Kentucky Gov. Andy Beshear (D) should veto a “weak” data privacy bill the House approved Wednesday, Consumer Reports said Thursday. The House passed HB-15 with a 94-0 vote. The Senate vote was 35-0 on March 11. The bill would grant consumer rights to access, correct and delete data and allow them to opt out of targeted advertising and sale of data. Kentucky's attorney general would have sole authority to penalize offenders under HR-15, which would go into effect in January 2026 if enacted. Consumer Reports Policy Analyst Matt Schwartz called HB-15 an “industry bill,” saying it “offers almost no new substantive limitations on how companies collect or process data.” The bill is similar to Virginia’s privacy law but lacks kids’ privacy protections the commonwealth added this year, Husch Blackwell’s David Stauss said in a blog post Thursday. The Kentucky bill treats biometric data similar to a privacy law in Connecticut, he said: Video, audio and related data isn’t considered biometric data “unless it is used to identify a specific individual.” Kentucky would become the 15th state to pass a comprehensive privacy law if Beshear signs.
The Cybersecurity and Infrastructure Security Agency on Wednesday proposed using subpoena authority to ensure companies are complying with cyber incident reporting mandates. CISA issued an NPRM laying out rules for requirements under the 2022 Cyber Incident Reporting for Critical Infrastructure Act (see 2211290071). CISA proposed referring noncompliant entities to DOJ for civil penalties if they fail to produce requested information on incidents. The NPRM is scheduled for Federal Register publication April 4. Comments are due June 3.
Agencies need technologists, data scientists and other tech experts to properly regulate markets associated with AI, machine learning and augmented reality, the FTC and DOJ said in a joint statement Tuesday with 23 other international enforcement agencies, including the European Commission’s Directorate-General for Competition, the U.K. Competition and Markets Authority, the Japan Fair Trade Commission and the Turkish Competition Authority. Increasing “digitization of economies around the world require[s] a greater level of expertise in order to assess the behavior of companies and the ability to weigh potential benefits and risks of technology,” the FTC said.
Qualcomm's ending its bid to buy Autotalks will help preserve competition and innovation, FTC Competition Bureau Director Henry Liu said Monday. Qualcomm reportedly reached a deal for the Israeli chip manufacturer, valued at an estimated $350 million. Abandoning it will benefit consumers in the market for vehicle-to-everything (V2X) “chipsets and related products used in automotive safety systems,” said Liu. “This is a win for car buyers seeking quality, affordable cars with V2X communication capabilities that promise to make driving easier and safer.” The European Commission announced in August plans to scrutinize the deal in response to requests from 15 member states. Qualcomm said in a statement Monday it exited the deal "due to lack of regulatory approvals in a timely manner. Automotive is a very important vertical for Qualcomm, and we remain fully committed to our product roadmap, our customers and our partners."
NTIA shouldn’t rely solely on national security agencies when assessing the benefits and risks of open AI models, a wide range of advocates wrote Commerce Secretary Gina Raimondo on Monday. NTIA’s public consultation (see 2402230039) should go through a “robust” interagency review with input from agencies focused on competition, civil rights and scientific research, “not just the agencies that oversee national security,” the groups said. The Center for Democracy & Technology, the Chamber of Progress, the Electronic Frontier Foundation, Engine, Fight for the Future, the Information Technology and Innovation Foundation, Mozilla, the Open Technology Institute, Public Knowledge and R Street Institute signed the letter.
