Colorado introduces tight consumer protection law on data privacy

From today’s Digital Journal:

Colorado is set to become the third state — alongside Virginia and California — to sign a privacy act into law, marking another step towards consumer data protection in the U.S.

The new law will be known as ‘The Colorado Privacy Act (CPA)’ and it is scheduled go into effect July 2023. The proposal is for the Act to be applicable to companies that either collect personal data from 100,000 Colorado residents or collect data from 25,000 Colorado residents and also derive some portion of revenue from sales.

The Act will affect businesses and they will need to prepare and put in place systems to ensure compliance. In addition, the Act will provide new rights for customers, and there remains the potential for more states to get on board with this form of legislation.

Looking at the changes for Digital Journal is Tyrone Jeffrees, Vice President of Engineering & US Information Security Officer at Mobiquity.

Jeffrees looks at the growing array of privacy bills appearing in the U.S.: “The news of Colorado joining Virginia and California in the passage of privacy acts is welcome as the nation moves towards ensuring these rights for residents and consumers. The law, while holding many similarities to Virginia’s privacy regulations, is expected to be more effective than others as it can be enforced by both the Colorado office of the Attorney General as well as local district attorney offices.”

He adds that the CPA is a little different to the earlier bills: “The CPA goes beyond California’s by requiring a blocking option for consumers to “opt-out” of having their personal information shared to create consumer profiles.”

This means new challenges for businesses, says Jeffrees. He recommends: “To ensure compliance with the CPA’s heavier guidelines, businesses and organizations must have a deeper understanding of how their data is collected and exactly what it is being used for when targeting new customers and sharing publicly.”

Jeffrees sees the legislation as something positive, noting: “I’m thrilled for the residents of Colorado. Ultimately, each new legislation is a win for U.S. consumers and privacy advocates. As more states introduce privacy regulation, U.S. consumers will be afforded increased agency and control over how their data can be collected and used.”

He see the U.S. as moving towards stronger consumer rights: “Right now, we have a patchwork of privacy regulations that guarantee rights for some, but not all, U.S. consumers based on residency. Each state that adopts common privacy principles will slowly start to raise the bar, but it would be ideal for U.S. residents to have one single framework for data privacy that serves all Americans.”

Read the complete article here.

To Protect Consumer Data, Don’t Do Everything on the Cloud

From today’s Harvard Business Review:

When collecting consumer data, there is almost always a risk to consumer privacy. Sensitive information could be leaked unintentionally or breached by bad actors. For example, the Equifax data breach of 2017 compromised the personal information of 143 million U.S. consumers. Smaller breaches, which you may or may not hear about, happen all the time. As companies collect more data — and rely more heavily on its insights — the potential for data to be compromised will likely only grow.

With the appropriate data architecture and processes, however, these risks can be substantially mitigated by ensuring that private data is touched at as few points as possible. Specifically, companies should consider the potential of what is known as edge computing. Under this paradigm, computations are performed not in the cloud, but on devices that are on the edge of the network, close to where the data are generated. For example, the computations that make Apple’s Face ID work happen right on your iPhone. As researchers who study privacy in the context of business, computer science, and statistics, we think this approach is sensible — and should be used more — because edge computing minimizes the transmission and retention of sensitive information to the cloud, lowering the risk that it could land in the wrong hands.

But how does this tech actually work, and how can companies who don’t have Apple-sized resources deploy it?

Consider a hypothetical wine store that wants to capture the faces of consumers sampling a new wine to measure how they like it. The store’s owners are picking between two competing video technologies: The first system captures hours of video, sends the data to third-party servers, saves the content to a database, processes the footage using facial analysis algorithms, and reports the insight that 80% of consumers looked happy upon tasting the new wine. The second system runs facial analysis algorithms on the camera itself, does not store or transmit any video footage, and reports the same 80% aggregated insight to the wine retailer.

