An anonymous reader quotes a report from BleepingComputer: The Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. Regulation S-P was introduced in 2000 and controls how some financial entities must treat nonpublic personal information belonging to consumers. These rules include developing and implementing data protection policies, confidentiality and security assurances, and protecting against anticipated threats.

The new amendments (PDF) adopted earlier this week impact financial firms, such as broker-dealers (funding portals included), investment firms, registered investment advisers, and transfer agents. The modifications were initially proposed in March of last year to modernize and improve the protection of individual financial information from data breaches and exposure to non-affiliated parties. Below is a summary of the introduced changes:

- Notify affected individuals within 30 days if their sensitive information is, or is likely to be, accessed or used without authorization, detailing the incident, breached data, and protective measures taken. Exemption applies if the information isn't expected to cause substantial harm or inconvenience to the exposed individuals.
- Develop, implement, and maintain written policies and procedures for an incident response program to detect, respond to, and recover from unauthorized access or use of customer information. This should include procedures to assess and contain security incidents, enforce policies, and oversee service providers.
- Expand safeguards and disposal rules to cover all nonpublic personal information, including that received from other financial institutions.
- Require documentation of compliance with safeguards and disposal rules, excluding funding portals.
- Align annual privacy notice delivery with the FAST Act, exempting certain conditions.
- Extend safeguards and disposal rules to transfer agents registered with the SEC or other regulatory agencies.

Nigeria will criminalize the destruction of broadband fiber cables following repeated complaints by MTN Nigeria and other telecommunications companies that they are losing billions of naira, Bloomberg News reported, citing people familiar with the matter. From the report: Nigeria's works ministry, which supervises federal road constructors, is finalizing the regulation that will be signed as an executive order by President Bola Tinubu, said the people, asking not to be identified as they weren't authorized to comment. While there are presently laws against vandalism, the authorities are aiming to regulate construction firms more closely. The order will enforce stiff penalties on offenders, said the people, declining to provide more details or say when it will be signed. "Telecom assets are critical backbone that supports the economy across sectors," said Temitope Ajayi, a senior presidential aide, who noted that the Association of Telecommunications Companies has been demanding the classification for years. New rules will provide "further assurance that the Nigerian government will protect their investments against vandals and criminal elements."

An anonymous reader quotes a report from TechCrunch: India is walking back on a recent AI advisory after receiving criticism from many local and global entrepreneurs and investors. The Ministry of Electronics and IT shared an updated AI advisory with industry stakeholders on Friday that no longer asked them to take the government approval before launching or deploying an AI model to users in the South Asian market. Under the revised guidelines, firms are instead advised to label under-tested and unreliable AI models to inform users of their potential fallibility or unreliability.

The March 1 advisory also marked a reversal from India's previous hands-off approach to AI regulation. Less than a year ago, the ministry had declined to regulate AI growth, identifying the sector as vital to India's strategic interests. The new advisory, like the original earlier this month, hasn't been published online, but TechCrunch has reviewed a copy of it. The ministry said earlier this month that though the advisory wasn't legally binding, it signals that it's the "future of regulation" and that the government required compliance.

The advisory emphasizes that AI models should not be used to share unlawful content under Indian law and should not permit bias, discrimination, or threats to the integrity of the electoral process. Intermediaries are also advised to use "consent popups" or similar mechanisms to explicitly inform users about the unreliability of AI-generated output. The ministry has retained its emphasis on ensuring that deepfakes and misinformation are easily identifiable, advising intermediaries to label or embed content with unique metadata or identifiers. It no longer requires firms to devise a technique to identify the "originator" of any particular message.

An anonymous reader shares a report: India has waded into global AI debate by issuing an advisory that requires "significant" tech firms to get government permission before launching new models. India's Ministry of Electronics and IT issued the advisory to firms on Friday. The advisory -- not published on public domain but a copy of which TechCrunch has reviewed -- also asks tech firms to ensure that their services or products "do not permit any bias or discrimination or threaten the integrity of the electoral process."

Though the ministry admits the advisory is not legally binding, India's IT Deputy Minister Rajeev Chandrasekhar says the notice is "signalling that this is the future of regulation." He adds: "We are doing it as an advisory today asking you to comply with it." In a tweet Monday, Chandrasekhar said the advisory is aimed at "untested AI platforms deploying on the India internet" and doesn't apply to startups. About-face from India's position on AI a year ago.

