Privacy fines have been rolling in by the
millions this year and one of the more high-profile fines is the 170 million dollar fine imposed by the FTC for
Google violating the Children's Online Privacy
Protection Act (COPPA). This is following a current trend of the FTC fining
tech companies for not protecting children’s privacy. The music app TikTok
(Musica.ly) was recently fined 5.7 million dollars for violating COPPA. This
has sparked a debate on how COPAA should be modified in order to continue
evolving with the current digital landscape. Currently, there are workshops
being held on how COPAA should be amended. However, similar to laws such as the
California Consumer Privacy Act (CCPA), there are lobbying groups that are
pushing to weaken privacy for COPAA and ultimately diminish the privacy
protection for children browsing the web.With the growing complexity of privacy laws
worldwide, many companies are trying to justify ways in which certain privacy
laws may not apply. Generally, this approach makes sense, but it must be
approached from a common sense perspective. According to the case against
Google, there was an advertiser that asked about YouTube’s compliance with
COPPA. An employee provided an inadequate response by saying, “we don’t have
users that are below 13 on YouTube and the platform/site is a general audience,
so there is no channel or channel content that is child directed and no COPPA
compliance is needed.” Anyone who has taken a look at YouTube, or has children
of their own knows that there is a vast amount of child-directed content on
YouTube. For example, there is a channel called “BKN Toys,” which has over 13.5
million subscribers whose content is mainly directed towards children.Part of the employee’s explanation makes sense
because it is an open platform; however, since it is an open platform, it
allows for content creators to find a niche audience (children under 13) and
monetize their content. Just because a website is not created for children does
not mean that it will keep children out of the website. YouTube’s own rating
system is also able to identify if specific content is “kid-directed”, which
means that YouTube was well aware that there was kid-directed content on the
website. Due to the nature of monetization of these videos, children who would
view these videos would be tracked by cookies and other identifiers without
obtaining appropriate consent. And the platform was earning millions in the
process. A good portion of the revenue comes from targeted ads through a
process called Real Time Bidding “RTB” -- through an
“Ad-Exchange” which acts as an auction for the buying and selling of
impressions (real-time ads). To simplify it, an advertiser would place a bid to
win a certain impression in real time and since this advertiser would want the
ad to be as targeted as possible, the advertiser would set specific demographic
parameters on who they would like the advertisement to display to.
Why is this a problem? Not only are
organizations deliberately violating the law, but they are also making millions
in the process. As amendments to COPPA loom and have a chance of becoming more
stringent, organizations will face new requirements and not only have to spend
more money to implement certain process changes, but organizations would also
lose money on previous avenues of revenue that have been highly profitable.
Lobbyists and other special interest groups are working on future amendments to
COPPA that could potentially undermine and weaken the protection that children
receive while browsing the internet. Due to the sheer amount of data collected and
used for advertising, artificial intelligence, machine learning, or for other
purposes, we need to ensure that the privacy of children and all people
browsing the internet is protected.Privacy advocates are concerned that the
current workshops are a means to weaken the current protections of COPPA. The
FTC has tried to qualm some of the criticisms of privacy advocates by providing
a statement that future amendments are not meant
to undermine the existing protections of COPPA. It’s crucial for our future
generations that privacy becomes the default and the expectation. The digital
economy is currently at a crossroad and the organizations that are able to
develop privacy-centric solutions will be the ones that succeed in the new
digital age.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