The second system uses edge computing to restrict the number of points at which private data are touched by humans, servers, databases, or interfaces. Therefore, it reduces the chances of a data breach or future unauthorized use. It only gathers sufficient data to make a business decision: Should the wine retailer invest in advertising the new wine?

As companies work to protect their customers’ privacy, they will face similar situations as the one above. And in many cases, there will be an edge computing solution. Here’s what they need to know.

Read the complete article here.

Fintechs Need Strong Consumer Protections, Diversity, Inclusion Asserts Key Congressman

From tdoay’s Forbes Magazine:

Fintechs need to include strong consumer protections, diversity, and inclusion, Rep. Ed Perlmutter (D-CO), chair of the House Financial Services Committee’s panel on consumer protection and financial institutions said at a hearing on banking innovation today.

“Most banks and credit unions have been a source of strength in the pandemic in part because of the stringent capital, liquidity, and other regulatory requirements we place on these financial institutions,” he asserted.

The financial stability risks, consumer protection issues, market fairness questions, and potential benefits of unconventional banking charters needs to be explored, Perlmutter said.

Financial Services Committee Chairman Maxine Waters (D-CA) said she was alarmed the Office of the Comptroller of the Currency (OCC) overstepped its authority by creating a fintech charter and expressed concern it could lead to a regulatory race to the bottom.

The New York State Department of Financial Services has sued the agency, claiming it lacks the legal authority to issue that type of charter. In a memo prepared for the hearing, the Committee’s Democratic staff noted in recent years, OCC, and the Federal Deposit Insurance Corporation (FDIC) have taken steps to allow firms to engage in banking activities while being subject to less regulations and supervision compared to most other banks and credit unions.

At the same time Wyoming, which was mentioned frequently at the hearing, and other states have ventured into unconventional bank charters aimed at allowing cryptocurrency and blockchain to provide bank-like services.

Financial Services Committee lead Republican, Patrick McHenry of North Carolina, said regulators should be advancing advances in banking innovation and not hindering them.

Brian Brooks, who headed up the agency as Acting Comptroller of the Currency during the Trump administration praised the potential of fintechs to expand credit and economic opportunity with additionally providing better alternatives to payday lenders.

Read the complete article here.

California pays homage today to another American hero with a complex legacy

From today’s Los Angeles Times:

Let me tell you about an American hero whom the San Francisco Unified School District Board of Education might find, um, troublesome.

Cesar Chavez stands surrounded by reporters.

He opposed undocumented immigrants to the point of urging his followers to report them to la migra. He accepted an all-expenses-paid trip from a repressive government and gladly received an award from its ruthless dictator despite pleas from activists not to do so.

He paid his staff next to nothing. Undercut his organization with an authoritarian style that pushed away dozens of talented staffers and contrasted sharply with the people-power principles he publicly espoused. And left behind a conflicted legacy nowhere near pure enough for today’s woke warriors.

A long-dead white man? A titan of the business world? Perhaps a local politician?

Try Cesar Chavez. The United Farm Workers founder is the first person I always think about whenever there’s talk about canceling people from the past. He’s on my mind again, and not just because this Wednesday is his birthday, an official California holiday.

On Jan. 27, the San Francisco school board voted to rename 44 schools that it felt honored people who didn’t deserve the homage. Some of the condemned make sense — Father Junipero Serra, for instance, or Commodore John Sloat, the Navy officer who conquered California in the name of Manifest Destiny. Others are worthy of debate. Should we really champion Thomas Jefferson, the writer of the Declaration of Independence who also fathered multiple children with his slave, Sally Hemings? Or John Muir, the beloved naturalist who didn’t think much of Black and Indigenous people?

The board’s move was rightfully met with disbelief and derision. In a year when parents are clamoring for schools to reopen, this is what board members spent their time on? And are kids really harmed if they attend a school named after Robert Louis Stevenson or Paul Revere?

