The Federal Trade Commission would really like you to know that it considers web-browsing and location data to be sensitive, even if it doesn’t contain personally identifiable information like names and Social Security numbers.
A couple weeks ago, the FTC proposed a $16.5 million settlement with cybersecurity firm Avast, which it charged with unfairly selling browser information that the company had collected through its antivirus product and browser extensions. (Side note: Avast is British/Czech, so take that, everyone who thinks it’s always European regulators cracking down on American companies over privacy stuff!) And in January, it also proposed settlements with X-Mode Social and InMarket, both of which are data aggregators that collected people’s precise location data, which in the case of X-Mode was allegedly sold to private government contractors.
Yesterday, to tie together the emerging theme, the FTC published a blog post detailing its “heightened focus on pervasive extraction and mishandling of consumers’ sensitive personal data.”
“Browsing and location data are sensitive. Full stop,” the agency wrote. “None of the underlying datasets at issue in the FTC’s proposed complaints against Avast, X-Mode, or InMarket are alleged to have contained people’s names, Social Security numbers, or other traditional standalone elements of personally identifiable information (or ‘PII’). Indeed, the FTC’s proposed complaint against Avast acknowledges Avast’s use of a proprietary algorithm to find and remove these elements from its users’ browsing data before selling it. What makes the underlying data sensitive springs from the insights they reveal and the ease with which those insights can be attributed to particular people.”
The FTC has been on a crusade to tackle the importance of location data since July 2022, when it said it viewed such data as sensitive. Adding browsing data to the pile is a significant move that brings U.S. data-protection enforcement a little closer to Europe’s, where people enjoy broad protections covering any data that can be connected with them as identifiable individuals (a far more expansive classification than PII, which only covers data that can be used to identify someone.)
As the U.S. still lacks much federal privacy law outside the realms of health care and children’s data, the FTC is mostly limited to cracking down on “unfair or deceptive acts or practices in or affecting commerce,” as per Section 5 of the FTC Act. So far, it’s mostly focused on the deception angle—allegedly a feature in all these three cases. But there’s another case worth keeping an eye on, involving a data broker called Kochava that also sold sensitive location data. This case doesn’t involve deception, but rather just what the FTC sees as unfairness in how the company sold data that could cause people substantial injury, without their express consent. If that case goes the FTC’s way, that would be an even more significant shift for Americans’ privacy rights.
Or Congress could, you know, finally pass a comprehensive federal privacy law that really brings the U.S. in line with global norms. It’s always worth staying optimistic! More news below.
David Meyer
Want to send thoughts or suggestions to Data Sheet? Drop a line here.
Clarification on Mar. 11: This article was updated to specify that only X-Mode and not InMarket was alleged to have sold location data to government contractors.
NEWSWORTHY
Tesla plant sabotage. Tesla’s gigafactory outside Berlin lost its power today, thanks to suspected arson at a nearby electricity pylon, Reuters reports. Far-left activists calling themselves the “Volcano Group” claimed responsibility, suggesting the sabotage was a protest against Tesla’s alleged exploitation of resources and bending of environmental regulations (the plant has been accused of over-using local water, and is still trying to expand). Police haven’t verified who carried out the arson.
AMD’s China chip challenge. AMD’s share price fell around 3% after Bloomberg reported U.S. authorities’ dissatisfaction with the company’s weakening of an AI chip for the Chinese market. According to the report, the Commerce Department still sees the chip as being too powerful, meaning AMD would need a license to sell it in China—which it probably wouldn’t be granted, given U.S. efforts to stymie Chinese AI development.
Google’s DMA compliance. Google has announced how it’s going to comply with the EU’s new Digital Markets Act. Displaying markedly more grace than Apple in its DMA compliance missives, Google said today that it would be giving Android users a choice of browser and search engine when they set up their devices, and would soon give Chrome users on desktops and iOS a clear search engine choice too. Google is also ending default data-sharing between certain products and services in the EU, TechCrunch reports.
SIGNIFICANT FIGURES
24%
—The year-on-year drop in Chinese iPhone sales in the first six weeks of this year, per analyst house Counterpoint. Meanwhile, local Apple rival Huawei saw a 64% gain in unit sales, Reuters reports.
IN CASE YOU MISSED IT
Marc Andreessen and Vinod Khosla are tussling over a future bigger than either of them, by Allie Garfinkle
Former Twitter executives sue Elon Musk for stiffing them out of $128 million in severance, saying he ‘doesn’t pay his bills’, by Bloomberg
Sergey Brin, who ‘kind of came out of retirement’ to work on AI, says Google ‘definitely messed up’ with Gemini’s racial image generation problem, by Marco Quiroz-Gutierrez
Internet cables cut in the Red Sea in ‘exceptionally rare’ incident, disrupting much of Asia, Europe, and the Middle East, by Chris Morris
Amazon Web Services among firms investing over $10 billion in Saudi Arabian data centers, by Bloomberg
AI is already screening job resumes and rental apartment applications and even determining medical care with almost no oversight, by the Associated Press
BEFORE YOU GO
Linux desktops. The prospect of the “year of the Linux desktop” has been a wry meme for a long time now, but the family of open-source operating systems is actually doing unprecedentedly well. As Linuxiac notes, Linux now accounts for 4% of desktop OSs, having crossed the 3% threshold just last June. Linux probably won’t ever hold a personal computers market share on the level of Windows or MacOS—mobile devices are another matter, as Android is built on a modified Linux kernel—but it will be interesting to see how far it can go.
This is the web version of Data Sheet, a daily newsletter on the business of tech. Sign up to get it delivered free to your inbox.