After today there is only one more Login newsletter this year. Rest assured we will be back in your inbox after the New Year, just in time for CES.
Situational awareness: A New York Times report on "Twelve Million Phones, One Dataset, Zero Privacy" analyzes the location-tracking industry.
As for today's Login, it's 1,382 words, a 5-minute read.
1 big thing: The future of U.S./EU data sharing
An adviser to Europe's highest court told its judges Thursday to uphold the contractual terms that Facebook and other companies rely on to transfer billions of dollars worth of data on Europeans to other countries.
Why it matters: The case's outcome will not only determine whether companies need to rethink how they protect users' privacy and data, but could also shape a deeper transatlantic divide for the internet, Axios' Margaret Harding McGill writes.
Details: The European Commission-backed model agreements that companies use to protect users' privacy in data transfers are "valid," wrote European Court of Justice advocate general Henrik Saugmandsgaard Øe in an advisory opinion, a non-binding recommendation that the court follows the vast majority of the time.
Yes, but: The opinion said regulators should still force companies to halt transfers under certain circumstances and raised questions about a key U.S.-EU agreement on data flows.
Where it stands: A final ruling in line with the opinion that the contracts are valid could reassure U.S. companies.
- But Saugmandsgaard Øe leaves the door open to European regulators blocking data transfers because they think U.S. surveillance practices conflict with EU privacy standards.
- And if the court picks up questions he raised around the EU-U.S. Privacy Shield and finds it invalid, there would be major repercussions for the thousands of companies who rely on that agreement to freely transfer data, ranging from payroll information to European customer records.
- "We are talking about billions and billions of dollars worth of commerce that relies on that transatlantic data flow," Aaron Cooper, vice president at BSA | The Software Alliance, said ahead of the opinion's release. "It is about every industry sector."
The big picture: Europe has sought to set the global standards on online privacy, with strict data safeguards that contrast with the U.S.' historically laissez-faire approach. The pending court ruling represents a judgment before the world of how people's data gets handled in the U.S.
Details: The European Court of Justice, the EU's supreme court, is weighing whether model agreements with U.S. companies meant to protect Europeans' privacy abroad are up to snuff.
- The case stems from a complaint against clauses in Facebook's data contracts, brought by European privacy advocate Max Schrems.
- The European Commission has endorsed the so-called standard contractual clauses, but Schrems argued the Facebook clauses do not adequately protect Europeans from government surveillance in the U.S.
- He said he is "generally happy" with the advisory opinion. "Everyone will still be able to have all necessary data flows with the US, like sending emails or booking a hotel in the US," Schrems said in a statement. "Some EU businesses may not be able to use certain US providers for outsourcing anymore, because US surveillance laws requires these companies to disclose data to the NSA."
Flashback: You might remember Schrems from launching the case that upended the previous agreement that governed data flows between the U.S. and Europe, the Safe Harbor, in 2015.
- Responding to U.S. government data collection practices exposed by NSA contractor Edward Snowden, Schrems filed complaints against several U.S. companies that led to the European high court declaring the Safe Harbor invalid.
- U.S. companies scrambled to set up alternative arrangements while the U.S. and Europe hammered out a new agreement, 2016's Privacy Shield.
Now, the Privacy Shield faces a major test, and court watchers have been worried it will not pass.
What's next: The advisory opinion is just that — advisory. The final ruling is expected sometime in the first half of 2020.
2. Federal privacy legislation shows signs of life
House Energy and Commerce Committee staff have negotiated the outlines of what could be a set of bipartisan federal privacy regulations, as Margaret reports.
Why it matters: The draft, which staffers started circulating Wednesday, is a rare and potentially significant bipartisan step toward a national privacy law, a goal that's proven elusive despite strong, sustained interest from both parties. An effort in the Senate led to dueling Democratic and Republican takes on privacy.
Driving the news: Rep. Jan Schakowsky, who chairs the Consumer Protection and Commerce subcommittee, said the draft is meant to shift the burden of protecting privacy off consumers and onto companies and regulators.
- It would establish a four-tier system in which companies face more restrictions based on whether they intend to use consumer data in a way that's consistent with consumer expectations.
