Meta's "pay or consent" advertising model violates the Digital Markets Act (DMA), the European Commission said Monday in preliminary findings. The commission found that the binary choice forces Facebook and Instagram users to consent to having their personal data combined across Meta's social media and advertising services without giving them a less personalized but equivalent version of its social network. Meta introduced its pay or consent approach in November to comply with the DMA but the EC found that the model breaches the law's Article 5 (2). The DMA doesn't say that personal data accumulation is illegal but that consumers should have a real choice about what data is accumulated across gatekeepers' services, EC officials said. The law doesn't require that Meta offer an ad-free service, but there must be a middle ground between consenting to the combination of personal data accumulation and combination across services or paying a subscription for ad-free services, it said. Meta was designated as a gatekeeper in September. A company is a gatekeeper when it derives a specified annual revenue in the European Economic Area and offers a platform in at least three EU countries; offers a core platform for more than 45 million monthly active end users located in the EU, and more than 10,000 yearly active business users established in the EU; and if it met the second criterion for the past three years (see 2309060002). Asked whether other companies that use the pay or consent model should consider the preliminary findings a warning, officials stressed the DMA covers gatekeepers only and the commission's findings don't set out a general principle on pay or consent for those enterprises that aren't gatekeepers. "Subscription for no ads follows the direction of the highest court in Europe and complies with the DMA," a Meta spokesperson emailed, adding the company will continue working with the EC to resolve the investigation. The enforcement action "comes on top of the complaints against Meta's model for breaches of consumer law and data protection law which consumer organizations have raised" recently, the European Consumer Organisation said: "We now urge Meta to comply with laws meant to protect consumers."
CDK Global, a software provider for North American car dealerships, failed to take the necessary steps to protect Coby Hester’s and class members’ personally identifiable information (PII), Hester's negligence class action alleged Thursday (docket 1:24-cv-05377) in U.S. District Court for Northern Illinois. CDK was hired to protect PII and is responsible for the software behind most major car dealerships in North America, the complaint said, citing a June 20 article in Enterprise Management 360 about a June 18 ransomware attack at CDK that reportedly reached 15,000 car dealerships. CDK acknowledged the breach on June 19 when it told car dealers it was investigating a “cyber incident.” The company “shut down most" systems and was “diligently trying to get everything up and running as quickly as possible,” the article said. CDK experienced a second cyber incident on June 19 and told dealers it was “again proactively shutting down most of our systems.” An employee of Northwest Dodge, Hester provided CDK with his PII, including name, address, Social Security number, driver’s license, and financial details, the complaint alleged. The Houston plaintiff is careful about sharing his PII and storing documents containing his PII in a safe, secure location, it added. Hester asserts claims of negligence and negligence per se, breach of third-party beneficiary contract and fiduciary duty and unjust enrichment.
DOJ and NTIA should end VeriSign’s contract for .com domain name registry services and kill its no-bid “monopoly,” which has led to rising registration costs, the American Economic Liberties Project and advocates wrote the agencies Wednesday. VeriSign’s government-designated, no-bid contract should end before the Aug. 2 automatic renewal date, AELP wrote in letters that Demand Progress Education Fund and Revolving Door Project signed. They requested the agencies open the contract to a “fair bidding process” and set a “price cap” for registration of .com and other top-level domains. The advocates said DOJ should withdraw from 2018 interagency guidance, which they claim allowed the Trump administration’s NTIA to “remove contractual protections against price-gouging.” The department should probe VeriSign’s “kickback” arrangement with ICANN for possible antitrust violations, the letter said. ICANN is a nongovernmental organization that accredits domain name registries and registrars. VeriSign must obtain consent from ICANN to increase its prices, and in 2022, the company offered a $20 million “cash bonus” to win approval from ICANN, the groups wrote DOJ. VeriSign hiked its price from $6 during the George W. Bush administration to $10.60 today, a 70% rise, they said. Citing public statistics, the groups claimed VeriSign has a “gross profit margin and operating margin of nearly 90 and 70 percent respectively.” The company’s free cash flow was estimated at $925 million in April, they said: “Billions of dollars that could be devoted to maintaining infrastructure, improving service, or accommodating more affordable pricing structures are instead diverted to other ends.” They noted the company spent about 6% of revenue on research and development in 2023. The letter noted that when registration for .net domain names was opened to competitive bidding in 2011, the price for registration dropped from $6 to $3.50. NTIA, DOJ, VeriSign and ICANN didn’t comment Thursday.
