Regulators On Both Sides of the Pond Seek Input on Children’s Privacy
Friday, September 6, 2024
Input on Children’s Privacy
Print Mail Download info_icon_img/>i

The New York Attorney General’s office and the UK Information Commissioner’s Office were busy last month when it came to children’s privacy. Both sought input from the public about regulating children’s online privacy, including on social media.

New York

In New York, the AG office released notices of proposed rulemaking for the New York Child Data Protection Act (effective June 20, 2025) and the Stop Addictive Feeds Exploitation (SAFE) for Kids Act (effective 180 days after rulemaking is complete). In the notice, the AG office is seeking comments to rules for these two laws by the end of this month.

The New York Child Data Protection Act places restrictions on businesses that collect personal information from teens and requires “privacy protection by default.” The law includes obligations not only on information collection and use for children under 13, but also for those from 13 to 18. For those under 13, companies must comply with COPPA. The SAFE for Kids Act, on the other hand, governs “addictive social media” patterns on websites and apps for kids under 18.

United Kingdom

Across the pond, the UK ICO has signaled that it will be looking closely at social media platforms’ compliance with its UK Age Appropriate Design Code. The Code outlines for companies how to adhere to UK GDPR when offering digital services to children. Similar to New York, the ICO is also asking for public comments, with a deadline of October 11, 2024. It has asked for input how children’s data is used by recommender systems and developments in the use of age assurance systems to identify children under 13.

By way of background, the Code calls on companies to adopt privacy-friendly default settings when offering services to children. In April of this year the ICO issued a compliance strategy that offered suggestions for these privacy-friendly defaults. This includes not defaulting to geo-tracking or profiling children. As a further development, late this summer, the ICO reviewed account sign-up flows for over 30 platforms and had concerns with many for not adhering to the Code.

Putting it into Practice: We expect to see more developments in children’s privacy through the end of the year, especially in social media space. These two requests for comments are a reminder that regulators expect companies to default to “privacy friendly” settings when interacting with children online.

Copyright © 2024, Sheppard Mullin Richter & Hampton LLP.

Current Public Notices

Current Legal Analysis

More from Sheppard, Mullin, Richter & Hampton LLP

CFPB Penalizes VA Lender for Misrepresenting Cost of Cash-Out Refinance Loans
by: A.J. S. Dhaliwal , Mehul N. Madia
Virginia Court of Appeals Reverses Record $2 Billion Verdict, Emphasizing Damages Resulting from Misappropriation Must Actually Be Proved Under Virginia Trade Secrets Law
by: Tyler E. Baker
ALERT: Team Telecom Streamlining Procedures Take Effect
by: Brian D. Weimer , Douglas A. "Drew" Svor
Key Telehealth Updates in the CY 2025 Physician Fee Schedule Proposed Rule
by: Erica J. Kraus , Arushi Pandya
Having Trouble Recruiting Physicians? The Conrad 30 Window is Opening Soon
by: Andrew J. Desposito , Greg L. Berk
Navigating the Complex Landscape of AI Governance: Principles and Frameworks for Responsible Innovation
by: CJ Rundell , Esperance Becton
Attorney’s Fees May Be Recoverable in Trade Secret Cases, Even Without Damages
by: Luke Bickel
French Insider Episode 34: Cosmic Collaborations: Financing, Innovation, and Franco-American Partnerships in Space [Podcast]
by: Brian D. Weimer

Upcoming Legal Education Events

 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins