Hello all, and happy Thursday!
As one might guess, COPPA 2.0 merely serves as an update to COPPA (1.0). KOSA, however, may serve as more of a sea change for children’s data privacy and digital platforms.
In essence, the bill will require platforms used by minors to take steps to mitigate certain specific risks, such as cyberbullying and harmful content. Several privacy proponents are actually against the passage of this bill—not because they’re fans of cyberbullying worried about missing out on their favorite pastime but because meeting the laws’ requirements may result in significant violations of users’ privacy rights.
According to the Electronic Frontiers Foundation (EFF), KOSA “actually requires tech companies to collect more data on internet users than they already do.” Since KOSA would penalize organizations that show regulated content to children, it would force them to collect more data on users to ensure they’re of an appropriate age when accessing certain content. And, while unrelated to privacy, the EFF also argues the bill's vague language may cause organizations to filter out helpful content related to mental health care, addiction recovery, and LGBTQ+ issues.
Of course, all of this is hypothetical as the bill has yet to be passed into law. However, it does highlight the challenges behind crafting effective regulation. Bills with the best of intentions can inadvertently lead to violations of the rights we hold dear—including (and sometimes especially) our right to privacy.
Best,
Arlo
P.S. Proposed laws like KOSA and COPPA 2.0 also highlight the importance of knowing where and when you collect sensitive information (such as children’s data). Data mapping is key to understanding your data landscape, but many organizations feel overwhelmed by it. If that sounds like you, register for our upcoming webinar on August 15th, It’s Time to Think About Data Mapping Differently.
KOSA, along with COPPA 2.0, recently passed a Senate vote and now moves to the House. The bill works by creating a duty of care for online platforms that are used by minors, requiring they take “reasonable” measures in how they design their products to mitigate a list of harms, including online bullying, sexual exploitation, drug promotion, and eating disorders. It specifies that the bill doesn’t prevent platforms from letting minors search for any specific content or providing resources to mitigate any of the listed harms, “including evidence-informed information and clinical resources.”
Meta has agreed to a $1.4 billion settlement with Texas in a privacy lawsuit over allegations that the tech giant used biometric data of users without their permission. Texas Attorney General Ken Paxton said the settlement is the largest secured by a single state. In 2021, a judge approved a $650 million settlement with the company over similar allegations of users in Illinois.
Senators Ron Wyden a Democrat from Oregon, and Edward Markey, a Democrat from Massachusetts, want the Federal Trade Commission (FTC) to investigate how car companies collect data and punish them if they’ve violated the law. The two senators called on the commission to look into auto manufacturers in a July 26 letter to FTC Chair Lina Khan.
In a recent blog post, FTC staff from the Office of Technology explained how hashing (a common method of obscuring data) doesn’t count as true anonymization. “Companies often claim and act as if data that lacks clearly identifying information is anonymous,” states the blog “but data is only anonymous when it can never be associated back to a person.”
In a tentative ruling, a Los Angeles County judge concluded that punitive damages were appropriate in a CIPA case, before reversing this ruling. The particulars of the case could have implications for future CIPA rulings.
Worried about throwing away previous data mapping efforts if you switch to Osano? Don’t be—we've made it easy to migrate your existing data map. Check out our blog to find out more!
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!