In an interview with The Register, author and activist Cory Doctorow offers potential solutions to stop "enshittification," an age-old phenomenon that has become endemic in the tech industry. It's when a platform that was once highly regarded and user-friendly gradually deteriorates in quality, becoming less appealing and more monetized over time. Then, it dies. Here's an excerpt from the interview, conducted by The Register's Iain Thomson: [...] Doctorow explained that the reasons for enshittification are complex, and not necessarily directly malicious -- but a product of the current business environment and the state of regulation. He thinks the way to flush enshittification is enforcing effective competition. "We need to have prohibition and regulation that prohibits the capital markets from funding predatory pricing," he explained. "It's very hard to enter the market when people are selling things below cost. We need to prohibit predatory acquisitions. Look at Facebook: buying Instagram, and Mark Zuckerberg sending an email saying we're buying Instagram because people don't like Facebook and they're moving to Instagram, and we just don't want them to have anywhere else to go."

The frustrating part of this is that the laws needed to break up the big tech monopolies that allow enshittification, and encourage competition, are already on the books. Doctorow lamented those laws haven't been enforced. In the US, the Clayton Act, the Federal Trade Act, and the Sherman Act are all valid, but have either not been enforced or are being questioned in the courts. However, in the last few years that appears to be changing. Recent actions by increasingly muscular regulatory agencies like the FTC and FCC are starting to move against the big tech monopolies, as well as in other industry sectors. What's more, Doctorow pointed out, these are not just springing from the Democratic administration but are being actively supported by an increasing number of Republicans. He cited Lina Khan, appointed as chair of the FTC in part thanks to the support of Republican politicians seeking change (although the GOP now regularly criticizes her positions).

The sheer size of the largest tech companies certainly gives them an advantage in cases like these, Doctorow opined, noting that we've seen this in action more than 20 years ago. "Think back to the Napster era, and compare tech and entertainment. Entertainment was very concentrated into about seven big firms and they had total unity and message discipline," Doctorow recalled. "Tech was a couple of hundred firms, and they were much larger -- like an order of magnitude larger in aggregate than entertainment. But their messages were all over the place, and they were contradicting each other. And so they just lost, and they lost very badly." Doctorow discusses the detrimental effects of mega-companies on innovation and security, noting how growth strategies focused on raising costs and reducing value can lead to vulnerabilities and employee demoralization. "Remember when tech workers dreamed of working for a big company before striking out on their own to put that big company out of business? Then that dream shrank to working for a few years, quitting and doing a fake startup to get hired back by your old boss in the world's most inefficient way to get a raise," he told the Def Con crowd last August. "Next it shrank even further. You're working for a tech giant your whole life but you get free kombucha and massages. And now that dream is over and all that's left is work with a tech giant until they fire your ass -- like those 12,000 Googlers who got fired six months after a stock buyback that would have paid their salaries for the next 27 years. We deserve better than this."

Additionally, Doctorow emphasizes the growing movement toward labor organizing in the tech industry, which could be a pivotal factor in reversing the trend of enshittification. "We're so much closer to tech unionization than we were just a few years ago. Yeah, it's still nascent, and yes, it's easy to double small numbers, but the strength is doubling very quickly and in a very heartening way," Doctorow told The Register. "We're really at a turning point. And some of it is coming from the kind of solidarity like you see with warehouse workers and tech workers."

Ultimately, Doctorow argues it should be possible to reintroduce a more competitive and innovative tech industry environment, where the interests of users, employees, and investors are better balanced.

With the increasing adoption of e-bikes and drones for efficient, eco-friendly delivery services, New York is proposing the Department of Sustainable Delivery to regulate these services, focusing on safety, data sharing, and operational permits to ease congested lanes. Fast Company reports: The first step of the new department will be a task force made up of tech, transportation, labor, and government representatives. There are currently some city regulations around delivery operations, but they're fragmented; the Department of Consumer and Worker Protection, for example, has addressed delivery worker rights (and recently announced a new minimum pay rate for app-based food delivery workers), while the Department of Transportation focuses on commercial delivery, and has taken steps to address delivery cargo bikes. "We don't have a place where every company that wants to dispatch in volume and move freight [and goods] around in the city on a micro level comes through and has to show that they're going to meet certain requirements," [New York City Deputy Mayor of Operations Meera Joshi] says.

