CDP Institute

The French government has announced creation of a Children Online Protection Laboratory with the goal of improving kids’ online safety globally. This continues a key priority of French President Emmanuel Macron, who made online protection of minors a key plank of his re-election campaign. The charter for the Children Online Protection Laboratory states it will explore, promote, develop and evaluate solutions to improve safety in the digital environment, and it will respect the fundamental rights that are enshrined in the UN Convention on the Rights of the Child. Plans are... Read More >

An Amsterdam court ruled a Dutch civil class action led by rights groups Take Back Your Privacy (TBYP) and Consumentenbond against TikTok can proceed. Claims are that the Chinese company violated the privacy of 1.5 million children because it illegally collects their personal data – so the suit looks to obtain a minimum of €1,000 per child.

Many of the most engaging and affordable ones are made in China and have AI built in. Remember, that country’s laws require companies to give the government access to their data through national security audits.

The country requires visitors to download two spyware apps, Ebteraz, a COVID tracker and Hayya, which permits fans access to sports stadiums and allows people to use metro transportation systems. Several EU nations advised travelers to use caution there, since it’s known data is shared with the government.

Additionally, the IMDA is proposing a fine of as much as S$1 million for sites that won’t comply with its practices.

TikTok’s new revised privacy policy, which will be live December 2, confirms that EU, UK and Swiss user data will be available to its employees in other countries, including in Brazil, Canada, China, Israel, Japan, Malaysia, the Philippines, Singapore, South Korea and the US for a variety of uses. These include checking algorithmic performance, recommending content to users, and detecting issues with automated accounts. The availability of even limited data to China has been a concern, and the Irish DPO which has jurisdiction over TikTok, has been investigating its data... Read More >

Oversight or looking the other way? One way or another, the UK’s Department of Education (DIE) now has a black mark on its record for allowing the data of 28 million students as young as 14 to be available to companies in the gambling industry. The UK’s Information Commissioner’s Office (ICO) accused the DIE of a serious breach, which if the agency had been a business could have led to fines up to £10 million (US$11.45 million). This happened because the DIE shared education records with third-party data training company,... Read More >

The UK Information Commissioner’s Office (ICO) has provided new guidance on direct and email marketing. This includes clear definition of what constitutes electronic mail marketing and specifics about compliance, including the extent and types of consent needed, what can be tracked, and what provisions must be made for opt-outs and data transfers.

Exterro’s Privacy Compliance Readiness Survey, of executives at enterprise-level companies found alarming indicators of unpreparedness both with knowing their data inventory and having processes in place to comply with privacy regulations.  Forty-five percent said they rely on manual survey methods to keep data updated and 44% report using ad hoc or poorly defined processes for compliance.

The Children’s Advertising Review Unit (CARU) of BBB National Programs advised Gameloft its Disney Getaway Blast app is not in compliance with the Children’s Online Privacy Protection Act (COPPA), nor does it adhere to CARU’s Self-Regulatory Guidelines. CARU’s concern is that the app for ages 4-up has a setting that can be enabled by children and allows personal data collection without notifying parents or obtaining consent. CARU also found in-app ads and use of in-app rewards and game boosters. These are seen as manipulative tactics designed to get kids to... Read More >

This is in violation of the state’s Biometric Information Privacy Act (BIPA).