Pennsylvania House members approved legislation Tuesday that would establish age-verification and content-flagging requirements for social media companies. The House Consumer Protection Committee advanced HB-2017 to the floor with a 20-4 vote. Four Republicans voted against, citing privacy and free speech concerns. Introduced by Rep. Brian Munroe (D), the bill would grant the attorney general sole authority to impose penalties against platforms that fail to gain proper age verification and parental consent or fail to flag harmful content for parents. The committee removed a private right of action from the legislation during Tuesday’s markup. Munroe said the bill requires platforms to strengthen age verification by requiring consent from a parent or legal guardian. It also requires that they monitor chats and notify parents of sensitive or graphic content. Once notified, parents can correct the problem, said Rep. Craig Williams (R). Rep. Lisa Borowski (D) called the bill a “small step” toward better protecting young people. Rep. Joe Hogan (R) said legislation shouldn’t increase Big Tech's control over what’s permissible speech, citing data abuse from TikTok. He voted against the bill with fellow Republicans, Reps. Abby Major, Jason Ortitay and Alec Ryncavage. The Computer & Communications Industry Association urged legislators to reject the proposal, saying increased data collection requirements create privacy issues, restrict First Amendment rights and conflict with data minimization principles.
The Copyright Office should renew and expand right to repair-related exemptions under the Digital Millennium Copyright Act, the FTC and DOJ said in joint comments announced Thursday. The CO is considering renewing exemptions to the DMCA’s prohibitions against circumvention of technology protection measures that control access to copyrighted content. Renewing and expanding the repair-related exemptions would “promote competition in markets for replacement parts, repair, and maintenance services, as well as facilitate competition in markets for repairable products,” the agencies said. Enforcers support the renewal of an exemption “related to computer programs that control devices designed primarily for use by consumers for diagnosis, maintenance, or repair of the device and expanding it to include commercial and industrial equipment,” they said.
FTC Chair Lina Khan on Friday welcomed newly confirmed Commissioners Andrew Ferguson and Melissa Holyoak (see 2403070072), saying she looks forward to working “vigorously” with them on competition and consumer protection issues. Khan also welcomed the Senate's reconfirmation of Commissioner Rebecca Kelly Slaughter. Senate Commerce Committee Chair Maria Cantwell, D-Wash., said Congress expects the full commission to “prioritize pressing issues, such as bringing transparency to rising prescription drug costs, enforcing online privacy, cracking down on junk fees and returning money to victims of fraud.”
Six Big Tech companies must fully comply with the Digital Markets Act, the European Commission said March 7. It designated Apple, Alphabet, Meta, Amazon, Microsoft and ByteDance "gatekeepers" under the DMA in September, subjecting them to new rules for core platform services. Now they must show they're complying with the act and how. For example, they must submit independently audited descriptions of how they're profiling consumers. Full compliance means EU businesses that depend on the six gatekeepers to reach their customers "will enjoy new opportunities," the EC said. These include fair treatment and a level playing field when they compete with gatekeepers' services on their platforms; being able to request interoperability with gatekeepers' services to offer innovative new services; and being able to sell their apps through channels other than gatekeepers' app stores. End users will also benefit, the EC said, by, among other things, not being locked into platforms' default choices for app stores and services and having more control over their data by being able to decide whether the gatekeeper can link their accounts. The EC "will not hesitate to take formal enforcement action" in cases of non-compliance, it said. The European Consumer Organisation urged the EC to enforce the measure "promptly and effectively." In February, the EC found that Apple's messaging service iMessage and Microsoft's online search engine Bing, web browser Edge and online advertising service Microsoft Advertising didn't qualify as gatekeepers. On March 1, Booking, ByteDance and X notified the EC that their services potentially meet DMA thresholds; an EC decision is due by May 13.
President Joe Biden in his State of the Union address should push for a federal privacy law to settle the debate over myriad privacy proposals around the country, Computer & Communications Industry Association President Matt Schruers said Wednesday. “While states and Congress have expressed interest in a range of measures to protect younger users online, many of the goals could best be solved with consistent federal rules -- rather than inconsistent state initiatives, some of which violate federal law,” he said. Sen. Marsha Blackburn, R-Tenn., announced her guest for the State of the Union will be Gail Flatt, a Tennessee mother whose 14-year-old daughter committed suicide “due to social media harms.” Blackburn called for passage of the Kids Online Safety Act, which she introduced with Sen. Richard Blumenthal, D-Conn. “Far too many young people have fallen victim to social media’s dark and addictive rabbit holes, while Big Tech not only ignores the problem but takes great lengths to exploit users’ data at any cost,” Blackburn said.