HyperBeard, a kids app developer, agreed to pay $150,000 and to “delete personal information it illegally collected from children under 13,” the FTC said in a 4-1 settlement Thursday. The company allegedly violated the Children’s Online Privacy Protection Act rule by “allowing third-party ad networks to collect personal information in the form of persistent identifiers to track users of the company’s child-directed apps, without notifying parents or obtaining verifiable parental consent,” per a complaint filed by DOJ. It names HyperBeard CEO Alexander Kozachenko and Managing Director Antonio Uribe. Commissioner Noah Phillips dissented, saying, “Given the violations at issue, the harm to consumers, and how we have approached other COPPA cases, my view is that the fine imposed today is too much.” He questioned whether the $4 million penalty, which led to the settlement, was appropriate given the alleged harm, noting a $5.7 million penalty against Musical.ly (see 1902270059). Chairman Joe Simons disagreed, saying, “The goal of the civil penalty should be to make compliance more attractive than violation.” HyperBeard disagreed any of its games were directed at children under 13, but it settled to avoid “costly and distracting litigation,” the firm said, noting its limited resources as a “small company.” The “legacy apps” mentioned in the FTC complaint “have long been transitioned to COPPA-compliant advertising networks (which do not collect or use advertising IDs),” it said.

U.S. District Court in the District of Columbia summoned President Donald Trump, Attorney General William Barr and acting U.S. Attorney for the District of Columbia Michael Sherwin to defend the administration against the Center for Democracy & Technology’s First Amendment lawsuit (see 2006020071). The Tuesday summons (in Pacer) allows 60 days for response. DOJ didn’t comment.

The Federal Register published the executive order Tuesday from President Donald Trump that seeks to alter tech industry content moderation liability protections (see 2005280060 and 2006020071).

President Donald Trump’s social media-related executive order violates the First Amendment by “chilling the constitutionally protected speech of online platforms and individuals,” the Center for Democracy & Technology argued in a lawsuit Tuesday (see 2005290058). CDT accused of the president of trying to intimidate Twitter. The EO is “designed to deter social media services from fighting misinformation, voter suppression, and the stoking of violence on their platforms,” CEO Alexandra Givens said. She accused Trump of threatening retaliation and regulation and thereby influencing content moderation policies. The White House directed questions to DOJ, which didn’t comment. The lawsuit cites Trump’s “attack” on Twitter for exercising First Amendment rights to comment on the president’s statements, as well as a “willingness to use government authority to retaliate against those who criticize the government.” The order would circumvent Congress and purports to “empower multiple government agencies to pass judgment on companies’ content moderation practices,” CDT claimed. It “clouds the legal landscape in which the hosts of third-party content operate and puts them all on notice that content moderation decisions with which the government disagrees could produce penalties and retributive actions.”

DOD must improve its IPv6 transition plans, the GAO said Monday. The Pentagon began the planning process in 2017 but "has yet to clearly define the magnitude of work involved, the level of resources required, and the extent or nature of cybersecurity risks if vulnerabilities aren’t proactively managed," GAO said. Defense Secretary Mark Esper should direct the DOD chief information officer "to complete a department-wide inventory of existing IP-compliant devices and technologies to help with planning efforts and requirements development for the transition to IPv6," the report said. The auditor recommended the CIO "develop a cost estimate" for the transition and "develop a risk analysis" for it. DOD "agreed with our recommendations to develop a cost estimate and risk analysis" but "did not agree with our recommendation to complete a department-wide inventory of existing IP-compliant devices and technologies," GAO said. The department "referred to the draft IPv6 guidance that OMB developed in March 2020, stating that the draft guidance will rescind OMB’s fiscal year 2005 IPv6 guidance, which includes the inventory requirement. DOD also said that creating such an inventory would be impractical given the department’s size. It added that it has been mitigating the risk of not having an inventory by only acquiring IPv6-capable devices since December 2009."

The National Security Commission on Artificial Intelligence seeks comment by Sept. 30 for its final report on ensuring U.S. competitiveness in AI, machine learning and other emerging technologies. The FY 2019 National Defense Authorization Act tasked the group with assessing ways to ensure U.S. competitiveness in those technologies, ways to increase investment, workforce training and national security risks. The report is due March, said Thursday's Federal Register.

