Skip to main content

5 Key Takeaways from IAPP's #GPS18 Conference


The Children's Advertising Review Unit (CARU) attended the International Association of Data and Privacy Professionals' (IAPP) Data Privacy Summit in Washington D.C. last week. It was a great opportunity to spend time with important folks in the privacy industry. Panelists ranged from regulators to specialists on topics like GDPR, ethical data use and new technologies like facial recognition. It was a great event.



Here are CARU's key takeaways from IAPP's Data Privacy Summit.

1. GDPR was the Star
GDPR was paid a lot of attention--and with good reason. One panel answered a very serious question--will there be a grace period? According to Andrea Jelinek (current head of the Article 29 Working Party), there will be a two-day grace period because GDPR goes into effect on a Friday. So essentially, take the weekend, but they'll see you bright and early Monday morning. Other questions linger about whether GDPR principles become the norm because easier than parsing out privacy based on location?

2. Good Faith (We Think) Will Go A Long Way
When it comes to GDPR there is still A LOT of confusion. This reminds us of when COPPA was updated back in 2012. Although lawmakers and regulators are doing their best to answer questions, it seems impossible to address every question by May 25. Making a clear and substantial effort to comply seems as though it will go a long way, keep an eye on the article 30 deliverables. Even if you aren't entirely clear of all the nuances, making a good faith effort to comply could earn major points.

3. State Laws on Privacy are Continuing to Expand 
State laws on privacy are continuing to grow– especially in the area of student privacy – in 2017, 28 bills were passed.

4. Best Practices for Consent and Notice Revisited – for connected devices. 
It seems that we are all overwhelmed and exhausted from too many privacy notices.  We are all just too overwhelmed for privacy notices to be effective--we've got a bad case of privacy notice fatigue. 
It used to be that the Federal Information Processing Standards (FIPS) was sufficient to protect our individual data. However, it seems that this is no longer enough. Too much data is being collected from too many places for this notice to truly present an informed choice. We must consider how to simplify and make notices most effective – i.e. timely, persistent and on demand, incorporating technology. For starters, keep the privacy policy concise with need to know basics, what is collected, why it is collected and with whom it is shared.

5. Keynotes Lewinsky and Ronson 
Both keynote speakers put public shaming on the internet into perspective. Each discussed how posts on social media can be misinterpreted and cause real world harm, so we should all take note and be more accountable.

If you can't wait to learn more about privacy as it pertains to children, sign up for our conference May 2 in San Francisco. Learn more here.

Popular posts from this blog

CARU Speaks at Community Board in Manhattan

CARU staff attorney Andra Dallas gave a presentation to Community Board 1, serving lower Manhattan on Monday, December 7 th .  Andra spoke to the Board’s Youth Committee about the importance of teaching children about understanding advertising and safe online practices.  District Manager Noah Pfefferblit remarked, “thank you for your informative presentation to our Youth Committee members,” and offered the Board’s assistance if they “can be helpful to the important efforts at the Children's Advertising Review Unit.” Are you interested in having a CARU staff member visit your community board? Contact adallas@caru.bbb.org.

i-Dressup Shuts Down in Wake of Privacy Breach and COPPA Violation

I-Dressup, a fashion-themed social website for teens, has completely shut down as part of a settlement with the New Jersey Department of Consumer Affairs, following a massive privacy breach and violations of the federal Children's Online Privacy Protection Act (COPPA) and New Jersey state law. In September 2016, a hacker sent 2.2 million i-Dressup account credentials to technology blog Arstechnica as well as to haveibeenpwned.com, a searchable online database of data breaches. Responding to the news, New Jersey investigators discovered that 2,519 of the compromised accounts belonged to New Jersey children below age 13. I-Dressup, allegedly aware that it had child users, had violated COPPA by failing to obtain verifiable parental consent prior to collecting and processing personal information from the children, including first and last names and email addresses. In a consent decree with the New Jersey Attorney General Gurbir Gerwal, parent company Unixiz has closed i-Dressup,

Kids Internet Design and Safety Act Seeks to Protect Children from Harmful Online Content

United States Senators, Mr. Richard Blumenthal from Connecticut and Mr. Edward Markey from Massachusetts, introduced a new bill referred to as the Kids Internet Design and Safety Act (the “KIDS Act”). One of the Senator’s introducing the KIDS Act, Mr. Edward Markey, was the co-author of the Children’s Online Privacy Protection Act (“COPPA”). The KIDS Act seeks to include noteworthy advertising rules and create new protections for children online, specifically for online users under the age of 16. The proposed advertising rules within the KIDS Act are to ban websites from: (1) exposing young online users to advertisements “with embedded interactive elements”; (2) recommending any content involving alcohol, nicotine, or tobacco to young online users; and (3) recommending content that includes influencer marketing, like unboxing videos, or host-selling to young online users. Additionally, the KIDS Act seeks to prohibit certain online features to protect children, like prohibiting