Top 5 Takeaways from the CCPA Hearings

In December, BBB National Programs staff attended the Attorney General hearings on the California Consumer Privacy Act (CCPA). The CCPA hearings were in the style of a public forum, with staff from the California Attorney General’s office listening intently to community input. (Written comments were also accepted and can be downloaded here.) The hearings included business representatives from a wide variety of industries and businesses of all sizes. Even with such diversity of industry, testimony coalesced around three main themes: (1) implementation hurdles such as the narrow timeline, (2) the need for clarity, and (3) the risk of unintended consequences. 

Continue reading

CCPA is Here: How to Update Your Privacy Policy

The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. If your business is covered under CCPA, you may need to update your public privacy policy. In this post, we focus on the main changes that most businesses can expect to make to their privacy policies in order to align them with the requirements of CCPA.* 

Continue reading

What is the California Consumer Privacy Act?

Most Americans are unsure about how their personal data is collected, used, and shared (collectively, processed) by companies, and desire government-mandated protections to ensure they are not harmed by this activity. In the absence of federal consumer privacy legislation, the California State Legislature has stepped in to protect its residents’ privacy. The California Consumer Privacy Act (CCPA) empowers state residents to learn more about how companies process their personal data, demand that companies delete their data, and prohibit companies from selling their data. 

Continue reading

Location Data and Privacy

In today’s digital world, we carry around networked supercomputers that would make the machines that launched a rocket to the moon look laughable. The average user’s smartphone is packed with a number of apps: a weather app to tell them if it’s a good idea to throw on a rain jacket in the morning, a dating app to help them get a night on the town, a restaurant review app to help them choose a place to eat, their favorite map app to help them get to their destination, and a music app that contains a carefully-crafted library of songs and playlists.

Some of these apps use location data collected from a variety of sources— from triangulating cell towers, to WiFi signals, to the GPS satellite constellation (the network of 24 satellites that hovers over us 13,000 miles in space). That’s a lot of different ways to find out a user’s location! 

Continue reading

Age Ain’t Nothing but a Number, Unless You Are Collecting It for Age-Screening Purposes

Many of today’s tech-savvy children know that you must be at least 13 years old to use certain websites or mobile apps. This begs the question, is there a point to online age screening at all? 

The Federal Trade Commission (FTC) is asking the same thing in its recent review of the regulations for the Children’s Online Privacy Protection Act (COPPA). In its last review in 2013, the FTC added a new category to the definition of “an online service directed to children” that allows operators that do not target children as their primary audience to age-screen and only comply with notice and consent requirements for users under 13. COPPA does not tell operators how to age-screen but does provide guidance in its publication, “Complying with COPPA: Frequently Asked Questions.” In the current review, the FTC asks whether the Rule should be more specific about the appropriate methods for determining the age of users.

Continue reading

How to Protect Children’s Privacy Beyond Parental Controls

Children’s privacy is a hot topic in the media these days. It may seem like a new concern but we at the BBB National Programs’ Children’s Advertising Review Unit (CARU) have been keeping an eye on it since the beginning.

CARU was established decades ago to promote responsible advertising to children at a time when advertising was mainly on television. The self-regulatory program and its guidelines were designed to adapt to changes in the marketing and media landscape – offline and online - so when concerns about online data collection practices arose, CARU was able to get a jump on it even before lawmakers could pass the federal Children’s Online Privacy Protection Act in 1998.  

Continue reading

App Publishers Privacy Tips

They may be small, but mobile devices are powerful computers. And even though our smartphones may fit in the palm of our hands, we still expect them to act like regular computers, with icons for launching programs and menus full of easy-to-understand options and commands. So why shouldn’t consumer privacy controls look similar, too? The Digital Advertising Alliance followed this logic when it adapted its privacy Principles to the mobile environment in 2013, translating web-based privacy standards for interest-based ads (IBA) to the mobile environment.

Continue reading

CARU Director, Dona J. Fraser to Speak at The Future of the COPPA Rule: An FTC Workshop

The Federal Trade Commission recently announced its agenda for its upcoming workshop: The Future of the Children's Online Privacy Protection Act (COPPA). The Children's Advertising Review Unit (CARU) was thrilled that its director, Dona J. Fraser was invited to speak on a panel about such an important topic. CARU is not only a safe harbor provider under COPPA but it was the first program to be deemed with the honor.

Continue reading

Like Data for Chocolate: Takeaways from a recent mobile video ads case

Our recent Chocolate decision may seem complicated; it actually serves as an illustration of some very basic responsibilities from the DAA Principles.

Collectively, companies’ responsibilities under the Principles all flow from two simple ideas. First, consumers need to know when interest-based advertising (IBA) happens on websites and mobile apps. Second, they should be able to opt out of it if they want to.

Continue reading

Shining a Light on Dark Patterns: Tips for How to Avoid Misleading Web and App Design Processes that Cause Consumer Confusion

As the internet has evolved, website designers and mobile app developers have learned to take user experience very seriously. Thanks to these improvements in design, unattractive pages full of flashing “click me” banners with neon text are a thing of the past. However, not all design innovation is beneficial for end users. A phenomenon known as “dark patterns”—user interface designs meant to manipulate users into performing certain actions—is becoming more common.

Continue reading

Why Brexit Matters to Your Privacy Shield Business

You may have heard that the United Kingdom is expected to exit the European Union soon in a process that many are calling “Brexit.” (For background, this article offers a no-frills Brexit explainer.) The Brexit process continues to be politically contentious, and, though the U.K. is scheduled to leave the EU on March 29, 2019, it is not yet certain whether or not this will happen by that date, either partially or fully.

Continue reading