U.S. critical infrastructure operators should deploy American-built drones that follow secure-by-design principles and understand that Chinese drones carry significant national security risks, the Cybersecurity and Infrastructure Security Agency and the FBI said Wednesday in new guidance. “Cybersecurity Guidance: Chinese-Manufactured Unmanned Aircraft Systems” seeks to raise awareness about “threats posed by Chinese-manufactured UAS and to provide critical infrastructure and state, local, tribal, and territorial (SLTT) partners with recommended cybersecurity safeguards.” The agencies said Chinese laws provides its government with "expanded legal grounds for accessing and controlling data held by firms in China. The use of Chinese-manufactured UAS in critical infrastructure operations risks exposing sensitive information” to Chinese authorities. David Mussington, CISA executive assistant director-infrastructure security, noted critical infrastructure sectors like communications, energy and chemicals are “increasingly relying on UAS for various missions that ultimately reduce operating costs and improve staff safety.” Mussington cited the threat of “China’s aggressive cyber operations to steal intellectual property and sensitive data from organizations.”

The FTC will coordinate with Asia Pacific law enforcement partners on privacy and data security-related investigations, the agency said Wednesday as it signed the Global Cooperation Arrangement for Privacy Enforcement (Global Cape). The agreement supplements the Asian Pacific Economic Cooperation Cross-border Privacy Rules (APEC CBPR), which “facilitates cooperation and assistance in privacy and data security investigations among APEC’s Asian Pacific countries,” the FTC said. The new agreement allows coordination with countries outside the immediate region, it said. Nine countries have signed the APEC CBPR: U.S., Mexico, Japan, Canada, Singapore, South Korea, Australia, Chinese Taipei and the Philippines.

Comments are due March 11 on the FTC’s proposed changes to children's privacy rules, according to a notice for Thursday's Federal Register (see 2312200050).

Data brokers don’t have a “free license” to sell sensitive location data, FTC Chair Lina Khan said Tuesday, announcing the agency’s first ban on selling location data. The agency announced a nonmonetary settlement with Virginia-based X-Mode Social and Outlogic, its successor. Until May, the company lacked policies "to remove sensitive locations from the raw location data it sold,” the FTC said. X-Mode/Outlogic didn’t “implement reasonable or appropriate safeguards against downstream use of the precise location data it sells, putting consumers’ sensitive personal information at risk,” it added. The commission approved a consent order 3-0 with the company. X-Mode now faces fines of up to $50,120 per violation for future infractions. X-Mode must implement a program with continuous review of its data sets and prevent disclosure of sensitive location data. In addition, it must delete all location data it previously collected. Sen. Ron Wyden, D-Ore., applauded the agency for “taking tough action to hold this shady location data broker responsible.” He said that in 2020, he “discovered that the company had sold Americans' location data to U.S. military customers through defense contractors.” The FTC action is “encouraging,” but Congress needs to pass legislation allowing regulators to hold data brokers more accountable, Wyden said. An attorney for X-Mode didn’t comment Tuesday.

An AI computing center will be built in upstate New York as part of a $400 million plan to bring jobs to the region, increase tech sector innovation and promote AI for the public good, Gov. Kathy Hochul (D) announced Monday. Seven founding entities will lead the Empire AI consortium: Columbia University, Cornell University, New York University, Rensselaer Polytechnic Institute, the State University of New York, the City University of New York and the Simons Foundation. The state will contribute $275 million in funding, and the founding and private partners will contribute $125 million.

Maryland will establish a government committee to develop a comprehensive plan for AI and agencies’ use of the technology, Gov. Wes Moore (D) announced with an executive order Monday. The AI subcabinet will establish guardrails for government use of AI, his office said. Moore also announced creation of the Maryland Cybersecurity Task Force. The task force will bring together officials from the state's Department of Information Technology, the Military Department and Department of Emergency Management for coordination with the Governor’s Office of Homeland Security to establish cross-agency objectives on cybersecurity.