Managers of truck delivery fleets often track their driver's performance and behavior with tools like GPS; through the new department, micromobility app companies may be required to share their GPS delivery data with the city. That data might reveal more about how long delivery riders are working, or how heavy cargo bikes' loads are, which could lead to new regulations. Joshi also points to e-bike fires and rising e-bike rider deaths as red flags that signal the need for more oversight and legislation, which could prevent future tragedies. More information about where and when these deliveries are happening could also help the city adapt its infrastructure to this growing market. "As more and more of the city is feeling the effects of the commercialization of bike lanes, we certainly do have to rethink how wide our bike lanes are, what they are there to accommodate, does there need to be some separation between motorized and nonmotorized [bikes]?" Joshi says. "But these things need to be informed." The city is already making some such updates. Last summer, it upgraded a stretch of 10th Avenue to include a 10-foot-wide bike lane, to better allow regular cyclists and delivery e-bikes to coexist

Tech advancements often move faster than the government, resulting in a game of legislative catch up for cities. Joshi says New York City is thinking about micromobility in this way because "we've seen this movie before," referring to tech disruption, "and we'd like a different ending." While Joshi knows that companies may bristle at the increased oversight, she says being proactive about these issues and taking steps to address them will likely help the firms and their public perception long-term. And not addressing micromobility challenges now could also impede larger climate progress. "If we are not able to show that we have a comprehensive framework, show that we're able to manage what we have today and prepare for the unknown, we could have people, saying 'it was better when [delivery] was in trucks,'" Joshi says, "and that would actually be probably the worst thing for the environment."

In response to new EU regulations, Apple on Thursday outlined plans to allow iOS developers to distribute apps outside the App Store starting in March, though developers must still submit apps for Apple's review and pay commissions. Now critics say the changes don't go far enough and Apple retains too much control.

Epic Games CEO Tim Sweeney: They are forcing developers to choose between App Store exclusivity and the store terms, which will be illegal under DMA (Digital Markets Act), or accept a new also-illegal anticompetitive scheme rife with new Junk Fees on downloads and new Apple taxes on payments they don't process. 37signals's David Heinemeier Hansson, who is also the creator of Ruby on Rails: Let's start with the extortion regime that'll befell any large developer who might be tempted to try hosting their app in one of these new alternative app stores that the EU forced Apple to allow. And let's take Meta as a good example. Their Instagram app alone is used by over 300 million people in Europe. Let's just say for easy math there's 250 million of those in the EU. In order to distribute Instagram on, say, a new Microsoft iOS App Store, Meta would have to pay Apple $11,277,174 PER MONTH(!!!) as a "Core Technology Fee." That's $135 MILLION DOLLARS per year. Just for the privilege of putting Instagram into a competing store. No fee if they stay in Apple's App Store exclusively.

Holy shakedown, batman! That might be the most blatant extortion attempt ever committed to public policy by any technology company ever. And Meta has many successful apps! WhatsApp is even more popular in Europe than Instagram, so that's another $135M+/year. Then they gotta pay for the Facebook app too. There's the Messenger app. You add a hundred million here and a hundred million there, and suddenly you're talking about real money! Even for a big corporation like Meta, it would be an insane expense to offer all their apps in these new alternative app stores.

Which, of course, is the entire point. Apple doesn't want Meta, or anyone, to actually use these alternative app stores. They want everything to stay exactly as it is, so they can continue with the rake undisturbed. This poison pill is therefore explicitly designed to ensure that no second-party app store ever takes off. Without any of the big apps, there will be no draw, and there'll be no stores. All of the EU's efforts to create competition in the digital markets will be for nothing. And Apple gets to send a clear signal: If you interrupt our tool-booth operation, we'll make you regret it, and we'll make you pay. Don't resist, just let it be. Let's hope the EU doesn't just let it be. Coalition of App Fairness, an industry body that represents over 70 firms including Tinder, Spotify, Proton, Tile, and News Media Europe: "Apple clearly has no intention to comply with the DMA. Apple is introducing new fees on direct downloads and payments they do nothing to process, which violates the law. This plan does not achieve the DMA's goal to increase competition and fairness in the digital market -- it is not fair, reasonable, nor non-discriminatory," said Rick VanMeter, Executive Director of the Coalition for App Fairness.

