Privacy Insider: September 21, 2021

The Wall Street Journal published a devastating report about the brutal impact social media apps like Instagram have on teens last week, reigniting calls from both Democrats and Republicans about child safety. They've called for a hearing with witnesses from Facebook, TikTok, Snapchat, Twitter and YouTube to talk about why they're maybe not telling the truth when they say they're good at keeping kids safe online. 

The WSJ report specifically focused on depression and anxiety, but its spotlight also illuminated -- again -- that industry has to do better for kids. And that includes data privacy. 

If you're running an app that collects data from children or even maybe could, looking at the news from a bird's eye view starts to paint a picture, you know? In both the EU and the U.S., regulators are closing in on how companies treat kids. And with good reason! They're tiny drunk adults. They don't know what they're consenting to! Remember that four-year-old boy who used his mom's phone and ordered 918 SpongeBob popsicles to his aunt's house? Come on; we can't have people asking them for sensitive information about themselves. 

Here's a brief snapshot of what I'm talking about. This week, a marketing analytics report found that of the apps Google and Apple removed from their platforms, 86% were targeted at children. The platforms understand the risks now. After all, YouTube and Google paid $170 million for violating U.S. children's privacy law two years back. 

Here's a shortlist of the big picture: 

• Last week, in the U.S., the Federal Trade Commission made changes to streamline its investigations on enforcement of children's privacy, among other areas. 
• On Sept. 1, the 12-month grace period for coming into compliance with the U.K.'s "design code" expired. The code aims to protect kids online. That means the U.K. Information Commissioner's Office is now expecting organizations to comply with the 15 standards. A level of "high privacy" should be the default if it's suspected the user is a child, the code states. Specifically, organizations aren't to collect their location nor profile. Importantly, the ICO warned against "dark pattern designs," in which a business gives users a choice but designs in a way that aims to push users toward the option more favorable to your needs. While the code isn't law, the ICO has indicated if you comply with the code, you're much closer to complying with U.K. privacy law. 
• Facebook announced this week it's launching an investigation into how TikTok handles children's data. TikTok announced its offering educational resources to help parents set controls within the app for children 13 and under. 
• Facebook and Instagram said they'd stop ad targeting users under the age of 18. 
• Sens. Ed Markey, D-Mass., and Bill Cassidy, R-La., proposed an update to U.S. children's privacy law (COPPA) that would change the age of children protected from children under 12 to children under 16. 
  
  

As I said, this is a brief list, but I know I only have your attention for like five minutes max. But perhaps it's enough evidence to indicate that the regulatory space on children's safety, including their data privacy, has turned up to another level. And while the focus is on Big Tech, the changes they're making provide some solid insight into what it seems the regulators want to see. And that should matter to your company if you're collecting children's data.

Enjoy reading, and I'll see you next week!

Report: 86% of delisted apps targeted children 

According to a report from advertising analytics firm Pixalate, platforms are increasingly policing their app stores. While "delisting" an app is not publicly reported, the H1 2021 Delisted Apps Report looked at the more than 5 million apps and app developers delisted from the Google Play Store and Apple App Store from January 1 to June 30, 2021. It found that 59% of Apple and 25% of Google apps removed didn't have a privacy policy. In addition, it found that 86% of the apps removed were targeted at children. 
Read Story

Google to deploy Android app-permissions wipeout 

Android apps users haven't engaged with for a while will soon automatically lose their permissions to access sensitive device features, ZDNet reports. Google is planning to more widely deploy its "permissions auto-reset," a privacy feature that undoes apps' previously granted permissions to access a phone's camera, location and microphone, among other features. While Google released the feature in Android 11 last year, it will expand availability to billions of more devices via GooglePlay. 
Read Story

With no progress on federal law, Senators tell FTC to write privacy rules

Nine U.S. Senate Democrats have called on the Federal Trade Commission to write new rules on consumer data privacy, The Verge reports. Sen. Richard Blumenthal, D-Conn., sent a letter signed by eight of his colleagues to FTC Chair Lina Khan Monday, asking that the agency begin a rulemaking process on privacy. "Consumer privacy has become a consumer crisis," the lawmakers wrote. Without a U.S. privacy law, the FTC is the de facto consumer privacy enforcer and has the authority to create rules on data collection and privacy, among other categories, under Section 5 of the FTC Act. 
Read Story  

DPC investigates TikTok data transfers, warns Facebook on Ray-Bans

The Irish Data Protection Commission (DPC) has opened two inquiries into Chinese video-streaming platform TikTok, TechCrunch reports. The DPC is investigating TikTok's data transfers to China to ensure they're legal under the EU General Data Protection Regulation. It's also looking at how TikTok handles children's data. In addition, the DPC says it has asked Facebook to ensure that its new Ray-Ban smart glasses, capable of recording video, properly notify people that they're being recorded with an indicator light.  
Read Story

Here's how marketers should pivot after the latest Apple iOS update

Apple's most recent software update started rolling out to users Monday. The iOS15 changes include privacy features aimed at giving users more control over their data. And that will make targeted advertising more difficult. This article from The Drum suggests where developers and marketers should focus in light of the changes. 
Read Story

Will the US and EU reach a new deal on data flows? Depends who you ask

Last July, the European Union's highest court canceled Privacy Shield, the data-transfer agreement between the EU and U.S. Since then, negotiators have been trying to come to a new agreement to allow companies to transfer data out of the EU. If you ask U.S. officials, they say a deal is within sight and predict an agreement by September's end. But if you ask EU officials, they "argued that an agreement before the end of the year would already be a coup," Politico reports. 
Read Story