CDP Institute

The US Federal Trade Commission (FTC) has just published the updated and more forceful rule for the Children’s Online Privacy Protection Act (COPPA), putting more pressure on businesses, apps and websites to protect children’s privacy and data confidentiality. The stronger rules, which will go into effect this summer, include new disclosure requirements, required creation of information security programs, and additional restrictions designed to keep data from being shared with advertisers and data brokers.

This has also impacted ~20% of its agency workforce who were told to stay home while corrections are being implemented.

New word for a growing concern.

The Roblox game platform raised major alarms previously about kid safety and, while it has new tools to give parents more control over kids’ accounts, Researching Reality agency’s research revealed there are still serious loopholes exposing kids to adult predators.

Total recall! If you ever discussed it, now ChatGPT can draw upon it, tailor its responses and, after factoring in interests you have, can personalize just for you. In the past you could just tell it some things to remember, but now anything goes. And for those for whom privacy’s not much of a thing and don’t worry about breaches etc., this feature and similar ones expected from Apple, Google, Microsoft and other major players will offer hyper-personal assistants.

No go for Ohio’s Social Media Parental Notification Act, which had passed but just was struck down by a federal judge thanks to lawsuit brought by trade group NetChoice, the company that blocked similar laws in California, Arkansas, and Utah. So, Ohioans are safe from protecting children from social media – and business there can thrive even more.

The game-centric social media platform has been sued by the state attorney general for alleged violation of state consumer fraud laws. Specifically, the state claimed Discord obscured risks children faced on the platform and was ambiguous about its safety settings.

The ”traveling cookies” argument against Shopify attracted bipartisan support from a group of 30 states plus Washington, D.C., and, if successful, this has the potential to reset the bar for similar lawsuits to be brought against global companies.

While most U.S. courts have blocked age verification laws aimed at limiting minors’ access to social media, the U.S. Fifth Circuit vacated a lower court’s injunction on the Mississippi version, citing the lower court’s failure to provide a detailed factual analysis as required by a recent Supreme Court ruling. Apparently the Fifth Circuit believes there’s no urgency to protecting First Amendment rights.

Ireland’s Data Protection Commission (DPC) has begun an inquiry into whether the data of EU citizens has been unlawfully processed by Elon Musk’s X. Concern is that personal data being used to train X’s AI assistant, Grok large language models (LLM).

Intrusiveness got you worried? DOGE is raising the bar for privacy advocates and US citizens on reasons they should be concerned as it pursues mandates to root out data across departments and to link their databases for more comprehensive profiles on individuals. The recent New York Times article scarily lists more than 300 fields of data this can easily include and points out people who provided their information believed it would not be shared or combined outside the individual agency.

Utah passed three bills aimed at controling children’s data and device use. The App Store Accountability Act requires app stores to verify user ages and obtain annual parental consent for minors; the Data Sharing Amendments Act gives users rights to delete or transfer data and to obtain consent before sharing; and SB178 prohibits use of personal devices during class.