Which brings us back to Chavez, the revered labor leader whose bust President Biden recently put on prominent display behind his desk in the Oval Office. On Wednesday, First Lady Jill Biden will travel to Delano, Calif., to celebrate the state holiday with the Cesar Chavez and United Farm Workers foundations, her office announced over the weekend.

Read the complete article here.

Robinhood ‘buried’ info on consumer rights in runup to GameStop saga

From today’s MarketWatch.com:

Sen. Elizabeth Warren denounced online broker Robinhood’s practices for disclosing its customer rights in a statement Wednesday, while calling on the Securities and Exchange Commission to ban the practice of requiring new customers to forfeit their right to sue their stock brokers in court.

“Robinhood promised to democratize trading, but hid information about its prerogative to change the rules by cutting off trades without notice — and about customers’ inability to access the courts if they believe they’ve been cheated — behind dozens of pages of legalese,” the Massachusetts Democrat said.

Robinhood’s user agreement, like those of its largest competitors, requires new customers to agree that disputes between them and the company must be resolved through binding arbitration. Robinhood did not immediately respond a request for comment.

She also criticized the firm’s decision to temporarily restrict trading of a number of so-called meme stocks, including GameStop Inc. GME, -7.21% and AMC Entertainment Inc., AMC, -1.77% once their volatility triggered large clearinghouse deposit requirements. Warren said the company “did not have enough cash on had to manage a surge in trading and buried important information about consumers’ rights.”

Along with the statement, Warren released Robinhood’s response to a Feb. 2 letter in which she asked for a detailed description of the broker’s relationship with market makers, hedge funds and other entities that may have influenced its decisions. Robinhood executives have said in sworn statements that its decision to restrict trading was due solely to its need to manage risk and meet clearinghouse requirements, though Warren does not appear fully satisfied with this explanation.

“What’s still not clear from Robinhood’s response to my questions is the full extent of Robinhood’s ties to giant hedge funds and market makers,” Warren explained. “I’m going to keep pushing regulators to use the full range of their regulatory tools to ensure the fair operation of our markets, particularly for small investors.”

Read the complete article here.

CFPB, muzzled under Trump, prepares to renew tough industry oversight

From today’s Philadelphia Inquirer:

The Consumer Financial Protection Bureau, the watchdog created after the 2008 financial meltdown and largely muzzled in the Trump era, is poised to start barking again.

The agency will focus first on enforcing legal protections for distressed renters, student borrowers, and others facing growing debt that its previous leadership has been lax about during the pandemic.

But the CFPB — which President Joe Biden has tapped 38-year-old Rohit Chopra, a Wharton School grad, to lead — is also likely to take an unprecedentedly tough line against industry giants it finds engaging in abusive practices, former agency officials advising the Biden team say.

“It’s a matter of ramping back up,” said Richard Cordray, the CFPB’s first director, who stepped down in late 2017. The agency under Trump was “picking at odds and ends. They ramped down, and it’s a matter of changing direction.”

That will mark a dramatic turn. Just last year, consumer complaints to the agency rose by 60% over 2019, agency data show, setting a new record as the economic crisis wiped out millions of jobs and pushed lower-income Americans to the brink.

Yet the relief the agency secured for consumers topped out at less than $700 million, a fraction of the $5.6 billion it collected in 2015, its high watermark. Kathy Kraninger, a Trump appointee who resigned as director of the agency last week at Biden’s request, signaled the outcome at the start of the pandemic. She said in late March that financial companies would not face penalties for violating consumer protections in the Cares Act if they made “good-faith” efforts to comply.

The approach continued the agency’s more hands-off approach to corporate interests under Trump appointees. Over the course of the Trump presidency, the agency wrangled $2.3 billion in consumer relief, a steep drop from the $10.7 billion during its first five full years in operation under the Obama administration. And the agency shifted its crosshairs notably — from big-money actions against major companies including American Express, Citibank, Corinthian Colleges, JPMorgan Chase, Sprint, and Wells Fargo, to smaller-dollar rulings against more fringe firms.

