CyviaJuris

Children’s Privacy in the Spotlight: New York and UK Regulators Seek Public Input

In an era where children’s online presence is increasingly pervasive, regulators on both sides of the Atlantic are taking steps to enhance protection of children’s privacy. Recent developments in New York and the United Kingdom highlight the growing focus on this critical issue.

New York Takes the Lead

The New York Attorney General’s office has recently released notices of proposed rulemaking for two groundbreaking laws:

  1. The New York Child Data Protection Act: Set to take effect on June 20, 2025, this law aims to restrict businesses’ collection of personal information from teens and mandates “privacy protection by default.” It covers children under 13 (in compliance with COPPA) and extends protections to teens aged 13-18.
  2. The Stop Addictive Feeds Exploitation (SAFE) for Kids Act: This law targets “addictive social media” patterns on websites and apps for users under 18. It will come into effect 180 days after the rulemaking process is complete.

The AG’s office is seeking public comments on the rules for both laws by the end of September 2024, signaling a commitment to collaborative policy-making in this sensitive area.

UK’s Information Commissioner’s Office (ICO) Steps Up

Across the pond, the UK’s ICO is also making moves to strengthen children’s privacy protections:

  1. Review of Social Media Platforms: The ICO is closely examining social media platforms’ compliance with the UK Age Appropriate Design Code, which provides guidelines for companies offering digital services to children.
  2. Public Consultation: Similar to New York, the ICO is soliciting public input until October 11, 2024. They’re particularly interested in how children’s data is used by recommender systems and developments in age assurance systems for identifying under-13 users.
  3. Privacy-Friendly Defaults: The ICO is pushing for companies to adopt privacy-friendly default settings when offering services to children. This includes avoiding default geo-tracking and profiling of children.
  4. Recent Compliance Check: The ICO recently reviewed account sign-up flows for over 30 platforms and found concerns with many not adhering to the Code.

What This Means for Companies

These developments signal a clear trend towards stricter regulation of children’s online privacy. Companies operating in these jurisdictions should consider:

  1. Reviewing and potentially overhauling their data collection practices for users under 18.
  2. Implementing strong, privacy-friendly default settings for young users.
  3. Staying informed about the evolving regulatory landscape in different jurisdictions.
  4. Participating in public consultations to help shape balanced and effective regulations.

Looking Ahead

As we move towards the end of 2024, we can expect to see further developments in children’s privacy regulations, especially in the social media space. The emphasis on “privacy-friendly” default settings when interacting with children online is likely to become a global standard.

For businesses, the message is clear: prioritizing children’s privacy is not just a legal requirement, but a crucial aspect of building trust with users and their families in the digital age.

Stay tuned for more updates as these regulations continue to evolve!

Leave a comment