•  

Privacy Insider newsletter: April 20, 2021

  • by Angelique Carson
  • last updated April 20, 2021
  • 4 min read
Privacy Insider newsletter: April 20, 2021

Welcome to Privacy Insider, a round-up of the week's most important stories.

Last week, I wrote to you about the class-action settlement between private citizens and companies, including Disney, Viacom and Comcast. The companies and some of their partners got in trouble for tracking kids online and collecting their data without consent. It's not a story that a ton of my "privacy friends" are tweeting. But it seems like a huge deal. Even the New York Times said the settlements could "reshape the children's app market." So I've been thinking about why it's not making a bigger splash. 

Looking at it from my tiny bubble, I realize I've always ignored children's privacy issues. After all, I don't have any kids. And I don't have any big plans to have any soon. (After all, taking a husband is hard enough. When you cast a global pandemic on the dating scene, finding a partner becomes a project for another year.) 

But I've always loved the Ghandi quote, "The true measure of any society can be found in how it treats its most vulnerable members." I think I wasn't attracted to children's privacy issues because it seemed they didn't apply to me. It was someone else's battle to fight for the sake of their offspring. But that's not true. 

The way children are cared for and protected by a company says a lot about not only its values but also the competitive ecosystem they're operating within. When sites or apps surreptitiously track children, they're often doing so because they can get away with it. And if it's a well-known secret that many of their peers are too, it doesn't seem so naughty. But that illustrates decision-making based not on respect for the customer but this grab-all-the-data-you-can frenzy. We've all heard the expression "data is the new oil," and getting a hold of children's data doesn't take much digging if you're thwarting parental consent and following them around the web because your software happens to allow it. 

If we care about profit more than we care about protecting some of the most vulnerable — the little kids with their runny-noses and pigtails and incessant questions — how do you think these companies view their duties to you and me? We're way less cute. And we've got credit card data on our persons. 

Curious about privacy? Find out how Osano automates compliance & saves you time! Learn more

For more on why the settlements could significantly impact the adtech ecosystem, see my new feature below. It was a super fun story to write.

Enjoy reading, and I'll see you next week! 


  1. Leaked draft indicates EU seeks to ban AI for mass surveillance In a leaked draft that made the rounds on Twitter last week, the EU indicated plans to ban artificial intelligence (AI) for specific uses, The Verge reports. The draft suggests the EU aims to forbid AI-deployment for the purposes of mass surveillance and social credit scores. The regulations also indicate member states would be required to set up “assessment boards” to test “high-risk AI systems.” Companies that illegally develop or sell prohibited AI technology could face fines up to 4% of their global revenue, the report states.
    Read Story

    2. Irish privacy regulator investigating Facebook breach affecting 533 million

    The Irish Data Protection Commissioner has launched an investigation into Facebook’s data breach, reported earlier this month. The breach affected some 533 million users globally. The DPC said in a statement that based on information Facebook Ireland provided, the regulator is “of the opinion that one or more provisions of the GDPR and/or the Data Protection Act 2018 may have been, and/or are being, infringed in relation to Facebook Users’ personal data.” Facebook said it’s fully cooperating with the investigation.
    Read Story

    3. Settlement indicates SDKs are on the hook for privacy

    April 13, a California judge approved settlements in three separate class-action lawsuits involving Disney, Viacom, Comcast and several adtech firms. The settlement doesn’t include monetary relief, but it does require the companies to make changes to their databases and processes to prevent them from collecting children’s data without parental consent or tracking children online. Some say the settlement will impact the entire adtech ecosystem.
    Read Story 

    Try Osano Free!

    4. EU, US officials getting serious on Privacy Shield replacement

    As companies eagerly await a new proposal, EU and U.S. officials are “intensifying negotiations” on a cross-border data flow framework, CNBC reports. The European Court of Justice invalidated the Privacy Shield agreement in 2020 in what’s referred to as the Schrems II judgment. Privacy Shield replaced the Safe Harbor agreement, which the court also struck down. Neither mechanism protected Europeans from mass surveillance, the court reasoned. 
    Read Story

    5. Florida aims to join Virginia, California in passing state privacy law

    Despite pushback from industry, privacy bills in the Florida House and Senate will see final votes this week. Businesses are unhappy with the House bill in question (HB 1734) because it would allow private citizens to sue them for data privacy violations, the Herald-Tribune reports. But the bill’s sponsor says the time has come to regulate given that, “We all sort of feel uncomfortable about the role technology has in our lives without us knowing what’s going on.” 
    Read Story

    6. Perhaps the most misunderstood privacy law: HIPAA

    In an explainer, Vox discusses one of the most commonly misunderstood and misspelled information privacy laws: HIPAA. While the Health Insurance Portability and Accountability Act does include privacy provisions, they’re much more narrow than people believe. HIPAA applies only to covered entities, like doctors and pharmacies, as well as their contracted third parties. But the pandemic revealed all kinds of misunderstandings about the law, including that individuals could opt-out of mask mandates because of it. 
    Read Story

About The Author · Angelique Carson

Angelique Carson is the Director of Content at Osano, a B-corp privacy platform that makes compliance with privacy laws easy for companies of all sizes. She is a professional writer and editor who has worked in journalism and publishing for more than ten years. Previously Angelique was an editor at the International Association of Privacy Professionals and the host of The Privacy Advisor Podcast. She lives in Washington, D.C., with her puppy Miles.