“When you’re only going after last-dollar scammers and small, fly-by-night companies, you’re not sending a message to the big banks, big debt collectors, and big credit bureaus that there’s a sheriff in town,” said Ed Mierzwinski, senior director of the U.S. Public Interest Research Group’s federal consumer program. “As soon as he’s confirmed, Rohit will bring a renewed sense of urgency.”

Read the complete article here.

United Airlines might require its employees to take the COVID-19 vaccine

From today’s New York Times:

The chief executive of United Airlines told the company’s employees this week that the carrier — and other businesses — could make the coronavirus vaccine mandatory for all workers.

“It’s the way to ensure the safety of our employees,” United Airlines chief executive Scott Kirby said.

“The worst thing that I believe I will ever do in my career is the letters that I have written to the surviving family members of co-workers that we have lost to the coronavirus,” the executive, Scott Kirby told employees at a virtual town hall on Thursday, according to a transcript of the remarks. “And so, for me, because I have confidence in the safety of the vaccine — and I recognize it’s controversial — I think the right thing to do is for United Airlines, and for other companies, to require the vaccines and to make them mandatory.”

Some states, such as New York, have already made the vaccine available to flight attendants, pilots and other airline and airport employees. United has encouraged employees to get the vaccine as soon as they can.

Mr. Kirby’s comments, first reported by CNBC, do not reflect actual corporate policy. The airline would need to overcome logistical hurdles before requiring its tens of thousands of employees to get vaccinated and would need other businesses to join it in requiring vaccination, he said.

A spokesman for Delta Air Lines declined to comment on whether it will require the vaccine, but said the carrier is advocating that flight crews are considered essential workers for the purposes of vaccine distribution. American Airlines said on Thursday that it is encouraging its employees to get the vaccine, but won’t require it unless necessary for employees who fly to destinations where it is mandated.

Read the complete article here.

Unfair ratings cost some Instacart shoppers hundreds a week

From today’s New York Times:

Bags of groceries don’t just vanish into thin air. But in case the laws of physics ceased to exist, Loreen Zahara does her due diligence. The Instacart shopper keeps receipts for purchases and even photographs them upon delivery — on a customer’s stoop or in front of their garage.

Yet when one customer gave her a one-star rating over a missing bag of pineapples and another awarded her one star and claimed an entire order wasn’t delivered, it was Zahara who suffered the consequences: a loss of hundreds of dollars of potential earnings per week.

Instacart’s order-allocation system takes the “customer is always right” mantra to new extremes, some of its professional shoppers say. The grocery delivery company presents its workforce of independent contractors with orders based in part on their in-app ratings — those with higher scores get first pick, often leaving behind fewer and less lucrative batches for everyone else. Interviews with more than 10 shoppers and receipts reviewed by The Times show a sharp decline in earnings for shoppers whose ratings drop just slightly below 4.95 out of 5 stars. Often, shoppers said, the negative reviews were beyond workers’ control.

Even though Zahara has evidence those two complete orders reached the customers’ homes, it was enough to drop her rating to a 4.94. She went from earning an average of more than $1,270 per week to $690 per week, while working the same total hours, screenshots and weekly earnings reports show.

When Zahara had a rating of 4.95, compensation for batches of deliveries available to her ranged from $15 to $45. At a 4.94, screenshots show orders dipped to $9 to $22, with those at the higher end in a different county than where she lived and typically worked.

“I just had to live with the bad ratings and bad batches and no money,” she said.

Instacart says the system was developed to ensure ratings are “fair and accurate,” and do not unfairly penalize shoppers.

To protect shoppers, Instacart automatically forgives a customer’s single lowest rating, said Instacart spokesperson Natalia Montalvo. And “ratings that are outside of shoppers’ control” are also forgiven — such as when a customer complains that requested item is out of stock at a store, she said.

Read the complete article here.

