Category Archives: Privacy Abbreviated

[REPLAY] Launching 2025: Global CBPR Forum

Privacy Abbreviated

Podcast (privacyabbreviated): Play in new window | Download (Duration: 36:50 — 50.8MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

Last year, the U.S. Department of Commerce announced the establishment of the Global Cross-Border Privacy Rules (CBPR) and Global Privacy Recognition for Processors (PRP) Systems. In anticipation of its official launch this year, get caught up with a deep dive on the world of CBPRs with Priv host Dona Fraser and her guest Victoria Akosile, Deputy Director of BBB National Programs Privacy Initiatives.

This episode, which originally aired in May 2024, breaks down the “what you need to know” knowledge about the global CBPR system, quickly reviews the “how we got here” facts, and provides you with the “what do I do now” information you need, whether you are a data controller or data processor.

Key Takeaways:

  • (2:58) The CBPR framework establishes a unified set of privacy requirements, fostering international alignment for compliance. It serves as a benchmark for companies to ensure their privacy practices meet a globally recognized standard. By adhering to CBPR requirements, companies can enhance consumer trust and mitigate risks associated with data privacy non-compliance.
  • (8:05) Integration into the CBPR program enables companies to assess and fortify their privacy procedures. Participation facilitates a structured review process, identifying areas for improvement in privacy management. It empowers companies to adapt to evolving privacy regulations and consumer expectations, ensuring resilience against data breaches and regulatory penalties.
  • (13:47) CBPR and PRP certifications present an opportunity to revolutionize vendor management strategies. Companies can leverage certifications to vet vendors, selecting partners with robust privacy safeguards. Certification streamlines data transfers by providing assurance of compliant data handling practices across the supply chain.
  • (24:07) BBB National Programs acts as an accountability partner, aiding companies in obtaining CBPR and PRP certifications. Through collaborative engagement, BBB National Programs assists companies in navigating the certification process efficiently. Our expertise helps companies uphold high privacy standards, fostering consumer trust and regulatory compliance.
  • (33:11) The forthcoming Global CBPR Forum meeting in Tokyo anticipates widespread interest from nations seeking to join the framework and advance data privacy interoperability. The event serves as a platform for sharing best practices and fostering collaboration among participating countries. It underscores the global momentum towards harmonizing data protection regulations, promoting cross-border data flows while safeguarding individual privacy rights.

 

COPPA 3.0? Privacy Updates for Kids, Tweens and Teens

Privacy Abbreviated

Podcast (privacyabbreviated): Play in new window | Download (Duration: 44:17 — 61.2MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

Join us for this episode of Privacy Abbreviated, where Dona Fraser is joined by Rukiya Bonner, Director, Children’s Advertising Review Unit, BBB National Programs to discuss a year in children’s privacy in review. Dona and Rukiya break down the FTC’s COPPA Rule revisions, what new legislation has been proposed, what those proposals mean for businesses (including consideration of teen users), and predictions on what could be coming next.

Dona and Rukiya’s conversation highlights the challenges of balancing privacy and safety, navigating targeted advertising, and the importance of proactive measures for companies operating in this space. Key takeaways emphasize the need for vigilance, transparency, and the adoption of best practices in privacy compliance.

Chapters

[00:00] Introduction to Children’s Online Privacy

[03:30] Current Legislative Landscape for Children’s Privacy
[06:03] Understanding COPPA in All Forms
[12:26] The Role of Safe Harbors 
[18:44] State-Level Privacy Laws and Their Implications
[23:55] Challenges in Balancing Privacy and Safety
[28:56] Navigating Targeted Advertising and Data Privacy
[37:38] Key Takeaways for Companies in the Children’s Space

Key Takeaways

  • The definition of a child is crucial in privacy discussions.
  • Legislative proposals are increasing but progress is slow.
  • COPPA 1.0 remains the law, with updates anticipated in 2025.
  • Verifiable parental consent is evolving with technology.
  • Safe harbors provide essential compliance support for companies.
  • State-level laws are creating a complex patchwork for compliance.
  • Balancing privacy and safety is a significant challenge.
  • Targeted advertising must comply with strict regulations.
  • Companies should prepare for the upcoming changes in legislation.
  • Engaging with third-party vendors is critical for compliance.