"Apple's proposal forces developers to choose between two anticompetitive and illegal options. Either stick with the terrible status quo or opt into a new convoluted set of terms that are bad for developers and consumers alike. This is yet another attempt to circumvent regulation, the likes of which we've seen in the United States, the Netherlands and South Korea. Apple's 'plan' is a shameless insult to the European Commission and the millions of European consumers they represent -- it must not stand and should be rejected by the Commission."

Friday America's Environmental Protection Agency "proposed steep new fees on methane emissions from oil and gas facilities," reports the Washington Post, "escalating a crackdown on the fossil fuel industry's planet-warming pollution."

Methane does not linger in the atmosphere as long as carbon dioxide, but it is far more effective at trapping heat — roughly 80 times more potent in its first decade. It is responsible for roughly a third of global warming today, and the oil and gas industry accounts for about 14 percent of the world's annual methane emissions, according to estimates from the International Energy Agency. Other large methane sources include livestock, landfills and coal mines.
So America's new Methane Emissions Reduction Program "levies a fee on wasteful methane emissions from large oil and gas facilities," according to the article: The fee starts at $900 per metric ton of emissions in 2024, increasing to $1,200 in 2025 and $1,500 in 2026 and thereafter. The EPA proposal lays out how the fee will be implemented, including how the charge will be calculated...

At the U.N. Climate Change Conference in Dubai in December, EPA Administrator Michael Regan announced final standards to limit methane emissions from U.S. oil and gas operations. Fossil fuel companies that comply with these standards will be exempt from the new fee... Fred Krupp, president of the Environmental Defense Fund, said the fee will encourage fossil fuel firms to deploy innovative technologies that detect methane leaks. Such cutting-edge technologies range from ground-based sensors to satellites in space. "Proven solutions to cut oil and gas methane and to avoid the fee are being used by leading companies in states across the country," Krupp said in a statement...

In addition to methane, the EPA proposal could slash emissions of hazardous air pollutants, including smog-forming volatile organic compounds and cancer-causing benzene [according to an EPA official].
The federal government also gave America's fossil fuel companies nearly $1 billion to help them comply with the methane regulation, according to the article.

The article also includes this statement from an executive at the American Petroleum Institute, the top lobbying arm of the U.S. oil and gas industry, complaining that the fines create a "regime" that would "stifle innovation," and urging Congress to repeal it.

An anonymous reader quotes a report from the New York Times: The Justice Department is in the late stages of an investigation into Apple and could file a sweeping antitrust case taking aim at the company's strategies to protect the dominance of the iPhone as soon as the first half of this year, said three people with knowledge of the matter. The agency is focused on how Apple has used its control over its hardware and software to make it more difficult for consumers to ditch the company's devices, as well as for rivals to compete, said the people, who spoke anonymously because the investigation was active. Specifically, investigators have examined how the Apple Watch works better with the iPhone than with other brands, as well as how Apple locks competitors out of its iMessage service. They have also scrutinized Apple's payments system for the iPhone, which blocks other financial firms from offering similar services, these people said.

The Justice Department is closing in on what would be the most consequential federal antitrust lawsuit challenging Apple, which is the most valuable tech company in the world. If the lawsuit is filed, American regulators will have sued four of the biggest tech companies for monopolistic business practices in less than five years. The Justice Department is currently facing off against Google in two antitrust cases, focused on its search and ad tech businesses, while the Federal Trade Commission has sued Amazon and Meta for stifling competition. The Apple suit would likely be even more expansive than previous challenges to the company, attacking its powerful business model that draws together the iPhone with devices like the Apple Watch and services like Apple Pay to attract and keep consumers loyal to its products. Rivals have said that they have been denied access to key Apple features, like the Siri virtual assistant, prompting them to argue the practices are anticompetitive.

One of the country's most influential courts has asked the nation's top securities regulator for its views on an uncomfortable subject: whether audit reports by outside accounting firms actually matter. From a report: The court already ruled that, at least in one case, they didn't. That case, where an insurer overstated profits and an auditor signed off on its books, led to an investor lawsuit against the auditor that was dismissed. In its ruling, the court said the audit report was so general an investor wouldn't have relied on it. The decision could have broad ramifications for the Securities and Exchange Commission, which oversees corporate financial disclosures, and for the auditing industry, which charged about $17 billion last year for blessing the books of publicly listed companies in the U.S.