The FTC and DOJ filed 50 merger enforcement actions in fiscal 2022, marking the highest total since the 55 actions in 2001, the agencies said Thursday in the annual Hart-Scott-Rodino Report. Combining parties abandoned seven deals in 2022, nearly 2 percentage points higher than the 5.4% abandonment average over the past 10 years, the agencies said. The FTC filed six litigation complaints in 2022, nearly doubling the 3.2 average during the previous decade. “These enforcement actions preserved competition in numerous sectors of the economy, including consumer goods and services, pharmaceuticals, healthcare, high tech and industrial goods, and energy,” FTC Chair Lina Khan said in a joint statement with Commissioners Alvaro Bedoya and Rebecca Kelly Slaughter. The telecommunications sector represented 0.7% of the 3,029 deals reported in 2022. ISPs, web search portals and data processing services accounted for 3.6% of the agreements.

FTC and DOJ enforcers should investigate Big Tech’s dominance of AI, a group of more than 20 organizations wrote the agencies Wednesday. “We respectfully urge your offices to investigate Big Tech’s concentration in the AI space and to take appropriate action to enforce our antitrust laws,” they said. American Economic Liberties Project, the Center for Digital Democracy, Demand Progress, the Open Markets Institute and Public Citizen signed. They cited the number of AI startup-related purchases Meta, Apple, Google, Microsoft and Amazon have made in recent years. Apple has acquired 32 AI startups since 2010, 21 of those since 2017, the letter said. Since 2010, Google has purchased 21, Meta 18, Microsoft 17 and Amazon 10. These same companies have invested substantially in leading AI companies or shown interest, they added. This includes Microsoft’s $13 billion investment in OpenAI. The letter noted Microsoft is joining OpenAI's board as a nonvoting observer.

The FTC on Wednesday unveiled proposed changes to children’s privacy law rules, including more stringent requirements for obtaining parental consent and limits on how platforms can monetize children’s data. The agency issued an NPRM seeking comment on potential changes to the Children’s Online Privacy Protection Rule. The changes would require platforms and apps to “obtain separate verifiable parental consent to disclose information to third parties including third-party advertisers -- unless the disclosure is integral to the nature of the website or online service.” The agency would ban websites from “collecting more personal information than is reasonably necessary for a child to participate in a game, offering of a prize, or another activity.” In addition, it would prohibit operators from “using online contact information and persistent identifiers collected under COPPA’s multiple contact and support for the internal operations exceptions to send push notifications to children to prompt or encourage them to use their service more.” The agency is considering specifying that personal information can be retained “only for as long as necessary to fulfill the specific purpose for which it was collected.” The commission voted 3-0 to issue the NPRM. The public will have 60 days to comment after the notice's Federal Register publication. “Kids must be able to play and learn online without being endlessly tracked by companies looking to hoard and monetize their personal data,” FTC Chair Lina Khan said in a statement. “The proposed changes to COPPA are much-needed, especially in an era where online tools are essential for navigating daily life -- and where firms are deploying increasingly sophisticated digital tools to surveil children.” In a statement Wednesday, Sens. Ed Markey, D-Mass., and Bill Cassidy, R-La., said the FTC proposal is “critical to modernizing online privacy protections” but shouldn’t be seen as a replacement for legislation. Markey and Cassidy wrote legislation updating children’s privacy law (see 2303220064).

Three porn sites were designated very large online platforms (VLOPs) under the EU Digital Services Act (DSA), the European Commission said Wednesday. The commission concluded that Canadian-owned Pornhub, Cyprus-registered Stripchat and Czechia-registered XVideos meet the DSA threshold of 45 million average monthly users in the EU. As a result, the companies must begin to analyze the systemic risks they pose when their platforms disseminate illegal content and content that threatens fundamental rights; take steps to address these risks; design their services to avoid risks to children's well-being; and comply with transparency and accountability rules. The EC designated 19 VLOPs in April, and reported in November that while the platforms were making a good effort to comply with the DSA, much more needed to be done (see 2311100001). The EC opened an investigation Tuesday into whether X, a VLOP, violated the DSA. It was the first DSA investigation (see 2312180004). By Feb. 17, all platforms except small and microenterprises must comply with the act.