California’s Senate Judiciary Committee on Tuesday passed legislation that would ban companies from using children’s personal data to train AI systems without parental consent. The committee unanimously advanced AB-2877, and it’s now up for Senate Appropriations Committee consideration. Introduced by Assemblymember Rebecca Bauer-Kahan (D), the bill passed the California Assembly 73-0 in May. The legislation expands privacy protections under the California Consumer Privacy Act to include machine-learning technology. Bauer-Kahan told the committee the expansion is necessary because California passed its privacy law before the widespread use of AI. AB-2877 would require parental consent for children under 13 and teen consent for users aged 13-15. TechNet and the California Chamber of Commerce oppose the legislation. Chamber Policy Advocate Ronak Daylami said the bill is rooted in the assumption that it’s inherently harmful to use a teen’s personal information to train AI. Legislators should focus on a technology’s outputs instead of regulating and interfering with inputs, she said. Sen. Benjamin Allen (D) briefly noted the bill's potential for pushing companies out of California but conceded he hadn’t fully studied the measure. California’s current budget crisis has “made me acutely aware of how dependent we are on the tech industry to pay for all the programs we like,” Allen said. The legislation doesn’t impede businesses' ability to operate in the state, said Bauer-Kahan, noting a desire from Gov. Gavin Newsom (D) for the state to lead in AI technology (see 2405300064). Brokers are making a lot of money selling Californians’ data, and the state should clarify that it’s not allowed with kids unless there’s parental consent, she said.
AI is contributing to the decline of web traffic and the “degradation” of journalism, former FCC Chairman Tom Wheeler said Monday in a Brookings column. He noted how generative AI tools have been built using data from websites. He cited research from The Atlantic showing AI-powered searches deliver answers on about 75% of queries, which eliminates the need to navigate to websites for answers. Accordingly, Gartner estimates search engine web traffic will decline 25% by 2026, he said. AI could provide an “almost boundless expansion” of information and knowledge, but the technology shouldn't be used to degrade the "free flow of ideas and journalism that is essential for democracy to function.” A Public Knowledge policy expert, an independent lawyer and a local news publisher executive on Monday spoke against legislative proposals that would force Big Tech companies to pay link fees for news content they host (see 2406240056).
Forcing tech platforms to pay for news content isn’t the right approach to protect local journalism, a Public Knowledge policy expert, an independent lawyer and a local news publisher executive said Monday. They spoke against proposals like the California Journalism Preservation Act, which will be considered at a Senate Judiciary Committee hearing Tuesday (see 2406120049). During a Computer & Communications Industry Association event, internet attorney Cathy Gellis said public discourse depends on access to information, and pay-for-news proposals reduce platforms’ incentives to share links. Sen. Amy Klobuchar, D-Minn., has championed a federal bill requiring platforms to pay to carry news (see 2309010048); similar proposals are seen in Canada and Australia. In the U.S., these proposals create First Amendment issues and conflicts with copyright law, whose purpose is ensuring the public benefits from copyrighted material, Gellis said. Public Knowledge Policy Director Lisa Macpherson noted the Copyright Office previously argued against copyright solutions for news publishers facing financial hardship (see 2206300023). Lion Publishers Executive Director Chris Krewson, who represents more than 500 independent news publishers, said saving small news outlets isn’t a journalism issue but rather a small-business problem. He said his members benefit from exposure and link-sharing on social media. The better solution is legislation that helps media startups with costs related to healthcare, media liability insurance and technology, said Krewson. "The death of your local newspaper is not the death of local news," he said, defending his members' ability to produce content independently.
