FTC members have been considering levying a record-setting fine against Facebook for the Cambridge Analytica privacy breach, The Washington Post reported: Expect the penalty to be “much larger” than the record $22.5 million fine against Google in 2012. The FTC and Facebook didn’t comment.

Consumer Intelligence Research Partners projected Amazon has 101 million Prime U.S. customers, or 62 percent of its customers nationwide, up from 26 million in December 2013. Prime members spend about $1,400 yearly, compared with $600 for others, CRP said Thursday. Though membership growth has slowed to about 10 percent annually, it continued steadily in the holiday quarter and is “still significant on a huge base and after years of rapid growth,” said analyst Josh Lowitz.

The Telecommunications Industry Association and the IoT Community signed a memorandum of understanding to collaborate on initiatives for smart buildings, manufacturing, connected vehicles, intelligent transportation, healthcare and more, they said Thursday. Harnessing the power of the IoT is “essential for the successful development of smart buildings and eventually smart cities,” said Harry Smeenk, TIA senior vice president-technology programs. The groups will develop and share training content on IoT initiatives and will collaborate to educate industries on IoT’s role in buildings, they said.

“Safe technology” will be the “gating factor” in transforming autonomous vehicles into a “trillion-dollar opportunity,” General Motors CEO Mary Barra told a Wolfe Research investment conference Tuesday. Self-driving safety is “vitally important” because “customer acceptance and trust of the vehicle is key,” she said. It's a “focus” on solving “customer pain points that we think opens up the market” for autonomous ridesharing vehicles, she said. “Think about driving in a dense urban environment,” with its expensive parking options and extreme congestion. she said. “Those are all customer pain points that autonomous vehicles, safe autonomous vehicles, can solve.”

Companies that don't properly consider human rights risk "reputational harm, financial loss ... shareholder lawsuits, and dissatisfaction" from employees and customers, a group of nearly 50 investors said in endorsing New America's index (see 1804250022) from April. Investor Alliance for Human Rights members Boston Common Asset Management, Mercy Investment Services, NEI Investments and Robeco signed. The index recommends tech and telecom companies not wait for new laws to pass to improve data privacy policies. It suggests regular impact assessments to determine how products and services affect user expression and privacy, “effective grievance and remedy mechanisms” and comprehensive transparency reports on data collection.

Zix agreed to pay $275 million cash for the AppRiver cybersecurity firm, the email security provider announced Tuesday. The deal is expected to more than double Zix revenue and adjusted cash flow. True Wind Capital will invest $100 million once the takeover is complete, with some of the tech private equity firm's staff joining the Zix board (see the personals section of this publication). The deal is expected to close in Q1, a Zix spokesperson emailed us.

The National Institute of Standards and Technology should offer best practices (see 1812170032) so companies can demonstrate compliance with various national privacy “obligations,” Information Technology Industry Council commented Monday. Develop a road map with the framework, providing accessible language for “identifying, assessing, managing and communicating privacy risks,” ITI asked. The U.S. is at a “critical” moment for evaluating consumer privacy protections, said BSA|The Software Alliance Policy Director Shaundra Watson, and hopefully NIST’s effort leads to “a useful tool that will help companies strengthen their privacy practices.”

Marriott erred in taking nearly three months to alert customers about its data breach (see 1901040048), nearly 180 plaintiffs from 50 states, the District of Columbia, Puerto Rico and the Virgin Islands said in a lawsuit Wednesday. Plaintiffs have evidence of fraud allegedly linked to the breach, said Hausfeld's James Pizzirusso: It took Marriott four years to discover the breach on Sept. 8. The lawsuit is in U.S. District Court in Greenbelt, Maryland (docket 19-cv-00094). Monday, Marriott declined comment.

Congress should replace a patchwork of state and federal privacy laws with one “common set of protections,” the Information Technology & Innovation Foundation said Monday. That single federal data privacy law should pre-empt state laws and replace laws like the Health Insurance Portability and Accountability Act and Gramm-Leach-Bliley Act, said Vice President Daniel Castro and Senior Policy Analyst Alan McQuinn. They said the law should promote business and innovation, saying economies with strict privacy laws like the EU are falling behind: “Of the top 200 digital firms, only 8 are European.”

CTA fears “unilateral” export controls over emerging technologies “can seriously undercut U.S. technological leadership,” it told the Commerce Department’s Bureau of Industry and Security Thursday in docket BIS-2018-0024. CTA’s comments put it squarely in agreement with other tech groups that told BIS that overly strict export controls on new technology like artificial intelligence could harm tech innovation and bolster bad actors like China (see 1901100032). If the American tech industry is “locked out,” whether by “law or perception,” from pursuing “high growth markets” for “cutting-edge technologies,” U.S. companies “will lose the jobs and research investments that grow from our ability to compete for business in these fields,” said CTA. BIS should stick to the “principles” based in the 2018 Export Control Reform Act “as it considers whether or which technologies to propose for control,” it said. In deciding which emerging technologies should be targeted for controls, identify only those “not now controlled and that are essential to the national security” of the U.S., it said. It said any proposed controls should “be limited to addressing national security concerns, not trade policy issues.” CTA also urged the Trump administration to “give great weight to industry statements regarding how a proposed unilateral control would help or harm their U.S. business.” Don't "propose or impose new emerging technology controls unless it has fully considered the impact such controls would have on the U.S. economy,” CTA urged BIS. The Computer & Communications Industry Association suggested patented and patent-pending technology be excluded from export administration regulations. “A poorly executed export control regime can hinder innovation” and next-generation tech, CCIA said.