- For example, there would be fewer protections associated with Amazon using a customer's address and purchase information to ship a book and more restrictions on Amazon sharing book purchase information with a third party for marketing purposes.
- The draft also empowers the FTC with the ability to issue fines for first-time offenses.
- "I want to address the growing anxiety of consumers that they have become the product," Schakowksy said in an interview. "And their information — they feel they have no control over it. They don’t know where and who and what it’s being used for."
What it's missing: The draft doesn't address the issues of federal preemption of state laws or a so-called private right of action letting consumers sue companies over privacy screw-ups. Those issues have divided Republicans and Democrats, contributing to the splintering of the Senate effort.
- Schakowsky said preemption will be handled toward the end of the legislative process. "If we have the most robust bill in the world so far, then we can have that conversation."
- The draft also would create a new Bureau of Privacy within the FTC, rather than creating a new federal agency to police privacy, as some Democrats have proposed.
What's next: The deadline for feedback on the draft is Jan. 24. Schakowsky said she is committed to doing a bill next year.
- "I think the bill will be the E&C bill," she said. "It's the only one where we really have bipartisanship that is really comprehensive."
Yes, but: Staff cautioned the draft "does not necessarily represent the policy positions of Members" in the request for feedback from outside parties.
- A Republican committee spokesperson said, "We know we need clear rules of the road and one national privacy standard. We are now at the next step of our deliberative process — sharing the draft with stakeholders — and we look forward to working with them going forward."
3. Texts between Dish, T-Mobile execs made public
Feisty texts between Dish Network chairman Charlie Ergen and T-Mobile CEO John Legere were made public Wednesday as part of the T-Mobile-Sprint trial.
Why it matters: The texts probably won't change the outcome of the case, in which several states are trying to block the deal on antitrust grounds. But they are entertaining.
The text messages, shared on Twitter by Reuters reporter David Shepardson, show that two of the most dynamic figures in wireless are just as edgy in private as they are in public.
- At one point, for example, Legere asks Ergen, "Are you still on planet earth?" Ergen replies, "Yes, I have a day job and am working. Are you done yet?"
- In a more serious thread, the two discuss strategy for talking with DOJ antitrust head Makan Delrahim.
The bigger picture: The trial, now in its second week, will likely determine the fate of the telecom megadeal, which has already received approval from the DOJ and FCC.
4. Battery safety startup lands key customer
We wrote a while back about Amionx, a startup trying to make batteries safer. It landed an initial customer earlier this year: a large consumer electronics firm that wished to remain anonymous. Now it has its first named customer in tool maker Stanley Black & Decker, which has licensed Amionx's SafeCore technology.
Why it matters: Batteries are increasingly central to all sorts of digital devices, from phones to electric cars — but because by their nature they compress volatile components into tight spaces, they create risks of fire and explosion.
The bigger picture: Amionx has long-term ambitions of adding its technology to all manner of gear, from electric vehicles to tools to consumer electronics.
How it works: Amionx's technology adds a material to the battery that acts something like an internal fuse that can be triggered whenever a current, voltage or temperature threshold is exceeded.
Amionx is a spin-off of American Lithium Energy Corp. which has used the technology in more than 20,000 batteries for the military. Former Qualcomm president Steve Altman is an investor and president of Amionx's board of directors.
5. Take Note
- More corporate holiday parties.
- Carnival Corporation named Marshall Lancaster, former CIO at Hyatt Hotels, as the new chief information officer for its Princess Cruises, Holland America Line, Seabourn, P&O Cruises Australia and Carnival Australia operations.
- Longtime Verizon spokesman Jeffrey Nelson is retiring at the end of the year after nearly two decades at the company, and three years before that at CTIA - The Wireless Association.
- Uber will pay $4.4 million to settle sexual harassment charges. (Axios)
- New Orleans is still dealing with the fallout from a ransomware attack. (Axios)
- Share Now, the car sharing service formerly known as Car2Go and jointly owned by Daimler and BMW, is leaving North America and will focus on Europe. (The Verge)
6. After you Login
I don't snowboard (I barely ski) but this prototype LED snowboard looks pretty rad. (Do the kids still say rad?)