The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️
Compliance dates to watch for marketers
In terms of data privacy the marketing and advertising industries are an interesting place to watch. there are many challenges faced by businesses due to changes in cookie practices and the growing number of state privacy laws. Remember the Sephora case? The company was fined $1.2 million for allegedly violating California's privacy laws. It's a stark reminder that privacy missteps have real consequences, but also that opportunities to avoid them are present if we stay informed and proactive.
As we entered 2023, organizations operating in California and Virginia had to ensure compliance with the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection Act (VCDPA). Now that these acts are in effect, it's crucial for businesses (and specifically marketing departments) to understand the nuances of these regulations. For example, CPRA has expanded its reach, covering not just consumer privacy rights but also employee data. Keep this in mind as you update your privacy strategy.
Come July 1, 2023, Colorado and Connecticut will join the ranks with their own privacy acts, the Colorado Privacy Act (CPA) and the Connecticut Data Privacy Act (CTDPA). Both acts mandate a 60-day cure period for alleged violations, expiring on January 1, 2025. Ensure you're paying attention to these cure periods and keep track of changes in enforcement procedures.
As the year draws to a close, the Utah Consumer Privacy Act (UCPA) enforcement date will arrive on December 31, 2023. With a more business-friendly approach, it's essential to understand if your organization falls under the UCPA's purview.
To stay ahead in the data privacy game, start by confirming which privacy regulations apply to your organization and updating your privacy policy and notices accordingly. Don't forget to pay close attention to cookies, as their use in online tracking and profiling is creating confusion in the industry. Understanding what's on your websites and mobile applications will make it easier to provide users with the required control.
Remember, our compliance programs are always works in progress. As the landscape evolves, lean on experts and resources to ensure a bright future for your company's data privacy practices.
Keeping minors safe
The piece: "Keeping Minors Safe: Understanding Data Privacy And Security In The Digital Age" peaked my interest this week. It highlights the importance of protecting minors in the ever-changing digital landscape and emphasizes the responsibilities of app developers and organizations.
One key point Williams raises is the need for digital apps to follow the Children's Online Privacy Protection Rule (COPPA) and be General Data Protection Regulation (GDPR) compliant. By adhering to these regulations, businesses can ensure they are providing considerable protection for minors in their digital interactions. As privacy professionals, we must remain vigilant and ensure that companies we work with are aware of and compliant with these regulations.
Williams also discusses the role of social media platforms, such as TikTok, in the digital safety of minors. The ongoing investigation into TikTok's practices by privacy authorities in Canada is a reminder of the importance of proper data collection and consent procedures. Privacy professionals should keep a close eye on such cases, as they can provide valuable lessons in compliance and best practices.
The rise of the metaverse and its potential implications on minors' privacy is another aspect that warrants attention. As Williams points out, marketers are becoming more interested in the advertising opportunities that metaverse platforms present, which may lead to increased data collection and tracking. We, as privacy professionals, must ensure that this new market is carefully monitored and that children's data is not being exploited.
Finally, Williams mentions the ethical considerations that businesses must take responsibility for in terms of minors and data privacy. This includes adhering to COPPA and GDPR guidelines, as well as implementing age verification systems to prevent minors from accessing age-restricted content. As data privacy professionals, it is our duty to ensure that organizations we work with consider these ethical aspects when developing and deploying digital products and services targeting minors.
Other data privacy news
Let’s not delay frameworks that could shape the UK’s digital economy
Matt Peake, Global Policy Director at Onfido, discusses the UK’s pivot from GDPR and why the replacement Data Protection and Digital Information Bill could be instrumental in shaping the UK’s digital economy
Latitude Financial vows not to pay ransom to hackers in wake of massive data breach
Consumer lender Latitude Financial has vowed not to pay a ransom to those behind a massive cyber-attack that resulted in the largest-known data breach of an Australian financial institution.
These dates are good to know because it’s hard to keep track of all the different guidelines/laws being established.
It would be great if cookie compliance companies like OneTrust or Hu-manity.co could just create a “worst-case scenario” option that site operators could enable. Having cookie compliance rules managed by a centralized entity would save legal and marketing teams a lot of time.