that could require consumers to click on hyperlinks in unfamiliar emails. The proposal allows debt collectors to deliver important information about a debt and a consumer’s rights via links in text messages and emails—without first obtaining consent to electronic communications, as is normally required under federal law.

Debt collectors are required to send a “validation notice” that tells a consumer when a debt has been placed in collection and that the consumer has the right to get information to be able to verify or dispute it. When Congress enacted the Fair Debt Collection Practices Act in 1977, it considered the validation notice critical to minimizing mistaken identity and errors on the amount or existence of a debt.

The risk of collectors going after the wrong person or wrong amount is much greater today. Since 1977, a new industry has bloomed: debt buying. As director of the FTC’s Bureau of Consumer Protection, I initiated a 2013 study that found nine of the largest debt buyers alone collectively held a debt of $143 billion from more than 90 million consumers. (As of 2017, two of the largest debt buyers, Encore Capital Group and Portfolio Recovery Associates, held a combined debt of$17.6 billion, about the GDP of Iceland.) Debt buyers sell and resell debts for years on end, typically without account records verifying that the debts are accurate, making the validation notice even more essential. Without one, a consumer won’t be told how to dispute a debt, and they may be harassed for a debt they do not owe. According to an analysis of the CFPB’s complaint database, 44 percent of complaints against debt collectors concern attempts to collect a debt that the complainant does not owe. Worse yet, the collector could report the debt to credit reporting agencies, damaging the person’s credit, or even bring suit.

Read the complete article here.

Federal consumer agency hires exec in complaint-ridden Pa. firm as watchdog

From today’s Philadelphia Inquirer:

So far this year, more than 1,000 student borrowers have complained to the Consumer Financial Protection Bureau (CFPB) in Washington about the practices of an obscure but powerful Pennsylvania state agency that services their loans.

Now the consumer bureau has hired a high-ranking executive from the Pennsylvania Higher Education Assistance Agency as the nation’s top student loan watchdog — which means that Robert G. Cameron, previously a top compliance official for the agency, will be tasked with evaluating his former employer. Millions of student borrowers know the Pennsylvania organization as FedLoan, American Education Services, or PHEAA.

Critics called Cameron’s appointment another example of the revolving door of executives and staffers between the federal student loan bureaucracy and private companies, and of the overt campaign by the Trump administration to undermine Obama-era protections for student borrowers.

“It is outrageous that an executive from the student loan company that has cheated students and taxpayers — and is at the center of every major industry scandal over the past decade — is now in charge of protecting borrowers’ rights,” Seth Frotman, the former ombudsman and now executive director of the nonprofit Student Borrower Protection Center.

Robocall Bill Wins Approval in the House

From Consumer Reports Online:

A crackdown on robocalls moved one step closer Wednesday after the House voted 429-3 to increase consumer protections against the unsolicited and annoying phone calls.

The bill, known as the Stopping Bad Robocalls Act, builds on the TRACED Act passed by the Senate in May. The House and the Senate now need to reconcile the two bills before sending the legislation to the White House for the President’s signature. That’s expected to happen in the fall.

In addition to giving regulators stronger enforcement tools, the House bill would require phone carriers to implement call identification technology and mandate that the Federal Communications Commission report to Congress annually on the state of robocalls.

On Tuesday, 80 consumer rights groups, including Consumer Reports and the National Consumer Law Center, sent a letter to Congress urging passage of the bill. The wireless industry trade group CTIA also supports it.

To date, there have been 29 billion robocalls in 2019, according to YouMail, a robocall blocking and tracking firm. “That’s nearly 90 calls per person in the U.S.,” said YouMail CEO Alex Quilici.

The blocking and tracking firm Truecaller estimates that consumers lost $10.5 billion to phone scams in 2018.

Read the complete article here.

The 9th Circuit just blew up mandatory arbitration in consumer cases

From today’s Reuter’s Online News:

In a trio of rulings on Friday, the 9th U.S. Circuit Court of Appeals blessed a tactic that will allow plaintiffs lawyers litigating California consumer class actions to defeat defense motions to compel arbitration. If appellate rulings in the three cases – Blair v. Rent-A-Center, Tillage v. Comcast and McArdle v. AT&T Mobility – hold up, they represent a dramatic twist in corporations’ long-running, and mostly successful, campaign to force employees and consumers to arbitrate their claims individually instead of banding together in class actions.

If you don’t believe me, just ask the U.S. Chamber of Commerce and the National Association. In an amicus in one of the cases, the pro-business groups warned that under the theory the 9th Circuit just adopted, plaintiffs lawyers will be able to evade arbitration in “virtually every case” invoking California consumer protection statutes.

“It’s a very big deal,” said Michael Rubin of Altshuler Berzon, who represents consumers in the 9th Circuit’s Rent-A-Center case. And not just in California, according to Rubin. The three 9th Circuit decisions, as I’ll explain, involved consumers’ rights under several California statutes to seek injunctions forcing corporations to change their conduct. But Rubin told me the 9th Circuit’s analysis may just as well apply to other states’ consumer and employment statutes that include injunctive rights.

AT&T Mobility, which is represented at the 9th Circuit by Andrew Pincus of Mayer Brown, said in a statement that it is considering its options: “We respectfully disagree with the court’s decision, which we believe is inconsistent with the arbitration provision agreed upon by the parties, the Federal Arbitration Act and United States Supreme Court precedent.” Comcast counsel Mark Perry of Gibson, Dunn & Crutcher declined to provide a statement. Rent-A-Center’s lawyer, Robert Friedman of Littler Mendelson, did not respond to my email requesting comment.

