Category Archives: Privacy Abbreviated

COPPA 3.0? Privacy Updates for Kids, Tweens and Teens

Privacy Abbreviated

Podcast (privacyabbreviated): Play in new window | Download (Duration: 44:17 — 61.2MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

Join us for this episode of Privacy Abbreviated, where Dona Fraser is joined by Rukiya Bonner, Director, Children’s Advertising Review Unit, BBB National Programs to discuss a year in children’s privacy in review. Dona and Rukiya break down the FTC’s COPPA Rule revisions, what new legislation has been proposed, what those proposals mean for businesses (including consideration of teen users), and predictions on what could be coming next.

Dona and Rukiya’s conversation highlights the challenges of balancing privacy and safety, navigating targeted advertising, and the importance of proactive measures for companies operating in this space. Key takeaways emphasize the need for vigilance, transparency, and the adoption of best practices in privacy compliance.

Chapters

[00:00] Introduction to Children’s Online Privacy

[03:30] Current Legislative Landscape for Children’s Privacy
[06:03] Understanding COPPA in All Forms
[12:26] The Role of Safe Harbors 
[18:44] State-Level Privacy Laws and Their Implications
[23:55] Challenges in Balancing Privacy and Safety
[28:56] Navigating Targeted Advertising and Data Privacy
[37:38] Key Takeaways for Companies in the Children’s Space

Key Takeaways

  • The definition of a child is crucial in privacy discussions.
  • Legislative proposals are increasing but progress is slow.
  • COPPA 1.0 remains the law, with updates anticipated in 2025.
  • Verifiable parental consent is evolving with technology.
  • Safe harbors provide essential compliance support for companies.
  • State-level laws are creating a complex patchwork for compliance.
  • Balancing privacy and safety is a significant challenge.
  • Targeted advertising must comply with strict regulations.
  • Companies should prepare for the upcoming changes in legislation.
  • Engaging with third-party vendors is critical for compliance.

 

Privacy Year In Review: Laws, the Impact, and the Elephant in the Room

Privacy Abbreviated, , ,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 43:52 — 60.5MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

For the season finale of Privacy Abbreviated, host Dona Fraser is joined by her friend Morgan Reed, President of The App Association to discuss a year in review of privacy. Dona and Morgan discuss it all, from major developments in regulatory and enforcement actions, the need for comprehensive U.S. privacy and understanding of global privacy laws, to children’s privacy and the 50-foot elephant in the room, AI. 

On each topic, Dona and Morgan focus on what the current state means for business, provide some practical advice, and outline where they see the privacy world evolving on the road ahead. 

Donna and Morgan discuss the evolving landscape of privacy regulations, focusing on the challenges faced by small and medium-sized businesses. They explore the implications of federal and state privacy laws, the impact of AI on data privacy, and the need for comprehensive reform to protect consumer expectations while supporting business growth. 

 

Key Takeaways:

  • Small businesses don’t want to be small forever, but they also don’t have the bandwidth and resources to scale AND comply.
  • The lack of a unified federal privacy law complicates compliance.
  • AI is a significant factor in shaping future privacy legislation.
  • State laws create a complex patchwork for businesses to navigate.
  • Consumer expectations must guide data practices.
  • Businesses need to understand their data-sharing practices.
  • Clear guidance on privacy laws is essential for compliance.

Chapters:

00:00 Introduction to Privacy Trends
03:06 Challenges for Small and Medium-Sized Businesses
05:57 Federal Privacy Legislation: Current Landscape
08:51 The Impact of AI on Privacy Regulations
12:14 State Privacy Laws and Their Implications
15:00 The Role of AI in Data Privacy
18:05 Navigating Privacy in a Complex Regulatory Environment
20:57 The Future of Privacy Legislation
24:12 Concluding Thoughts on Privacy and Business

Additional Resources:

Enjoyed this episode? Get caught up on past seasons of Privacy Abbreviated and subscribe to never miss an episode. Learn more about BBB National Programs’ Privacy Initiatives.

Making Sense of AI Governance

Privacy Abbreviated, , ,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 39:36 — 54.4MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

On this episode of Priv, Miles Light, BBB National Programs’ Senior Counsel for Youth, Privacy, & Technology steps into the role of host for this conversation, joined by Brenda Leong, a partner at Luminos.Law to discuss the responsibilities and requirements of artificial intelligence (AI), in privacy and beyond. 

AI technology does not only affect the privacy vertical – it is a cross functional challenge. Miles and Brenda discuss AI governance and policies, laws and regulations, and operational considerations within a company, including the role of humans in a world of algorithms and machine learning. 

They discuss the importance of understanding the unique requirements and responsibilities of AI, the need for cross-functional communication and collaboration, and the key themes of accountability, fairness, and transparency in AI regulation. They also explore the role of governance policies and contracts in managing AI risks and the potential for renegotiating contracts to address the expectations and liabilities associated with AI.

