.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Ch-Ch-Ch-Changes
Hello all, and thanks for reading today.
Read Now
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Hello all, and happy Thursday!
As one might guess, COPPA 2.0 merely serves as an update to COPPA (1.0). KOSA, however, may serve as more of a sea change for children’s data privacy and digital platforms.
In essence, the bill will require platforms used by minors to take steps to mitigate certain specific risks, such as cyberbullying and harmful content. Several privacy proponents are actually against the passage of this bill—not because they’re fans of cyberbullying worried about missing out on their favorite pastime but because meeting the laws’ requirements may result in significant violations of users’ privacy rights.
According to the Electronic Frontiers Foundation (EFF), KOSA “actually requires tech companies to collect more data on internet users than they already do.” Since KOSA would penalize organizations that show regulated content to children, it would force them to collect more data on users to ensure they’re of an appropriate age when accessing certain content. And, while unrelated to privacy, the EFF also argues the bill's vague language may cause organizations to filter out helpful content related to mental health care, addiction recovery, and LGBTQ+ issues.
Of course, all of this is hypothetical as the bill has yet to be passed into law. However, it does highlight the challenges behind crafting effective regulation. Bills with the best of intentions can inadvertently lead to violations of the rights we hold dear—including (and sometimes especially) our right to privacy.
Best,
Arlo
P.S. Proposed laws like KOSA and COPPA 2.0 also highlight the importance of knowing where and when you collect sensitive information (such as children’s data). Data mapping is key to understanding your data landscape, but many organizations feel overwhelmed by it. If that sounds like you, register for our upcoming webinar on August 15th, It’s Time to Think About Data Mapping Differently.
Top Privacy Stories of the Week
Senate Passes the Kids Online Safety Act
KOSA, along with COPPA 2.0, recently passed a Senate vote and now moves to the House. The bill works by creating a duty of care for online platforms that are used by minors, requiring they take “reasonable” measures in how they design their products to mitigate a list of harms, including online bullying, sexual exploitation, drug promotion, and eating disorders. It specifies that the bill doesn’t prevent platforms from letting minors search for any specific content or providing resources to mitigate any of the listed harms, “including evidence-informed information and clinical resources.”
Meta Agrees to $1.4B Settlement with Texas in Privacy Lawsuit Over Facial Recognition
Meta has agreed to a $1.4 billion settlement with Texas in a privacy lawsuit over allegations that the tech giant used biometric data of users without their permission. Texas Attorney General Ken Paxton said the settlement is the largest secured by a single state. In 2021, a judge approved a $650 million settlement with the company over similar allegations of users in Illinois.
Senators Call on the FTC to Investigate Data-Hungry Car Companies
Senators Ron Wyden a Democrat from Oregon, and Edward Markey, a Democrat from Massachusetts, want the Federal Trade Commission (FTC) to investigate how car companies collect data and punish them if they’ve violated the law. The two senators called on the commission to look into auto manufacturers in a July 26 letter to FTC Chair Lina Khan.
Anonymous IDs Aren’t Good Enough, Says FTC
In a recent blog post, FTC staff from the Office of Technology explained how hashing (a common method of obscuring data) doesn’t count as true anonymization. “Companies often claim and act as if data that lacks clearly identifying information is anonymous,” states the blog “but data is only anonymous when it can never be associated back to a person.”
Judge Reverses Ruling on Punitive Damages in California Invasion of Privacy Act (CIPA) Case
In a tentative ruling, a Los Angeles County judge concluded that punitive damages were appropriate in a CIPA case, before reversing this ruling. The particulars of the case could have implications for future CIPA rulings.
Osano Blog: How to Migrate Your Data Map in 5 Easy Steps
Worried about throwing away previous data mapping efforts if you switch to Osano? Don’t be—we've made it easy to migrate your existing data map. Check out our blog to find out more!
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!