Use Kid Gloves With Kid Data, New Privacy Laws Say
The FTC's alleged investigation of YouTube's data processing of young viewers is part of a growing effort internationally to safeguard what and how children's data is being collected and used, said an attorney.
June 24, 2019 at 06:00 AM
3 minute read
Lawyers and regulators agree: Err on the side of caution when collecting underage children's data.
Although the Children's Online Privacy Protection Act is currently the only U.S. law specifically addressing the collection of children's personally identifiable information for marketing purposes, data privacy regulations that extend identical protections to children and adults are spreading.
The greater focus on children's data regulation comes after the Federal Trade Commission allegedly opened an investigation into YouTube over its practice of collecting children's data, and Amazon was hit with a plaintiffs class action alleging its Echo Dot Kid's device illegally records children without prior parental consent.
Odia Kagan, a Fox Rothschild partner and chair of its General Data Protection Regulation compliance and international privacy group, said beyond the U.S., international regulators are loudly proclaiming children's privacy to be a top concern.
Kagan highlighted that France's data authority, the National Commission of Computing and Freedoms, listed in its annual activity report minors' data as one of its top two concerns for 2019. Likewise, Ireland's Data Protection Commission assembled a campaign targeting children and their parents to better understand youngsters' data privacy rights.
In the European Union, the GDPR extends to children, requiring companies collecting and processing their data to follow extra requirements.
Kagan explained that these requirements include parental consent for collection and clear data collection notices. Plus, companies will have to deploy a data protection impact assessment whenever a child's data is processed. These assessments are normally required for data processing likely to result in a high risk to individuals.
A DPIA describes the nature, scope, context and purpose of the processing; assess necessity and compliance measures; identifies and assess risk to individuals and other risk measurements, according to the U.K.'s Information Commissioner's Office.
Those specifications make collecting children's data a highly watched endeavor by EU regulators, Kagan said. “For kids whenever possible, don't [collect the data] unless you really need it.”
Bob Braun of Jeffer Mangels Butler & Mitchell echoed that advice. With underage U.S. children, which COPPA defines as someone 13 or younger, and minors younger than 18, he said “to be doubly careful” when collecting their data and “err on the side of requesting parental consent.”
While COPPA was enacted by Congress in 1998, Braun said the upcoming California Consumer Privacy Act's parental consent requirements will force more companies to “wake up” to the challenges of collecting parental consent.
“How they collect and store data, how it gets in and out of the company, figuring that out is necessary to know how you get consent,” he said.
Still, while companies look for a parental consent solutions, Braun noted the CCPA also provides a straightforward approach to a data subject's ability to prevent the transfer or selling of data after the original collector files bankruptcy or dissolves.
Under the CCPA, while the individual couldn't dictate how a company uses the data internally, they can prevent the selling or transferring of their data externally. Without the CCPA's protections, the privacy permissions of an acquiring company would apply, Braun said.
Outside of California's CCPA, if a defunct or bankrupt company had no privacy contract between data sellers, the circumstances to sell the data would still have to be reviewed to ensure it doesn't violate bankruptcy law, he said.
|This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Marriott to Pay $52M, Upgrade Cybersecurity to Settle Probes Into 3 Big Breaches
Judges Say Social Media and Political Polarization Puts Them in Danger
ClioCon 2024 Takeaways: Navigating Law Firms' AI Future
Just 11% of Legal Departments Predict Gen AI Will Be 'Transformative,' as Its Honeymoon Phase Fades
7 minute readTrending Stories
Who Got The Work
Dechert partners Andrew J. Levander, Angela M. Liu and Neil A. Steiner have stepped in to defend Arbor Realty Trust and certain executives in a pending securities class action. The complaint, filed July 31 in New York Eastern District Court by Levi & Korsinsky, contends that the defendants concealed a 'toxic' mobile home portfolio, vastly overstated collateral in regards to the company's loans and failed to disclose an investigation of the company by the FBI. The case, assigned to U.S. District Judge Pamela K. Chen, is 1:24-cv-05347, Martin v. Arbor Realty Trust, Inc. et al.
Who Got The Work
Arthur G. Jakoby, Ryan Feeney and Maxim M.L. Nowak from Herrick Feinstein have stepped in to defend Charles Dilluvio and Seacor Capital in a pending securities lawsuit. The complaint, filed Sept. 30 in New York Southern District Court by the Securities and Exchange Commission, accuses the defendants of using consulting agreements, attorney opinion letters and other mechanisms to skirt regulations limiting stock sales by affiliate companies and allowing the defendants to unlawfully profit from sales of Enzolytics stock. The case, assigned to U.S. District Judge Andrew L. Carter Jr., is 1:24-cv-07362, Securities and Exchange Commission v. Zhabilov et al.
Who Got The Work
Clark Hill members Vincent Roskovensky and Kevin B. Watson have entered appearances for Architectural Steel and Associated Products in a pending environmental lawsuit. The complaint, filed Aug. 27 in Pennsylvania Eastern District Court by Brodsky & Smith on behalf of Hung Trinh, accuses the defendant of discharging polluted stormwater from its steel facility without a permit in violation of the Clean Water Act. The case, assigned to U.S. District Judge Gerald J. Pappert, is 2:24-cv-04490, Trinh v. Architectural Steel And Associated Products, Inc.
Who Got The Work
Michael R. Yellin of Cole Schotz has entered an appearance for S2 d/b/a the Shoe Surgeon, Dominic Chambrone a/k/a Dominic Ciambrone and other defendants in a pending trademark infringement lawsuit. The case, filed July 15 in New York Southern District Court by DLA Piper on behalf of Nike, seeks to enjoin Ciambrone and the other defendants in their attempts to build an 'entire multifaceted' retail empire through their unauthorized use of Nike’s trademark rights. The case, assigned to U.S. District Judge Naomi Reice Buchwald, is 1:24-cv-05307, Nike Inc. v. S2, Inc. et al.
Who Got The Work
Sullivan & Cromwell partner Adam S. Paris has entered an appearance for Orthofix Medical in a pending securities class action arising from a proposed acquisition of SeaSpine by Orthofix. The suit, filed Sept. 6 in California Southern District Court, by Girard Sharp and the Hall Firm, contends that the offering materials and related oral communications contained untrue statements of material fact. According to the complaint, the defendants made a series of misrepresentations about Orthofix’s disclosure controls and internal controls over financial reporting and ethical compliance. The case, assigned to U.S. District Judge Linda Lopez, is 3:24-cv-01593, O'Hara v. Orthofix Medical Inc. et al.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
