Worldwide spending on security systems and services will hit $219 billion in 2023, up 12.1% over 2022, said Worldwide Security Spending Guide from International Data Corp. (IDC). “Investments in hardware, software, and services related to cybersecurity are expected to reach nearly $300 billion in 2026, driven by the ongoing threat of cyberattacks, the demands of providing a secure hybrid work environment and the need to meet data privacy and governance requirements,” IDC said Thursday. "Almost all industries and company size segments will see low double-digit growth through 2026, driven by the expansion of cloud and container deployments, the need to secure remote access to resources and the compliance requirements of privacy and data protection legislation,” said Serena Da Rold, associate research director. The banking and manufacturing sectors, as well as the government, are among those that will drive spending on IT security, IDC said.
The Copyright Office will examine copyright law and policy issues for artificial intelligence, the CO announced Thursday. This includes “the scope of copyright in works generated using AI tools and the use of copyrighted materials in AI training,” the CO said. Members of Congress and the public requested such an inquiry, it said. The CO will host public listening sessions in April and May in support of the effort.
The Consumer Financial Protection Bureau is investigating the data broker industry to examine how third parties track and use consumer data, it said Wednesday. “Modern data surveillance practices have allowed companies to hover over our digital lives and monetize our most sensitive data,” said CFPB Director Rohit Chopra, a former FTC commissioner who has been outspoken about privacy issues: “Our inquiry will inform whether rules under the Fair Credit Reporting Act reflect these market realities.” Sen. Ron Wyden, D-Ore., applauded the effort, noting he asked Chopra to investigate in 2021. “Americans’ personal information isn’t only being harvested from our phones -- water and power companies, phone and cable providers and credit bureaus are all sharing private details of our lives with shady data brokers,” Wyden said: “I’m glad the CFPB is heeding that call and launching an investigation into this unsavory industry.” The agency issued a request for information, seeking public comment by June 13. The CFPB is interested in “hearing about people’s direct experiences with these companies, including when individuals attempt to remove, correct, or regain control of their data,” the agency said.
The Georgia House Homeland Security Committee passed by voice vote Wednesday a bill that would ban state employees and students from installing and using apps like TikTok on state-owned devices. Introduced by Sen. Jason Anavitarte (R), SB-93 mirrors a decision from Gov. Brian Kemp (R), who issued an order in December banning the Chinese-owned social media app on state devices. The legislation is more broad, however, as it targets any apps owned by “foreign adversaries,” as defined by the federal government and recognized by the White House. The White House’s list of foreign adversaries includes China, Russia and Iran. The bill includes a carve-out that would allow access to the platform for law enforcement, research, legislative and judicial proceedings. Georgia Attorney General Chris Carr (R) recommended the carve-out. SB-93 was discussed before the full committee last week and before a subcommittee Tuesday. Anavitarte said he had discussions with Sen. Marco Rubio, R-Fla., about congressional efforts to eliminate the app in the U.S. This conversation isn’t going away in Georgia or at the national level, said Anavitarte, calling it a national security issue. Rep. Jordan Ridley (D) asked him how common the use of TikTok and other adversarial apps is on state devices. Anavitarte said he didn’t have an exact figure but noted intelligence officials say it takes only one device to make the state vulnerable. Several panel members, including Anavitarte, mistakenly referred to TikTok’s parent company ByteDance as DanceByte.
The FTC plans to vote March 16 on whether to issue orders to eight social media and streaming platforms about “how they monitor and review deceptive advertising,” the commission announced Thursday. The orders would be issued using FTC Act Section 6(b) authority. They would examine “the companies’ ad review practices and what, if any, measures they have taken to detect, prevent, and reduce deceptive advertising on their platforms.” This includes ads on “fraudulent health-care products, financial scams, and fake goods,” the FTC said. The open meeting is scheduled for 11 a.m.
Utah Gov. Spencer Cox (R) should veto two recently passed bills intended to protect children’s online privacy because they’re unconstitutional, NetChoice wrote the governor in a letter Thursday. The bills, SB-153 and HB-311, passed Wednesday (see 2303020014). The bills violate the First Amendment by banning anonymous speech and blocking adults’ lawful access to speech, and they endanger children by requiring them to share sensitive data, said NetChoice. “These bills’ shared goal to protect children from harmful content is laudable and one that NetChoice supports,” said Vice President Carl Szabo. “But the chosen means are not only unconstitutional, they require businesses to collect sensitive information about all Utahns, putting everyone, even children, at risk.”