The ruling, by a three-judge panel of the Second U.S. Circuit Court of Appeals, prompted three former SEC officials to tell the court it got the answer wrong. They asked the court to reconsider its decision, noting that the SEC in a previous enforcement case had said that "few matters could be more important to investors" than whether a company's financial statements had been subjected to a properly conducted annual audit. The court responded by inviting the SEC to file a brief expressing its views on the former officials' arguments. The SEC in a court filing said that "the commission has an interest in ensuring its views on this issue are considered by the court." Its brief is due Feb. 16. The court ruling involved a lawsuit by investors over an audit gone wrong. AmTrust Financial Services, an insurance company, had overstated its profit, and BDO USA, its outside accounting firm, had blessed the numbers.

A bipartisan group of lawmakers has written to U.S. President Joe Biden, warning European technology regulation are unfairly targeting U.S. companies and not including many Chinese or EU firms, according to a letter seen by Reuters on Monday. From the report: Under the European Union's Digital Markets Act (DMA), five major U.S. tech companies -- Alphabet, Amazon, Apple, Meta and Microsoft -- were designated "gatekeeper" service providers. From March 2024, these companies -- as well as TikTok's Chinese owner ByteDance -- will be required to make their messaging apps work with rivals and let users choose which ones they want pre-installed on their devices.

In a letter seen by Reuters, 21 members of the U.S. House of Representatives warned the new rules could damage American economic and security interests and called on Biden to secure commitments from the EU the rules will be enforced fairly. "Securing our leadership in this sector is imperative for our economy and American workers," the letter said. "The designation of leading U.S. companies as 'gatekeepers' threatens to upend the U.S. economy, diminish our global leadership in the digital sphere, and jeopardize the security of consumers."

The letter questioned why Chinese companies Alibaba, Huawei, and Tencent had avoided designation and why European companies had avoided any scrutiny. "The EU inexplicably failed to designate any European retailers, content-sharing platforms, payment firms, and telcos," it said. Signatories of the letter -- including Representative Lou Correa, a Democrat, and Thomas Massie, a Republican, -- called on Biden to seek assurances from EU lawmakers the DMA will not be unfairly used to target U.S. companies.

After months of high-level meetings and discussions, government officials and Big Tech leaders have agreed on one thing about artificial intelligence: The potentially world-changing technology needs some ground rules. But many in Silicon Valley are skeptical. WashingtonPost: A growing group of tech heavyweights -- including influential venture capitalists, the CEOs of midsize software companies and proponents of open-source technology -- are pushing back, claiming that laws for AI could snuff out competition in a vital new field. To these dissenters, the willingness of the biggest players in AI, such as Google, Microsoft and ChatGPT maker OpenAI to embrace regulation is simply a cynical ploy by those firms to lock in their advantages as the current leaders, essentially pulling up the ladder behind them. These tech leaders' concerns ballooned last week, when President Biden signed an executive order laying out a plan to have the government develop testing and approval guidelines for AI models -- the underlying algorithms that drive "generative" AI tools such as chatbots and image-makers.

"We are still in the very early days of generative AI, and it's imperative that governments don't preemptively anoint winners and shut down competition through the adoption of onerous regulations only the largest firms can satisfy," said Garry Tan, the head of Y Combinator, a San Francisco-based start-up incubator that helped nurture companies including Airbnb and DoorDash when they were just starting. The current discussion hasn't incorporated the voices of smaller companies enough, Tan said, which he believes is key to fostering competition and engineering the safest ways to harness AI. Companies like influential AI start-up Anthropic and OpenAI are closely tied to Big Tech, having taken huge amounts of investment from them.

"They do not speak for the vast majority of people who have contributed to this industry," said Martin Casado, a general partner at venture capital firm Andreessen Horowitz, which made early investments in Facebook, Slack and Lyft. Most AI engineers and entrepreneurs have been watching the regulatory discussions from afar, focusing on their companies instead of trying to lobby politicians, he said. "Many people want to build, they're innovators, they're the silent majority," Casado said. The executive order showed those people that regulation could come sooner than expected, he said. Casado's venture capital firm sent a letter to Biden laying out its concerns. It was signed by prominent AI start-up leaders including Replit CEO Amjad Masad and Mistral's Arthur Mensch, as well as more established tech leaders such as e-commerce company Shopify's CEO Tobi Lutke, who had tweeted "AI regulation is a terrible idea" after the executive order was announced.