Key takeaways:

  • [2:07] AI deployment presents unique legal challenges and compliance headaches that require careful consideration and management.
  • [05:18] Understanding the requirements and responsibilities of AI is essential for both privacy professionals and AI professionals.
  • [09:02] Cross-functional communication and collaboration are crucial for effectively addressing AI risks and ensuring responsible AI governance.
  • [13:20] The key themes of accountability, fairness, and transparency are central to AI regulation and risk management.
  • [20:24] Governance policies and contracts play a critical role in managing AI risks and establishing liability and expectations.

Likely to be Accessed: Do You Know Who Your Users Are?

Privacy Abbreviated, , ,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 35:33 — 49.1MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

Join us for this episode of Priv, where our host Dona Fraser, Senior Vice President of Privacy Initiatives at BBB National Programs, is joined by Phyllis Marcus of Hunton Andrews Kurth to discuss the broad operational, financial, and logistical impacts and challenges of trying to protect both children and teens online under the same laws and regulations. 

Marcus and Fraser explain the current regulatory landscape and unpack the evolution of children’s privacy laws, including COPPA. They discuss the increasing number of legislative proposals at both the state and federal level and explore challenges businesses face today related to verifiable parental consent, examine proposed technological solutions like biometrics, and discuss the responsibility of third-party operators. 

The conversation includes a look at age-appropriate design codes and the shifting responsibility from parents to the entire ecosystem, as well as, third-party liability and the role platforms play in protecting children’s privacy. The conversation concludes with a discussion on the potential future of children’s privacy laws.

Additional Resources:

Key Takeaways:

  • (02:41) Children’s Privacy Landscape – Children’s privacy laws, such as COPPA, have evolved over time to address the challenges posed by new technologies and online platforms.
  • (06:30) Shifting Responsibility – The responsibility for protecting children’s privacy is shifting from parents to the entire ecosystem, including platforms and service providers.
  • (13:17) Verifiable Parental Consent – Verifiable parental consent is a key consideration for companies that collect personal information from children, and there are various mechanisms available to obtain consent.
  • (20:30) Third-Party Liability – Third-party liability is an important aspect of children’s privacy laws, holding not just first-party operators but also third parties accountable for compliance.
  • (32:23) Holding Platforms Accountable – The role of platforms in protecting children’s privacy is still evolving, with discussions around consent management and the sharing of age information.
  • (39:39) A Look to the Future – The future of children’s privacy laws is uncertain, with potential updates to COPPA and ongoing debates about the role of federal and state legislation.

Breaking Down AdTech: Cookies and Pixels and SDKs, Oh My!

Privacy Abbreviated, , ,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 41:14 — 56.7MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

Join us for this episode of Priv, where Dona Fraser is joined by Miles Light, Senior Counsel, Youth Privacy & Technology at BBB National Programs for an adtech block party. Cookies, pixels, and SDKs are all invited.

Appropriate for beginners and privacy pros, this podcast breaks down the most talked about issues in the adtech space, including the impact of the death of the cookie, the focus of regulators on the pixel, lessons learned from recent cases related to software developer kits (SDKs), what all of this looks like for children and teens, and what the legislative and regulatory road ahead looks like.  

Dona and Miles cover three main problems facing the ad tech industry: regulatory pressures, legislative pressures, and litigation. The conversation delves into the tracking technologies used in ad tech, such as cookies, pixels, and SDKs, and the implications of their use. They also explore the state and federal laws that impact ad tech, including the challenges of compliance and the varying approaches taken by different states. The episode concludes with a discussion on ongoing litigation related to ad tech tracking and the importance of auditing websites and cross-functional collaboration.

Key Takeaways:

  • (03:05) The adtech industry faces challenges from regulatory pressures, legislative pressures, and litigation. Regulatory bodies are increasingly scrutinizing the adtech sector to ensure consumer privacy and data protection. Legislative measures, such as GDPR and CCPA, and ongoing lawsuits also contribute to the complexity and risk within the industry.
  • (10:09) Tracking technologies like cookies, pixels, and SDKs are used in adtech to log consumer behavior online. These tools collect data on user interactions and preferences, enabling targeted advertising and personalized user experiences. However, their usage has raised significant privacy concerns and regulatory scrutiny.
  • (13:44) State and federal laws impact adtech, and compliance can be complex and varied. Different regions and jurisdictions have their own data protection laws, making it challenging for ad tech companies to navigate and ensure compliance. This patchwork of regulations requires companies to stay informed and adapt their practices continuously.
  • (27:27) Ongoing litigation related to adtech tracking raises questions about consent and liability. Legal cases often focus on whether consumers have given informed consent for their data to be collected and used. These lawsuits can result in significant penalties and drive changes in industry practices.
  • (38:27) Companies should regularly audit their websites and ensure cross-functional collaboration to address privacy challenges in adtech. Regular audits help identify and mitigate potential privacy risks and ensure compliance with relevant laws. Cross-functional collaboration between legal, IT, and marketing teams is essential to effectively manage these challenges and implement comprehensive privacy strategies.