It’s important for policymakers to “turn off” targeted advertising for children as a default setting, FTC Chairwoman Lina Khan said Thursday during an open meeting. Khan discussed the agency’s effort to update rules under the Children’s Online Privacy Protection Act. The advertising issue is a “noteworthy” provision included in the agency’s update, which is open for public comment (see 2312280030), she said. Business models built on monetizing data can create a business incentive for “endlessly vacuuming up people’s data,” said Khan. The COPPA update ensures companies don’t “over-collect information about our kids in the first place” and makes it easier for parents to keep their children’s data out of the advertising technology ecosystem, said Commissioner Rebecca Kelly Slaughter. Behavioral advertising can also result in inappropriate ads for children, but the FTC's core concern is that companies can create commercial relationships with children and prey on “the fact that they’re kids,” Commissioner Alvaro Bedoya said.
U.S. critical infrastructure operators should deploy American-built drones that follow secure-by-design principles and understand that Chinese drones carry significant national security risks, the Cybersecurity and Infrastructure Security Agency and the FBI said Wednesday in new guidance. “Cybersecurity Guidance: Chinese-Manufactured Unmanned Aircraft Systems” seeks to raise awareness about “threats posed by Chinese-manufactured UAS and to provide critical infrastructure and state, local, tribal, and territorial (SLTT) partners with recommended cybersecurity safeguards.” The agencies said Chinese laws provides its government with "expanded legal grounds for accessing and controlling data held by firms in China. The use of Chinese-manufactured UAS in critical infrastructure operations risks exposing sensitive information” to Chinese authorities. David Mussington, CISA executive assistant director-infrastructure security, noted critical infrastructure sectors like communications, energy and chemicals are “increasingly relying on UAS for various missions that ultimately reduce operating costs and improve staff safety.” Mussington cited the threat of “China’s aggressive cyber operations to steal intellectual property and sensitive data from organizations.”
The FTC will coordinate with Asia Pacific law enforcement partners on privacy and data security-related investigations, the agency said Wednesday as it signed the Global Cooperation Arrangement for Privacy Enforcement (Global Cape). The agreement supplements the Asian Pacific Economic Cooperation Cross-border Privacy Rules (APEC CBPR), which “facilitates cooperation and assistance in privacy and data security investigations among APEC’s Asian Pacific countries,” the FTC said. The new agreement allows coordination with countries outside the immediate region, it said. Nine countries have signed the APEC CBPR: U.S., Mexico, Japan, Canada, Singapore, South Korea, Australia, Chinese Taipei and the Philippines.
Comments are due March 11 on the FTC’s proposed changes to children's privacy rules, according to a notice for Thursday's Federal Register (see 2312200050).
Data brokers don’t have a “free license” to sell sensitive location data, FTC Chair Lina Khan said Tuesday, announcing the agency’s first ban on selling location data. The agency announced a nonmonetary settlement with Virginia-based X-Mode Social and Outlogic, its successor. Until May, the company lacked policies "to remove sensitive locations from the raw location data it sold,” the FTC said. X-Mode/Outlogic didn’t “implement reasonable or appropriate safeguards against downstream use of the precise location data it sells, putting consumers’ sensitive personal information at risk,” it added. The commission approved a consent order 3-0 with the company. X-Mode now faces fines of up to $50,120 per violation for future infractions. X-Mode must implement a program with continuous review of its data sets and prevent disclosure of sensitive location data. In addition, it must delete all location data it previously collected. Sen. Ron Wyden, D-Ore., applauded the agency for “taking tough action to hold this shady location data broker responsible.” He said that in 2020, he “discovered that the company had sold Americans' location data to U.S. military customers through defense contractors.” The FTC action is “encouraging,” but Congress needs to pass legislation allowing regulators to hold data brokers more accountable, Wyden said. An attorney for X-Mode didn’t comment Tuesday.
An AI computing center will be built in upstate New York as part of a $400 million plan to bring jobs to the region, increase tech sector innovation and promote AI for the public good, Gov. Kathy Hochul (D) announced Monday. Seven founding entities will lead the Empire AI consortium: Columbia University, Cornell University, New York University, Rensselaer Polytechnic Institute, the State University of New York, the City University of New York and the Simons Foundation. The state will contribute $275 million in funding, and the founding and private partners will contribute $125 million.
Maryland will establish a government committee to develop a comprehensive plan for AI and agencies’ use of the technology, Gov. Wes Moore (D) announced with an executive order Monday. The AI subcabinet will establish guardrails for government use of AI, his office said. Moore also announced creation of the Maryland Cybersecurity Task Force. The task force will bring together officials from the state's Department of Information Technology, the Military Department and Department of Emergency Management for coordination with the Governor’s Office of Homeland Security to establish cross-agency objectives on cybersecurity.
FTC and DOJ enforcers should investigate Big Tech’s dominance of AI, a group of more than 20 organizations wrote the agencies Wednesday. “We respectfully urge your offices to investigate Big Tech’s concentration in the AI space and to take appropriate action to enforce our antitrust laws,” they said. American Economic Liberties Project, the Center for Digital Democracy, Demand Progress, the Open Markets Institute and Public Citizen signed. They cited the number of AI startup-related purchases Meta, Apple, Google, Microsoft and Amazon have made in recent years. Apple has acquired 32 AI startups since 2010, 21 of those since 2017, the letter said. Since 2010, Google has purchased 21, Meta 18, Microsoft 17 and Amazon 10. These same companies have invested substantially in leading AI companies or shown interest, they added. This includes Microsoft’s $13 billion investment in OpenAI. The letter noted Microsoft is joining OpenAI's board as a nonvoting observer.
The FTC and DOJ filed 50 merger enforcement actions in fiscal 2022, marking the highest total since the 55 actions in 2001, the agencies said Thursday in the annual Hart-Scott-Rodino Report. Combining parties abandoned seven deals in 2022, nearly 2 percentage points higher than the 5.4% abandonment average over the past 10 years, the agencies said. The FTC filed six litigation complaints in 2022, nearly doubling the 3.2 average during the previous decade. “These enforcement actions preserved competition in numerous sectors of the economy, including consumer goods and services, pharmaceuticals, healthcare, high tech and industrial goods, and energy,” FTC Chair Lina Khan said in a joint statement with Commissioners Alvaro Bedoya and Rebecca Kelly Slaughter. The telecommunications sector represented 0.7% of the 3,029 deals reported in 2022. ISPs, web search portals and data processing services accounted for 3.6% of the agreements.
Three porn sites were designated very large online platforms (VLOPs) under the EU Digital Services Act (DSA), the European Commission said Wednesday. The commission concluded that Canadian-owned Pornhub, Cyprus-registered Stripchat and Czechia-registered XVideos meet the DSA threshold of 45 million average monthly users in the EU. As a result, the companies must begin to analyze the systemic risks they pose when their platforms disseminate illegal content and content that threatens fundamental rights; take steps to address these risks; design their services to avoid risks to children's well-being; and comply with transparency and accountability rules. The EC designated 19 VLOPs in April, and reported in November that while the platforms were making a good effort to comply with the DSA, much more needed to be done (see 2311100001). The EC opened an investigation Tuesday into whether X, a VLOP, violated the DSA. It was the first DSA investigation (see 2312180004). By Feb. 17, all platforms except small and microenterprises must comply with the act.