U.S. Files Suit Against Facebook, Claiming It Illegally Crushed Competition

From today’s New York Times:

The Federal Trade Commission and more than 40 states accused Facebook on Wednesday of becoming a social media monopoly by buying up its rivals to illegally squash competition, and said the deals that turned the social network into a behemoth should be unwound.

Federal and state regulators, who have been investigating the company for over 18 months, said in separate lawsuits that Facebook’s purchases, especially Instagram for $1 billion in 2012 and WhatsApp for $19 billion two years later, eliminated competition that could have one day challenged the company’s dominance.

Since those deals, Instagram and WhatsApp have skyrocketed in popularity, giving Facebook control over three of the world’s most popular social media and messaging apps. The applications have helped catapult Facebook from a company started in a college dorm room 16 years ago to an internet powerhouse valued at more than $800 billion.

The prosecutors called for Facebook to break off Instagram and WhatsApp and for new restrictions on future deals, in what amounted to some of the most severe penalties regulators can demand.

“For nearly a decade, Facebook has used its dominance and monopoly power to crush smaller rivals and snuff out competition, all at the expense of everyday users,” said Attorney General Letitia James of New York, who led the multistate investigation into the company’s in parallel with the federal agency.

The lawsuits, filed in the U.S. District Court of the District of Columbia, underscore the growing bipartisan and international tsunami against Big Tech. Lawmakers and regulators have zeroed in on the grip that Facebook, Google, Amazon and Apple maintain on commerce, electronics, social networking, search and online advertising, remaking the nation’s economy. President Trump has argued repeatedly that the tech giants have too much power and influence, and allies of President-elect Joseph R. Biden Jr. make similar complaints.

The investigations already led to a lawsuit against Google, brought by the Justice Department two months ago, that accuses the search giant of illegally protecting a monopoly. Prosecutors in that case, though, stopped short of demanding that Google break off any parts of its business. At least one more suit against Google, by both Republican and Democratic officials, is expected by the end of the year. In Europe, regulators are proposing tougher laws against the industry and have issued billions of dollars in penalties for the violation of competition laws.

Read the complete article here.

Students Are Victims of Fraud, but the Department of Education Won’t Help

From today’s New York Times:

When Albert Paul Cruz opened a letter from the Education Department last month, he saw the words he’d been waiting for: “We approved your claim.” The government finally agreed that he’d been defrauded by ITT Technical Institute, the defunct for-profit chain where he’d racked up almost $60,000 in student loans getting what he considers a worthless degree.

Then he scrolled to the next page and saw how much of that debt would be forgiven: zero. The department, the letter said, had concluded he suffered no financial harm.

“You’re acknowledging the school defrauded its students and claiming that didn’t hurt us?” said Mr. Cruz, who earned an associate degree in computer networking systems in 2010 but never worked in that field. “How is that even possible?”

The approval of claims without financial relief is the latest twist in longstanding efforts by defrauded borrowers to get help from the federal government through a program meant to assist former students whose schools offered sham degrees and empty promises.

Years of delays and attempts to cut the relief borrowers can receive have prompted dozens of lawsuits against the department. Now, under pressure from federal courts to deal with hundreds of thousands of unresolved claims, the Education Department is processing them — and saying no. More than 45,000 rejection notices have been sent in recent months, according to agency data.

And when the department is legally obligated to approve a claim, it is often granting only minuscule relief — or none at all.

“Borrowers can’t win,” said Eileen Connor, the legal director of the Project on Predatory Student Lending, a group that has represented borrowers in multiple cases against the department, including one filed last month that challenges the agency’s partial-relief approach. “To tell even borrowers who can prove they were defrauded by their school that they still get no relief is absurd and cruel.”

Education Secretary Betsy DeVos has long refused to take part in the program, which she once called a “free money” giveaway. Last year, she said the program was a “mess” when she took over, and added that a new methodology for calculating relief — including granting none on many approved claims — “treats students fairly and ensures that taxpayers who did not go to college or who faithfully paid off their student loans do not shoulder student loan costs for those who didn’t suffer harm.”

Read the complete article here.