Apple's App Store violates the Digital Markets Act (DMA) because it prevents app developers from freely steering consumers to alternative channels for offers and content, the European Commission said in preliminary findings Monday. It also opened a third probe against the company over concerns that its new contracts for third-party app developers and app stores, including its own "Core Technology Fee," don't ensure effective compliance with the law. Under the DMA, developers who distribute their apps via the App Store should be able to tell customers about other, cheaper purchasing options and steer them in that direction, the EC noted. Apple has three sets of business terms governing its relationship with developers, yet none let developers communicate freely with customers. In fact, the EC said, under most of the provisions, Apple allows steering only via "link-outs" -- links developers can include in their apps that redirect customers to a web page where they can sign contracts. Another concern is that Apple's fees for facilitating developers' initial acquisitions of customers on the App Store "go beyond what is strictly necessary." Apple may review and reply to the investigation documents. If the EC's views are confirmed, all three sets of business terms would fail to comply with the DMA, which requires "gatekeepers" to allow app developers to direct customers to app stores outside their own for free. If noncompliance is confirmed, the EC could set fines of up to 10% of Apple's total annual worldwide revenue and, in cases of systematic breaches, could also force it to sell its business or the part of it related to the infringement. The European Consumer Organisation praised the EC's "swift enforcement action." Apple didn't comment. Apple is one of several Big Tech companies designated under the DMA as gatekeepers. That means they have a certain annual revenue in the European economic area and provide platform services in at least three EU countries; offer core platform services to more than 45 million monthly active end users in the EU and more than 10,000 yearly active businesses established in the EU; and met the second criterion during the past three years (see 2309250020).
The FTC recouped more than $324 million in refunds to consumers in 2023, the agency said Friday in its annual refund report. That number compares with $392.9 million in 2022, $472.4 million in 2021 and $483 million in 2020. The FTC’s civil remedy authority was weakened in 2021 when a unanimous U.S. Supreme Court found FTC Act Section 13(b) doesn’t authorize the agency to seek equitable monetary relief like restitution or disgorgement (see 2104220068). The total for 2023 included $99 million returned to consumers who were charged fees when trying to cancel Vonage phone plans, the agency said. Slightly more than 88% of the $324 million was returned to consumers, the agency added. Another 2.9% of the funds were sent to the U.S. Treasury, and 9.1% of the funds covered administrative costs. The 9.1% administrative cost compares with 1.7% for 2022, 1.8% for 2021 and 6.5% for 2020.
The “danger” of the federal government colluding with “concentrated private power” can’t be overstated, FTC Commissioner Andrew Ferguson said Thursday. The former Virginia solicitor general noted his state signing onto an amicus brief with 14 other states that sided with Missouri and Louisiana in a social media censorship lawsuit against the Biden administration (see 2405010079). Speaking at a Federalist Society event, Ferguson discussed how Missouri and Louisiana accused Biden officials of “coercing or colluding” with large tech platforms to “drive COVID-19 skepticism” off social media. “I cannot overstate the danger of government colluding with concentrated private power to infringe the liberties of everyone in this room,” he said. Ferguson said more states should assert themselves to protect individual rights when the federal government is “unwilling or unable.” Ferguson lauded Republican efforts in Texas and Florida to pass laws intended to address perceived biases against conservative content on social media. NetChoice and the Computer and Communications Industry Association sued to block those laws (see 2402270072). The central government is incapable of “doing anything like Florida and Texas did,” he said. The best governance is done by the people closest to those they govern, meaning state and local authorities, Ferguson said.
Pornhub’s decision to block access in Nebraska over a new age-verification law is a “great development” for “kids, culture and values,” Gov. Jim Pillen (R) said. Thursday. The Online Age Verification Liability Act, which requires adult websites to verify age via user ID, becomes effective July 15. Sen. Dave Murman (R) wrote the bill. In a statement, Pillen said: “To the news that one of the world’s busiest porn traffickers will shut down in Nebraska, I say: ‘good riddance.’ I was proud to sign LB1092 into law and am grateful for Sen. Dave Murman’s leadership on this issue.”