CCPA enforcement action #3: And here comes the California AG together with the LA City Attorney with the third CCPA enforcement action (after Sephora and DoorDash), this time against Tilting Point Media, a game maker. The attorneys allege violations of COPPA and CCPA. *** Tl;dr The company developed a SpongeBob game and allegedly didn't obtain (a) parental consent for under 13 users or (b) users' affirmative opt in consent for sharing data of users 13-17. *** A couple of interesting points: ✅ Children's data: Every policymaker/ regulator is focused on children's data these days. And by children I mean under 18 = no longer just COPPA's U13. Frank Pallone held up the APRA because in his opinion it lacked sufficient punch on kids' data. Perhaps we'll see a breakthrough there at some point. https://lnkd.in/eNJeVsHW Maryland passed an age appropriate design code last month https://lnkd.in/edsqFNRW. And last week New York passed two children's data laws, which await the governor's signature. https://lnkd.in/e6QW4adS. ✅ OUT: AI governance; IN: SDK governance: The AG focuses on the allegation that the company "incorrectly configured software development kits (SDKs)" on its app. Indeed, the stipulated judgment it requires the company to "implement and maintain an SDK governance framework". This should serve as a wakeup call to apps (and websites) that are unaware of what SDKs (or cookies, pixels, scripts) are embedded in their product and what data they collect or share. ✅ Opt in for under 18: In California, if children under 18 use your site, you *must* get affirmative opt-in consent if you integrate trackers for advertising purposes. Per Sephora and DoorDash, the AG considers this a "sell or share"'; and for "selling or sharing" U18 data in California, the rule is *opt in* and not opt out. ✅ It's getting hot in here: As expected, CCPA enforcement is just gearing up, and 16 more state laws are coming into force in the near future. If you haven't already, get your data practices in order, or else......
Thank you for these important take aways Omer Tene.
Roy Smith fyi
Great insight, Omer!
Excellent summary!
Data Protection, Cybersecurity, Privacy, and AI
1moThank you for this wonderful summary, Omer. There is a significant gap in SDK governance across the board and the attention to it is encouraging!