The Federal Trade Commission (FTC) is warning small businesses that they are being targeted by scammers through a new coronavirus-related scam. The scam “starts with an email that claims to come from the ‘Small Business Administration Office of Disaster Assistance.’ It says you’re eligible for a loan of up to $250,000 and asks for personal information like birth date and Social Security number.”

Unfortunately, many small businesses have been dramatically affected by the coronavirus and are seeking assistance to help retain their employees employed and keep their doors open for business. However, governmental agencies will never send an email advising you that you are eligible for a loan and will never ask for your Social Security number over email. Such material is sent through the mail and on official applications and letterhead.

In addition, governmental agencies will not call to advise you that you have been accepted for relief or ask you for your personal information over the phone. These are scams intended to get you to tell them your Social Security number so the caller can open up credit card or other accounts in your name without your knowledge.

The same is true for scam websites offering assistance with small business loans. If you need to apply for a loan, go to a trusted entity that you have done business with before. Scammers are using the coronavirus, the need for relief, and the government’s Disaster Loan program to fraudulently obtain funds from unwary small business owners. Be wary of these scams and websites and report any fraud to the FTC.

Flo Health, Inc., (Flo) which offers a fertility-tracking app (Flo Period & Ovulation Tracker) used by more than 100 million customers, has agreed to settle with the Federal Trade Commission (FTC) to dismiss the FTC’s claims that Flo shared the health information of its users with data analytics firms despite promising users that it would keep the information private.

According to the FTC’s press release, the FTC alleged that “Flo promised to keep users’ health data private and only use it to provide the app’s services to users. In fact,…Flo disclosed health data from millions of users…to third parties that provided marketing and analytics services to the app, including…Factbook,…Google…and Flurry.”

The Complaint further alleged that Flo disclosed the user’s sensitive information, such as pregnancy, to third parties and did not limit how third parties could use the data.

The settlement requires Flo to review its privacy practices, obtain consent from its users before sharing their health information, prohibits it from misrepresenting the purposes for which it collects, uses and discloses user data, notify users of the unauthorized disclosure of the information, and have any third parties who received the information destroy it.

In addition, the FTC issued guidance on health apps, including tips on how to select and use health apps and reduce privacy risks. The guidance can be accessed here.

The Federal Trade Commission (FTC) announced its settlement with Everalbum Inc. (Everalbum) for its Ever app, a photo and video storage app, due to its alleged deception of consumers related to the app’s use of facial recognition technology and its retention practices around deactivated accounts.

Pursuant to the settlement agreement, Everalbum must delete models and algorithms that it developed using users’ uploaded photos and videos and obtain express consent from its users prior to applying facial recognition to a photo. FTC Commissioner Rohit Chopra said that facial recognition technology is “fundamentally flawed and reinforces harmful biases.” As regulation and enforcement around this technology surely increases, the FTC seeks to suspend or inhibit and restrict the use of such software.

The Ever app (which is defunct as of August 2020), permitted users to upload their photos and videos to a cloud-based storage platform. The app then used facial recognition technology to automatically sort users’ photos and videos for the tag a “friend” feature. However, according to the FTC’s allegations, Everalbum’s use of facial recognition was NOT limited to its app’s friend feature; between September 2017 and August 2019, it allegedly combined facial images from its users’ accounts with facial images from publicly available datasets. The combined data was then used to develop Everalbum’s facial recognition technology. This technology (since it is no longer used in the Ever app) is now marketed through Paravision, which is a company that provides services related to building security, payments and travel. A Paravision representative said that the FTC settlement reflects “changes that have already taken place” as it continues to utilize the technology in a more ethical manner. The new Paravision model also does not use any of the Ever app’s user data previously collected from consumers.

This settlement raises more questions (than answers) about how to handle and use the data used to train facial recognition software. This settlement also highlights the potential for an increase in consumer class actions over the use of facial recognition technology, especially as consumers become more aware of the use of this technology, how it works and the perhaps uncontemplated uses by the companies with which many consumers are freely sharing their data.

How will a Biden-Harris presidency affect the U.S. privacy landscape? Let’s take a look.

Federal Privacy Legislation

On both sides of the political aisle there have been draft proposals in the last 18 months on federal privacy legislation. In September, movement actually happened on federal privacy legislation with the U.S. Setting an American Framework to Ensure Data Access, Transparency and Accountability Act. To read the bill, visit https://www.billtrack50.com/BillDetail/1242877.

With a Biden-Harris administration, there is potential for continued movement on federal privacy legislation. This movement would likely come from Congress since both the Republicans and Democrats have previously supported (and are pushing for) privacy bills.

E.U.-U.S. Privacy Shield and Data Transfers

With the 2020 “Schrems II” decision  looming over international data transfers, the Biden-Harris administration is likely to pave the way for negotiations with the European Commission for a new version of the Privacy Shield. However, the Schrems II ruling will continue to be a real challenge. The hope is that there can be effective, productive dialogue with the E.U. and that the U.S. can convey the fact that there is a mutually beneficial relationship with intelligence agencies in the U.S. and member states of the E.U.

FTC Enforcement and FCC Rules

During Chairman Joseph Simons’ tenure, the Federal Trade Commission (FTC) has been very active on privacy issues. Examples include the FTC’s enforcement actions against Facebook, Google and YouTube, as well as the Children’s Online Privacy Protection Act (COPPA) rulemaking proceeding held in 2019. Just this past week, the FTC announced a settlement with Zoom for alleged data security failings. While the FTC was certainly busy under a Republican-led agency, it is likely that we will see a heightened level of scrutiny and more enforcement under a Biden-Harris administration. While Chairman Simons can serve until 2024, he might step down, and it is also likely that the FTC will gain more Democratic commissioners.

For the Federal Communications Commission (FCC), a Biden-Harris administration may also lead to a revival of the net neutrality rules.

Cybersecurity

Many experts agree that cyber-attacks are the number one national security threat in the U.S., both from a geopolitical and an economic standpoint. A recent report, the Cyberspace Solarium Commission report, states that one of the biggest reasons for continued cybersecurity issues in the U.S. is the failure of strategy and leadership in this arena, and that now is the time for greater accountability of the government to defend against cyber-attacks.

Big Tech and the U.S.’s International Relationships

There has been a lot of scrutiny on how a Biden-Harris administration will regulate Big Tech in Silicon Valley. Biden has already pledged to create a task force for investigating online harassment, extremism and violence, so it is likely that there will be a focus on privacy, surveillance and hate speech online through some of the Big Tech players in Silicon Valley. We may also see some shifts in the U.S.’s relationship with China when it comes to privacy.

Of course, none of this change will happen overnight, so we’ll be watching as the train chugs forward.

Today on Veterans Day, we thank all veterans for their service and dedication to our democracy.

Unfortunately, it is well-known that veterans are targeted with scams, so providing tips today to prevent scams against veterans is timely.

The Federal Trade Commission (FTC) has provided tips for veterans to avoid scams, which can be read here.

 The tips include:

  • Never pay to be part of a clinical trial, or to find out about one
  • Be wary of robocalls saying you overpaid utility bills
  • Be wary of offers to help pay your student loan debt
  • Consult http://www.militaryconsumer.gov/ to avoid known scams against veterans

Let’s all help our veterans avoid becoming the victim of a scam and thank them for their service every day, not just today.