A company with facial recognition tech to create so-called faceprints of a person's identity (see 2003030054) was sued for allegedly violating people's privacy. Clearview AI undertook "unlawful surreptitious capture and storage of millions of Illinoisans’ sensitive biometric identifiers," alleged the American Civil Liberties Union, Chicago Alliance Against Sexual Exploitation, Sex Workers Outreach Project Chicago, Illinois State Public Interest Research Group and Mujeres Latinas en Accion. They told a state court in Cook County Thursday Clearview violated the Illinois Biometric Information Privacy Act: "Clearview has captured more than three billion faceprints from images available online, all without the [subjects'] knowledge." It's the first such case to attempt to "force any face recognition surveillance company to answer directly to groups representing survivors of domestic violence and sexual assault, undocumented immigrants, and other vulnerable communities uniquely harmed," the ACLU emailed. The company didn't comment.

President Donald Trump threatened to “strongly regulate” or shut down social media platforms, citing political bias against conservatives a day after Twitter included fact-check warnings for a series of his tweets. “Republicans feel that Social Media Platforms totally silence conservatives voices,” he wrote Wednesday. “We will strongly regulate, or close them down, before we can ever allow this to happen.” Social media companies don’t have anti-conservative bias and are rightly collaborating with civil society and government to combat online misinformation, Information Technology and Innovation Foundation Vice President Daniel Castro said: “While there may be occasional missteps, the private sector has shown a tremendous commitment to addressing this problem in a fair and transparent manner.” Twitter didn’t comment. Computer and Communications Industry Association President Matt Schruers raised free speech concerns, asking, “Are we a nation that tolerates its President threatening private enterprise for daring to contradict him?” Sen. Richard Blumenthal, D-Conn., tweeted that Trump’s “fear-mongering & conspiracy theory peddling is irresponsible, inexcusable, & authoritarian.” The First Amendment "significantly constrains any action the president could take to regulate social media platforms,” said American Civil Liberties Union Senior Legislative Counsel Kate Ruane. “The First Amendment also clearly prohibits the president from taking any action to stop Twitter from pointing out his blatant lies about voting by mail.”

The FCC Communications Security, Reliability and Interoperability Council will consider a final report by its Managing Security Risk in the Transition to 5G Working Group during a June 10 teleconference meeting, the FCC said Tuesday. Members will vote on a “Report on Risks to 5G From Legacy Vulnerabilities and Best Practices for Mitigation,” the FCC said. The call starts at 1 p.m. EDT.

California might enforce its privacy law three months before final regulations by Attorney General Xavier Becerra (D), said privacy attorney Christina Gagnier on a Carlton Fields webinar Thursday. The AG hasn't announced timing for California Consumer Privacy Act rules, but “it’s been communicated that the regulations might not be out until October,” even though Becerra hasn’t budged on starting enforcement July 1, she said. COVID-19 has moved many things back but it’s also brought “a heightened awareness of privacy,” Gagnier said. “The AG’s office is basically balancing those two things.” The final rules probably won't deviate much from proposed regulations as revised a few months ago (see 2004020043), unless the legislature this summer passes major changes like what’s proposed in AB-3119 by Assemblymember Buffy Wicks (D), the lawyer said. Wiley heard the same, attorney Joan Stewart emailed us. "While the AG hasn’t provided guidance yet on how enforcement would work in a world without implementing regulations -- we anticipate that initially enforcement could be focused on the requirements of the statute, rather than compliance specifics tied to the regulations." Expect the AG to "go after businesses that have made no effort to comply rather than businesses that have made a good faith effort but fell short." The International Association of Privacy Professionals blogged Monday about the possible delay to CCPA rules. "For regulations to become effective July 1, they must be filed with the Office of Administrative Law by May 31," but they haven't been submitted, IAPP said. If the AG doesn't meet that deadline, "their effective date will likely slip until Oct. 1." Becerra is "committed to enforcing the law starting July 1," a spokesperson emailed. "We encourage businesses to be particularly mindful of data security in this time of emergency."