In December, BBB National Programs staff attended the Attorney General hearings on the California Consumer Privacy Act (CCPA). The CCPA hearings were in the style of a public forum, with staff from the California Attorney General’s office listening intently to community input. (Written comments were also accepted and can be downloaded here.) The hearings included business representatives from a wide variety of industries and businesses of all sizes. Even with such diversity of industry, testimony coalesced around three main themes: (1) implementation hurdles such as the narrow timeline, (2) the need for clarity, and (3) the risk of unintended consequences.
Most Americans are unsure about how their personal data is collected, used, and shared (collectively, processed) by companies, and desire government-mandated protections to ensure they are not harmed by this activity. In the absence of federal consumer privacy legislation, the California State Legislature has stepped in to protect its residents’ privacy. The California Consumer Privacy Act (CCPA) empowers state residents to learn more about how companies process their personal data, demand that companies delete their data, and prohibit companies from selling their data.
In today’s digital world, we carry around networked supercomputers that would make the machines that launched a rocket to the moon look laughable. The average user’s smartphone is packed with a number of apps: a weather app to tell them if it’s a good idea to throw on a rain jacket in the morning, a dating app to help them get a night on the town, a restaurant review app to help them choose a place to eat, their favorite map app to help them get to their destination, and a music app that contains a carefully-crafted library of songs and playlists.
Some of these apps use location data collected from a variety of sources— from triangulating cell towers, to WiFi signals, to the GPS satellite constellation (the network of 24 satellites that hovers over us 13,000 miles in space). That’s a lot of different ways to find out a user’s location!
Many of today’s tech-savvy children know that you must be at least 13 years old to use certain websites or mobile apps. This begs the question, is there a point to online age screening at all?
The Federal Trade Commission (FTC) is asking the same thing in its recent review of the regulations for the Children’s Online Privacy Protection Act (COPPA). In its last review in 2013, the FTC added a new category to the definition of “an online service directed to children” that allows operators that do not target children as their primary audience to age-screen and only comply with notice and consent requirements for users under 13. COPPA does not tell operators how to age-screen but does provide guidance in its publication, “Complying with COPPA: Frequently Asked Questions.” In the current review, the FTC asks whether the Rule should be more specific about the appropriate methods for determining the age of users.
Children’s privacy is a hot topic in the media these days. It may seem like a new concern but we at the BBB National Programs’ Children’s Advertising Review Unit (CARU) have been keeping an eye on it since the beginning.
CARU was established decades ago to promote responsible advertising to children at a time when advertising was mainly on television. The self-regulatory program and its guidelines were designed to adapt to changes in the marketing and media landscape – offline and online - so when concerns about online data collection practices arose, CARU was able to get a jump on it even before lawmakers could pass the federal Children’s Online Privacy Protection Act in 1998.
The Federal Trade Commission (“FTC” or “Commission”) recently requested public comment on its implementation of the Children's Online Privacy Protection Act (“COPPA”), through the Children's Online Privacy Protection Rule (“COPPA Rule” or “the Rule”).
They may be small, but mobile devices are powerful computers. And even though our smartphones may fit in the palm of our hands, we still expect them to act like regular computers, with icons for launching programs and menus full of easy-to-understand options and commands. So why shouldn’t consumer privacy controls look similar, too? The Digital Advertising Alliance followed this logic when it adapted its privacy Principles to the mobile environment in 2013, translating web-based privacy standards for interest-based ads (IBA) to the mobile environment.
Compliance activities and casework conducted by BBB NP's EU Privacy Shield Program from August 1, 2018 through July 31, 2019.
Our recent Chocolate decision may seem complicated; it actually serves as an illustration of some very basic responsibilities from the DAA Principles.
Collectively, companies’ responsibilities under the Principles all flow from two simple ideas. First, consumers need to know when interest-based advertising (IBA) happens on websites and mobile apps. Second, they should be able to opt out of it if they want to.
Dozens of senior U.S. and EU government officials gathered at the National Press Club in Washington last week for the Privacy Shield annual review. They were joined by officials from data protection authorities in Austria, Bulgaria, France, Germany and Hungary to discuss whether the three-year-old framework is functioning as intended.
Shining a Light on Dark Patterns: Tips for How to Avoid Misleading Web and App Design Processes that Cause Consumer Confusion
As the internet has evolved, website designers and mobile app developers have learned to take user experience very seriously. Thanks to these improvements in design, unattractive pages full of flashing “click me” banners with neon text are a thing of the past. However, not all design innovation is beneficial for end users. A phenomenon known as “dark patterns”—user interface designs meant to manipulate users into performing certain actions—is becoming more common.
You may have heard that the United Kingdom is expected to exit the European Union soon in a process that many are calling “Brexit.” (For background, this article offers a no-frills Brexit explainer.) The Brexit process continues to be politically contentious, and, though the U.K. is scheduled to leave the EU on March 29, 2019, it is not yet certain whether or not this will happen by that date, either partially or fully.
Data Privacy Day is an international effort to empower individuals to take ownership of their online presence and inspire businesses to respect privacy. To celebrate, we’re sharing tips companies and small businesses can use to help ensure that a website or online service complies with COPPA.