National Public Data faces a $46,000 fine from the California Privacy Protection Agency for failing to register as a data broker and pay an annual fee, the CPPA said Thursday. It's the CPPA’s sixth action stemming from an investigative sweep of California Delete Act compliance that it announced Oct. 30.

Last October, the CPPA Enforcement Division filed a claim against the Florida-based data broker in the U.S. Bankruptcy Court for the Southern District of Florida, alleging that the company had to pay an administrative fine for failing to register with the CPPA, the agency said. The company had filed for bankruptcy after confirming that a data breach in April 2024 exposed 2.9 billion records, including names and social security numbers. Since the court dismissed the company’s bankruptcy petition, the Enforcement Division has filed an administrative action against National Public Data to recover the $46,000 fine, the CPPA said.

Under state law, data brokers must pay $200 every day they fail to register with the CPPA. Companies that operated as data brokers in 2023 were required to register on Jan. 31, 2024, but National Public Data registered 230 days late, on Sept. 18, the CPPA alleged.

“We will pursue data brokers who violate the law, plain and simple,” said Michael Macko, CPPA enforcement head. “The Enforcement Division will use all available tools, including litigation, to make sure that data brokers aren’t operating in the dark.”

National Public Data has closed, according to its website.

A unanimous U.S. Supreme Court on Friday upheld a law forcing ByteDance to divest TikTok, citing Congress’ “well-supported national security concerns.”

After oral argument Friday, the court in its “expedited" decision said TikTok’s “scale and susceptibility to foreign adversary control, together with the vast swaths of sensitive data the platform collects, justify differential treatment to address the government’s national security concerns.”

Free speech standards are satisfied because the regulation “promotes a substantial government interest that would be achieved less effectively absent the regulation” and it does not “burden substantially more speech than is necessary.”

The court said TikTok offers a “distinctive and expansive outlet for expression, means of engagement, and source of community” for 170 million users in America, but Congress “has determined that divestiture is necessary to address its well-supported national security concerns regarding TikTok’s data collection practices and relationship with a foreign adversary.”

TikTok didn’t immediately comment. ByteDance attorney Noel Francisco argued Friday that Congress could have passed a less restrictive law banning the company from sharing sensitive data with ByteDance or China. The law's divestment deadline goes into effect Sunday.

The FTC is finalizing changes to its children’s online privacy regulations “to set new requirements around the collection, use and disclosure of children’s personal information and give parents new tools and protections to help them control what data is provided to third parties about their children,” it said in a Thursday news release.

Under the long-awaited final rule, websites and online service operators covered by the Children’s Online Privacy Protection Act (COPPA) will be required to get opt-in parental consent before disclosing children’s personal information to third-party companies for targeted advertising or other purposes. The rule also sets limits on data retention, and requires FTC-approved COPPA Safe Harbor programs to disclose membership lists and other information. The commission voted 5-0 to finalize the changes.

The FTC declined to adopt proposed requirements that would have limited the use of push notifications to children without parental consent, as well as changes involving requirements for educational technology companies operating in schools.

The changes to the FTC’s COPPA regulations take effect 60 days after publication in the Federal Register. Entities subject to the final rule then will have a year to come into full compliance with most provisions, though compliance is required earlier for provisions involving COPPA Safe Harbor programs. A Federal Register publication date has not yet been scheduled, the FTC said.

“The updated COPPA rule strengthens key protections for kids’ privacy online,” said FTC Chair Lina Khan in the news release. “By requiring parents to opt in to targeted advertising practices, this final rule prohibits platforms and service providers from sharing and monetizing children’s data without active permission. The FTC is using all its tools to keep kids safe online.”