A little privacy: week of June 28

USA

FTC settles over allged coppa violations

The FTC voted to make changes to its rulemaking procedures intended to make the process more streamlined and give the Commission “the ability to issue timely rules on issues ranging from data abuses to dark patterns to other unfair and deceptive practices widespread in our economy.” The changes include giving the FTC chair oversight of the process (rather than an administrative law judge) and removing certain public comment periods and reporting requirements. 

The FTC settled with the operators of Recolor, an online coloring book, over alleged COPPA violations, based on collection of personal information from users of the app, including collection of persistent identifiers by third-party advertising networks. The FTC alleged that the app failed to instruct ad networks to refrain from using children’s persistent identifiers for behavioral advertising and failed to provide notice to parents or obtain verifiable parental consent before allowing ad networks to collect such information. 

–

Europe

adequacy decision for uk under gdpr

The CNIL confirmed that all twenty organizations who had been put on notice last month of violations of the CNIL’s cookie legislation have now come into compliance. The violations were based on organizations not allowing Internet users to refuse cookies as easily as accepting them. 

The European Commission adopted an adequacy decision for the UK under the GDPR, allowing for transfer of personal data from the EU to the UK. 

–

Global

South Africa popia goes into effect

South Africa‘s Protection of Personal Information Act (POPIA) went into effect this week. POPIA is a comprehensive data privacy legislation similar to GDPR in several respects, including restrictions on processing, sharing and transferring of data and required data subject rights. A last-minute change to the Act, however, included a delay until February 2022 of a portion of the Act that would restrict the processing of unique identifiers with the aim of linking the identifiers to other information. 

The Standards Council of Canada (SCC) published a Canadian Data Governance Standardization Roadmap, which provides key issues and recommendations related to data governance, intended as “a tool to help tackle the challenging questions we face when contemplating and planning for the future of data governance in Canada.” The roadmap includes the policy context to data governance in Canada, 35 key issues and recommendations, and next steps for putting the recommendations into action. 

–