The UK ICO has wrapped up a preliminary investigation into Snap's AI chatbot, and has indicated that it is failing to adequately address children's privacy risks. There are numerous concerns about AI chatbots that are not yet resolved, but children's privacy seems to have driven much of the early action from regulators.
Data Protection
Certain types of personal data are very valuable to criminals, and can be very damaging to an individual or business if it falls into the wrong hands. As the world becomes more digital and more connected, more of this sort of data is generated and passed between various sources on a regular basis.
Government regulations and supervisory authorities aren’t just about keeping irresponsible parties in line. They also provide vital security guidance to every type of organization that handles sensitive personal, business or government information.
Data protection regulations also ensure that the end user has a transparent view of and a say in the processing of personal data. These safeguards play a significant role in everything from the preservation of civil rights to ensuring that democratic institutions function properly.
Some types of personal data are clear candidates for regulation: medical records, banking information, national ID numbers and so on. But some of these regulations also cover items that might seem relatively innocuous at first glance: home addresses, email addresses, website profile information and so on. For example, the European Union General Data Protection Regulation (GDPR) has stipulations about anything that is unique to an individual to include phone numbers and social media accounts. People have varying levels of privacy preference with these items, but they are often protected by regulation because they can be used for targeted scams and attempts at identity theft.
Given that regulations often take the size and customer count of businesses into consideration in terms of penalties and the scope of protection of personal data, compliance is particularly important for enterprise-scale organizations. You do not necessarily have to have an active business presence in a country or region; simply storing data on or moving it through servers there may subject you to their data protection rules.
The GDPR has influenced the future of corporate compliance at a global level. As we see the CCPA, the USCDPA, and bills in other jurisdictions like India and Brazil being passed, it is evident that all companies soon will be required to comply with some consumer data privacy measure.
In this article, learn how CPRA extends the definitions and scope of the CCPA, how businesses should think about CPRA enforcement, and what CPOs can do to help their companies ensure effective and frictionless compliance with CPRA.
Big Tech companies have been making billions of dollars from data monetization, it’s time for them to disclose to users how much their data is worth with the proposed DASHBOARD Act.
Consent is a major requirement in every data privacy regulation worldwide. PrivacyOps and automation is becoming increasingly necessary for compliance.
A children's privacy complaint that dates back to 2021 has resulted in a major GDPR fine for TikTok. The issue largely centers on the "Family Pairing" feature introduced in 2020 which had no real verification process ensuring that the linked parent account actually belonged to a parent.
Many companies are still using stopgap measures to stay in compliance with GDPR. They need to increase level of automation and streamline organization to remain sustainable.
A nearly unanimous vote in the Connecticut House made the CTDPA official, with its terms set to go into effect on July 1, 2023. As with the other state privacy laws, only businesses that meet certain thresholds of personal information handling will be regulated.
TikTok has already faced several actions involving the privacy and security of children, who have always been one of the biggest demographic groups on the platform. A new FTC investigation has raised the issue again.
The Irish DPC has taken some heat for perceived softness in issuing GDPR fines to Big Tech. A $267 million fine issued to WhatsApp is the first substantial amount that the Irish regulator has assessed, but it comes amidst accusations and criticism.