The UK government confirmed plans to regulate cryptoasset activities more strictly, bringing them under the same regime as traditional financial services. From a report: The government intends to proceed with legislation in 2024 to implement the changes, according to a Treasury announcement on Monday, responding to a consultation it launched earlier this year. The plans include a mandate for crypto exchanges to write detailed requirements on admission standards and disclosures for token issuers when listing new assets. This could include information about a token's underlying code, known vulnerabilities and risks.

The UK's push to regulate crypto is part of a wider effort by Prime Minister Rishi Sunak to attract more digital-asset businesses and investment to the country, while at the same time protecting consumers. Crypto firms have long complained that a lack of clear rules has made it hard for them to operate in the UK. "We must make the UK a place where cryptoasset firms have the clarity needed to invest and innovate, and where customers have the protections necessary for confidently using these technologies," said City Minister Andrew Griffith. "The UK is the obvious choice for starting and scaling a cryptoasset business."

An anonymous reader shares a report: The UK's Online Safety Bill, a wide-ranging piece of legislation that aims to make the country "the safest place in the world to be online" received royal assent today and became law. The bill has been years in the making and attempts to introduce new obligations for how tech firms should design, operate, and moderate their platforms. Specific harms the bill aims to address include underage access to online pornography, "anonymous trolls," scam ads, the nonconsensual sharing of intimate deepfakes, and the spread of child sexual abuse material and terrorism-related content.

Although it's now law, online platforms will not need to immediately comply with all of their duties under the bill, which is now known as the Online Safety Act. UK telecoms regulator Ofcom, which is in charge of enforcing the rules, plans to publish its codes of practice in three phases. The first covers how platforms will have to respond to illegal content like terrorism and child sexual abuse material, and a consultation with proposals on how to handle these duties is due to be published on November 9th.

As the FCC leans towards reinstating net neutrality and regulating ISPs under Title II, the broadband sector is set to challenge the move. Previously, courts have upheld FCC's decisions. However, legal experts believe the Supreme Court's current stance may hinder the FCC's authority to classify broadband as a telecommunications service. ArsTechnica: The major question here is whether the FCC has authority to decide that broadband is a telecommunications service, which is important because only telecommunications services can be regulated under Title II's common-carrier framework. "A Commission decision reclassifying broadband as a Title II telecommunications service will not survive a Supreme Court encounter with the major questions doctrine. It would be folly for the Commission and Congress to assume otherwise," two former Obama administration solicitors general, Donald Verrilli, Jr. and Ian Heath Gershengorn, argued in a white paper last month. According to Verrilli and Gershengorn, "There is every reason to think that a majority of the Supreme Court" would vote against the FCC.

Verrilli and Gershengorn express their view with a striking level of certainty given how difficult it usually is to predict a Supreme Court outcome -- particularly in a case like this, where the agency decision isn't even finalized. While litigation in lower courts is to be expected, it's not even clear that the Supreme Court will take up the case at all. The certainty expressed by Verrilli and Gershengorn is less surprising when you consider that their white paper was funded by USTelecom and NCTA -- The Internet & Television Association, two broadband industry trade groups that sued the Obama-era FCC in a failed attempt to overturn the net neutrality rules. The groups -- which represent firms like AT&T, Verizon, Comcast, and Charter -- eventually got their way when then-FCC Chairman Ajit Pai led a repeal of the rules in 2017. But the industry-funded white paper has gotten plenty of attention, and the FCC is keenly aware of the so-called "major questions doctrine" that it describes. The FCC's Notice of Proposed Rulemaking (NPRM), which is pending a commission vote, will seek public comment on how the major questions doctrine might affect Title II regulation and net neutrality rules that would prohibit blocking, throttling, and paid prioritization.

An anonymous reader quotes a report from TechCrunch: Controversial UK legislation that brings in a new regime of content moderation rules for online platforms and services -- establishing the comms watchdog Ofcom as the main Internet regulator -- has been passed by parliament today, paving the way for Royal Assent and the Online Safety Bill becoming law in the coming days. Speaking during the bill's final stages in the House of Lords, Lord Parkinson of Whitley Bay reiterated that the government's intention for the legislation is "to make the UK the safest place in the world to be online, particularly for children." Following affirmative votes as peers considered some last stage amendments he added that attention now moves "very swiftly to Ofcom who stand ready to implement this -- and do so swiftly."