Online therapy service BetterHelp will pay $7.8 million over claims it shared users’ health data with Facebook and Snapchat for ad purposes after “promising” to keep the data private, the FTC announced in a settlement Thursday. The commission voted 4-0 to accept the consent agreement with the company. California-based BetterHelp shared “email addresses, IP addresses, and health questionnaire information to Facebook, Snapchat, Criteo, and Pinterest for advertising purposes,” despite promises not to, the agency said. Businesses “shouldn't be permitted to covertly and deceptively use people's mental health histories to target them with advertisements,” FTC Chair Lina Khan tweeted. "When a person struggling with mental health issues reaches out for help, they do so in a moment of vulnerability and with an expectation that professional counseling services will protect their privacy,” said Samuel Levine, Bureau of Consumer Protection director, in a statement. The third parties will need to delete the ill-gotten data, and the company must deploy a comprehensive privacy program. Commissioner Christine Wilson, who is leaving the agency March 31, said in a concurring statement she’s “comfortable” that BetterHelp’s “conduct falls within” the FTC’s authority under FTC Act Section 19. She noted BetterHelp told consumers: “Rest assured -- your health information will stay private between you and your counselor.” The company didn’t comment.
FTC Commissioner Christine Wilson will leave office March 31, she wrote President Joe Biden in her resignation letter Thursday. Wilson in February announced plans to resign, citing abuses of power by Chair Lina Khan and senior staff (see 2302140047). She wished Biden success in the remainder of his tenure but urged him to “closely examine developments at the FTC to ensure that your vision of a ‘return to normalcy’ is being implemented with care.” Wilson said “knowledgeable career staff have been scorned and sidelined” under Khan’s leadership. She said she “barely” recognizes the agency she joined in 2018: “It pains me to observe the tarnishing of its reputation, the diminution of its efficacy, and the exodus of its experienced personnel, many of whom agree with the policy goals of Ms. Khan and your administration.”
The U.S. personal data protection is better than previous trans-Atlantic data transfer mechanisms, but "concerns remain," the European Data Protection Board (EDPB) said Tuesday. Its opinion on the EC decision saying the U.S. now ensures adequate data protection (see 2212130040) welcomed "substantial improvements" such as the introduction of requirements embodying the principles or necessity and proportionality for U.S. intelligence gathering of data and the new redress mechanism for EU data subjects. However, it said it has concerns with some rights of data subjects, onward transfers, the scope of exemptions, temporary bulk data collection, and the practical functioning of the redress mechanism. The EDPB said adopting the adequacy decision and its entry into effect should be conditioned on the U.S. updating its policies and procedures to implement executive order 14086 (which introduced the concepts of necessity and proportionality for U.S. signals intelligence) by all U.S. intelligence agencies. It recommended the EC then assess the updated policies and procedures and report back to the board.
Parents should have more control over what children and teens are exposed to on social media, legislators in Connecticut said during a hearing Tuesday. The General Law Committee, a joint panel with members from the Senate and House, heard testimony on a number of social media proposals. Connecticut should consider age-appropriate design concepts similar to those passed in California, said co-Chair James Maroney, a Senate Democrat. NetChoice is suing to block California’s AB-2273, the Age-Appropriate Design Code Act, on First Amendment grounds. Maroney referenced a similar law in the U.K. Rep. Tami Zawistowski (R) said she's happy to consider the concepts. She spoke in favor of legislation she co-sponsored, HB-5429, which would ban the “collection and commercial use of certain digital information concerning minors.” The 24/7 nature of social media drives the need for legislators to step in, she said: Parents are in the best position to decide what’s appropriate activity for young users. She said parents should have control over their kids’ accounts up to the age of 18 or 20, but the bill sets the age at 16 because that’s “more achievable.” There should be federal legislation, but state legislators do what they need to do to “get people talking,” she said. Maroney said he wants to explore the concept of product testing to identify harms when services target children. Sen. Saud Anwar (D) spoke in support of his SB-395, which would require website and app operators to “obtain parental consent before allowing a child under” 16 to open an account with the operator. “If we wait for the federal government to act, we’ll be waiting for a long time,” he said. Rep. Vincent Candelora (R) spoke in support of SB-1103, which was introduced by the committee at large. SB-1103 would establish an office of artificial intelligence and contemplates data collection restrictions for government agencies. The government should be held to the same standard as private entities because it’s collecting proprietary data and actively using algorithms, said Candelora.