The three appeals called upon the 9th Circuit to review the California Supreme Court’s 2017 ruling in McGill v. Citibank. In McGill, the state justices held that as a matter of California public policy, corporations cannot require consumers to waive their right to seek a public injunction. The California Supreme Court also held, without engaging in deep analysis, that California’s policy is not pre-empted by the Federal Arbitration Act.

Read the complete article here.

Comcast faces $9.1 million penalty for violating consumer protection laws

From today’s Seattle Times:

Comcast violated Washington’s Consumer Protection Act by charging nearly 31,000 residents without their knowledge for a service-protection plan, a King County Superior Court judge ruled Thursday.

But the order by Judge Timothy Bradshaw also rejected parts of what started as a $100 million lawsuit alleging “deceptive” practices surrounding repair fees and credit checks brought against the Philadelphia-based company by state Attorney General Bob Ferguson in 2016.

Ferguson in late 2017 expanded that complaint to include allegations about the service-protection plans. Those plans — which at that time cost $5.99 per month — are intended to cover repairs for customer-owned wiring related to Xfinity voice, TV and internet service.

In Thursday’s order, Bradshaw imposed $9.1 million in civil penalties against Comcast. He directed the company to pay additional money in restitution to the affected customers within 60 days, according to a news release from the Attorney General’s Office.

The ruling found that Comcast had signed up 30,946 Washington residents to the plan without their consent, according to the news release. Additionally, the company did not reveal the true cost of the plan to another 18,660 state residents.

Read the complete article here.

Google workers want to end mandatory arbitration—Here’s why this matters

From today’s Washington Post:

Employees at Google recently organized a phone drive to lobby Congress to end the practice of mandatory or forced arbitration, in which an arbitrator — typically designated by the company — resolves a legal dispute, rather than a judge.

Over the last three decades, more and more corporations have forced their employees or customers to sign these contracts, agreeing to take their disputes to private arbitration instead of to court. A recent studyestimates that currently more than 60 million U.S. workers signed these mandatory arbitration agreements when they were hired. Anotherfound that, last year, consumers signed almost three times as many consumer arbitration agreements as there are people living in the U.S.

Arbitration’s spread has become controversial. Many on the left criticize it, while many conservatives support it. So it may be surprising that liberal reformers were the first to make arbitration popular. Here’s how the Supreme Court and Congress helped change arbitration from a liberal cause to conservative rallying cry.ADVERTISING

Businesses win — and employees lose — more often in arbitration than in court

Arbitration produces clear winners and losers. Employees win less frequently and receive lower damages in arbitration than in litigation. Employers win more frequently, especially if they use the same arbitrators repeatedly. That’s hardly surprising, given that the employers typically choose the arbitrators. Given recent public criticism, many prominent companies have discontinued mandatory arbitration requirements for sexual harassment claims.

The Supreme Court has helped expand private arbitration. Just last week, in Lamps Plus, Inc. v. Varela, conservatives decided that workers cannot join to bring similar complaints against a company through class arbitration unless their contracts specifically allow it. The 5-4 majority opinion relied heavily upon a controversial case from last term, Epic Systems Corp. v. Lewis.

These cases are just the latest in a three decades-long trajectory toward disallowing anything that discourages private arbitration, as part of a larger political strategy employed by business-friendly conservatives in Congress, the courts, and the private sector to constrict both access to courts and class-action lawsuits.

Read the complete article here..

Spending Is as Easy as Pushing a Button. The Hard Part? Keeping Track.

From today’s New York Times:

How do New York Times journalists use technology in their jobs and in their personal lives? Tara Siegel Bernard, a personal finance reporter, discussed the tech she’s using.

What are your most important tech tools for tracking budgets?

This may sound strange coming from a personal finance reporter, but I’m not a big fan of traditional budgets — I don’t think they work. I try to keep my own spending in check by taking the reverse approach. Instead of tracking every dollar, I focus on what we need to save for: retirement, college or some other goal. After you’ve automated your savings goals and created a bit of a cushion for emergencies, you’re freer to spend without thinking too hard or feeling too guilty. It’s an imperfect system, but it’s better than a failed budget.

That method won’t necessarily work in all situations, especially if you need to tackle debt or establish a stricter spending plan in retirement. And everyone can benefit from tracking personal spending, even if you do it only for a few months or check in only every quarter.

Mint has been around for a while, but it is still a solid way to take stock of where all of your money is going and whether your net worth is moving in the right direction. It also allows you to create a budget, and alerts you when you’ve spent too much. I use it infrequently, and there’s usually at least one kink I need to work out whenever I log in; most recently, it counted all of my retirement accounts twice, which was kind of cruel.

Which basic tools would you recommend for people to increase their savings and investments?

It’s not so much a tool but a technology: automation. After you’ve settled on a low-cost investment provider such as Vanguard, automation is the surest way to set yourself up for success. Automate as much as you can — your Roth I.R.A. contributions, your kids’ 529 college savings accounts. If you have an employer-provided retirement plan like a 401(k), see if it will allow you to automatically increase the percentage you’re saving each year. If not, set a date in your electronic calendar to remind you to revisit all of those amounts annually.

I also like the little revolution that the roboadvisers have started. They lean heavily on technology to help invest and manage your money, though more of them are increasingly integrating human advisers. Betterment and Wealthfront have free tools that will let you play with various goals and savings amounts to see how long it will take you to save what you need.

Read the complete article here.