The legislation empowers Ofcom to levy fines of up to 10% (or up to 18 million pounds whichever is higher) of annual turnover for violations of the regime. The Online Safety (nee Harms) Bill has been years in the making as UK policymakers have grappled with how to response to a range of online safety concerns. In 2019 these efforts manifested as a white paper with a focus on rules for tackling illegal content (such as terrorism and CSAM) but also an ambition to address a broad sweep of online activity that might be considered harmful, such as violent content and the incitement of violence; encouraging suicide; disinformation; cyber bullying; and adult material being accessed by children. The effort then morphed into a bill that was finally published in May 2021. [...]

In a brief statement the UK's new web content sheriff gave no hint of the complex challenges that lie ahead -- merely welcoming the bill's passage through parliament and stating that it stands ready to implement the new rulebook. "Today is a major milestone in the mission to create a safer life online for children and adults in the UK. Everyone at Ofcom feels privileged to be entrusted with this important role, and we're ready to start implementing these new laws," said Dame Melanie Dawes, Ofcom's CEO. "Very soon after the Bill receives Royal Assent, we'll consult on the first set of standards that we'll expect tech firms to meet in tackling illegal online harms, including child sexual exploitation, fraud and terrorism." Beyond specific issues of concern, there is over-arching general worry over the scale of the regulatory burden the legislation will apply to the UK's digital economy -- since the rules apply not only to major social media platforms; scores of far smaller and less well resourced online services must also comply or risk big penalties.

An anonymous Slashdot reader shared this report from the New York Times: The collapse in cryptocurrency prices last year forced a procession of major firms into bankruptcy, triggering a government crackdown and erasing the savings of millions of inexperienced investors. But for a small group of corporate turnaround specialists, crypto's implosion has become a financial bonanza.

Lawyers, accountants, consultants, cryptocurrency analysts and other professionals have racked up more than $700 million in fees since last year from the bankruptcies of five major crypto firms, including the digital currency exchange FTX, according to a New York Times analysis of court records. That sum is likely to grow significantly as the cases unfold over the coming months. Large fees are common in corporate bankruptcies, which require complex and time-intensive legal work to untangle. But in the crypto world, the mounting fees have sparked widespread outrage because many of the people owed money are amateur traders who lost their personal savings, rather than corporations with the ability to weather a financial crisis. Every dollar in fees is deducted from the pool of funds that will be returned to creditors at the end of the bankruptcies.

The fees are "exorbitant and ridiculous," said Daniel Frishberg, a 19-year-old investor who lost about $3,000 when the crypto company Celsius Network filed for bankruptcy last year. "At every hearing, they have an army of people there, and most of them don't need to be there. You don't need 20 people taking notes."

"It was difficult to maintain a poker face when the leader of a big US tech firm I was chatting to said there was a definite tipping point at which the firm would exit the UK," writes a BBC technology editor: Many of these companies are increasingly fed up. Their "tipping point" is UK regulation — and it's coming at them thick and fast. The Online Safety Bill is due to pass in the autumn. Aimed at protecting children, it lays down strict rules around policing social media content, with high financial penalties and prison time for individual tech execs if the firms fail to comply. One clause that has proved particularly controversial is a proposal that encrypted messages, which includes those sent on WhatsApp, can be read and handed over to law enforcement by the platforms they are sent on, if there is deemed to be a national security or child protection risk...

Currently messaging apps like WhatsApp, Proton and Signal, which offer this encryption, cannot see the content of these messages themselves. WhatsApp and Signal have both threatened to quit the UK market over this demand.

The Digital Markets Bill is also making its way through Parliament. It proposes that the UK's competition watchdog selects large companies like Amazon and Microsoft, gives them rules to comply with and sets punishments if they don't. Several firms have told me they feel this gives an unprecedented amount of power to a single body. Microsoft reacted furiously when the Competition and Markets Authority (CMA) chose to block its acquisition of the video game giant Activision Blizzard. "There's a clear message here — the European Union is a more attractive place to start a business than the United Kingdom," raged chief executive Brad Smith. The CMA has since re-opened negotiations with Microsoft. This is especially damning because the EU is also introducing strict rules in the same vein — but it is collectively a much larger and therefore more valuable market.

In the UK, proposed amendments to the Investigatory Powers Act, which included tech firms getting Home Office approval for new security features before worldwide release, incensed Apple so much that it threatened to remove Facetime and iMessage from the UK if they go through. Clearly the UK cannot, and should not, be held to ransom by US tech giants. But the services they provide are widely used by millions of people. And rightly or wrongly, there is no UK-based alternative to those services.
The article concludes that "It's a difficult line to tread. Big Tech hasn't exactly covered itself in glory with past behaviours — and lots of people feel regulation and accountability is long overdue."

The European Union is lobbying Asian countries to follow its lead on artificial intelligence in adopting new rules for tech firms that include disclosure of copyrighted and AI-generated content, according to senior officials from the EU and Asia. From a report: The EU and its member states have dispatched officials for talks on governing the use of AI with at least 10 Asian countries including India, Japan, South Korea, Singapore and the Philippines, they said. The bloc aims for its proposed AI Act to become a global benchmark on the booming technology the way its data protection laws have helped shape global privacy standards.

However, the effort to convince Asian governments of the need for stringent new rules is being met with a lukewarm reception, seven people close to the discussions told Reuters. Many countries favour a "wait and see" approach or are leaning towards a more flexible regulatory regime. Singapore, one of Asia's leading tech centres, prefers to see how the technology evolves before adapting local regulations, an official for the city-state told Reuters. Officials from Singapore and the Philippines expressed concern that moving overly hasty regulation might stifle AI innovation.

An anonymous reader quotes a report from Ars Technica: The European Commission today decided it is safe for personal data to be transferred from the European Union to US-based companies, handing a victory to firms like Facebook and Google despite protests from privacy advocates who worry about US government surveillance. The commission announced that it "adopted its adequacy decision for the EU-US Data Privacy Framework," concluding "that the United States ensures an adequate level of protection -- comparable to that of the European Union -- for personal data transferred from the EU to US companies under the new framework. On the basis of the new adequacy decision, personal data can flow safely from the EU to US companies participating in the Framework, without having to put in place additional data protection safeguards."

In May, Facebook-owner Meta was fined 1.2 billion euros for violating the General Data Protection Regulation (GDPR) with transfers of personal data to the United States and was ordered to stop storing European Union user data in the US within six months. But Meta said at the time that if the pending data-transfer pact "comes into effect before the implementation deadlines expire, our services can continue as they do today without any disruption or impact on users." The data-transfer deal "is expected to face a legal challenge from European privacy advocates, who have long said that the US needs to make substantial changes to surveillance laws," a Wall Street Journal report said today. "Transfers of data from Europe to the US have been in question since an EU court ruled in 2020 that a previous deal allowing trans-Atlantic data flows was illegal because the US didn't give EU individuals an effective way to challenge surveillance of their data by the US government."

The EC's announcement said the new framework has "binding safeguards to address all the concerns raised by the European Court of Justice, including limiting access to EU data by US intelligence services to what is necessary and proportionate, and establishing a Data Protection Review Court (DPRC), to which EU individuals will have access." The new court "will be able to order the deletion" of data that is found to have been collected in violation of the new rules. The framework will be administered and monitored by the US Department of Commerce and the "US Federal Trade Commission will enforce US companies' compliance," the EC announcement said. EU residents who challenge data collection will have free access to "independent dispute resolution mechanisms and an arbitration panel." US companies can join the EU-US framework "by committing to comply with a detailed set of privacy obligations, for instance the requirement to delete personal data when it is no longer necessary for the purpose for which it was collected, and to ensure continuity of protection when personal data is shared with third parties," the European Commission said. The latest deal is expected to get challenged, according to the WSJ. European Parliament member Birgit Sippel, who is in Germany's Social Democratic Party, said the "framework does not provide any meaningful safeguards against indiscriminate surveillance conducted by US intelligence agencies," according to The New York Times.

The Computer & Communications Industry Association, which represents major tech companies like Amazon, Apple, Google and Meta, said: "Today's decision means that EU and US businesses will soon have full legal certainty again to transfer personal data across the Atlantic... Data flows are vital to transatlantic trade and the EU-US economic relationship, which is worth 5.5 trillion euros per year. Nevertheless, the two economies had been left without guidelines for data transfers after an EU Court ruling invalidated the previous framework back in 2020."