 

Privacy Year In Review: Laws, the Impact, and the Elephant in the Room

Privacy Abbreviated, , ,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 43:52 — 60.5MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

For the season finale of Privacy Abbreviated, host Dona Fraser is joined by her friend Morgan Reed, President of The App Association to discuss a year in review of privacy. Dona and Morgan discuss it all, from major developments in regulatory and enforcement actions, the need for comprehensive U.S. privacy and understanding of global privacy laws, to children’s privacy and the 50-foot elephant in the room, AI. 

On each topic, Dona and Morgan focus on what the current state means for business, provide some practical advice, and outline where they see the privacy world evolving on the road ahead. 

Donna and Morgan discuss the evolving landscape of privacy regulations, focusing on the challenges faced by small and medium-sized businesses. They explore the implications of federal and state privacy laws, the impact of AI on data privacy, and the need for comprehensive reform to protect consumer expectations while supporting business growth. 

 

Key Takeaways:

  • Small businesses don’t want to be small forever, but they also don’t have the bandwidth and resources to scale AND comply.
  • The lack of a unified federal privacy law complicates compliance.
  • AI is a significant factor in shaping future privacy legislation.
  • State laws create a complex patchwork for businesses to navigate.
  • Consumer expectations must guide data practices.
  • Businesses need to understand their data-sharing practices.
  • Clear guidance on privacy laws is essential for compliance.

Chapters:

00:00 Introduction to Privacy Trends
03:06 Challenges for Small and Medium-Sized Businesses
05:57 Federal Privacy Legislation: Current Landscape
08:51 The Impact of AI on Privacy Regulations
12:14 State Privacy Laws and Their Implications
15:00 The Role of AI in Data Privacy
18:05 Navigating Privacy in a Complex Regulatory Environment
20:57 The Future of Privacy Legislation
24:12 Concluding Thoughts on Privacy and Business

Additional Resources:

Enjoyed this episode? Get caught up on past seasons of Privacy Abbreviated and subscribe to never miss an episode. Learn more about BBB National Programs’ Privacy Initiatives.

Making Sense of AI Governance

Privacy Abbreviated, , ,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 39:36 — 54.4MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

On this episode of Priv, Miles Light, BBB National Programs’ Senior Counsel for Youth, Privacy, & Technology steps into the role of host for this conversation, joined by Brenda Leong, a partner at Luminos.Law to discuss the responsibilities and requirements of artificial intelligence (AI), in privacy and beyond. 

AI technology does not only affect the privacy vertical – it is a cross functional challenge. Miles and Brenda discuss AI governance and policies, laws and regulations, and operational considerations within a company, including the role of humans in a world of algorithms and machine learning. 

They discuss the importance of understanding the unique requirements and responsibilities of AI, the need for cross-functional communication and collaboration, and the key themes of accountability, fairness, and transparency in AI regulation. They also explore the role of governance policies and contracts in managing AI risks and the potential for renegotiating contracts to address the expectations and liabilities associated with AI.

Key takeaways:

  • [2:07] AI deployment presents unique legal challenges and compliance headaches that require careful consideration and management.
  • [05:18] Understanding the requirements and responsibilities of AI is essential for both privacy professionals and AI professionals.
  • [09:02] Cross-functional communication and collaboration are crucial for effectively addressing AI risks and ensuring responsible AI governance.
  • [13:20] The key themes of accountability, fairness, and transparency are central to AI regulation and risk management.
  • [20:24] Governance policies and contracts play a critical role in managing AI risks and establishing liability and expectations.

Likely to be Accessed: Do You Know Who Your Users Are?

Privacy Abbreviated, , ,

Podcast (privacyabbreviated): Play in new window | Download (Duration: 35:33 — 49.1MB) | Embed

Subscribe: Apple Podcasts | Spotify | RSS

Join us for this episode of Priv, where our host Dona Fraser, Senior Vice President of Privacy Initiatives at BBB National Programs, is joined by Phyllis Marcus of Hunton Andrews Kurth to discuss the broad operational, financial, and logistical impacts and challenges of trying to protect both children and teens online under the same laws and regulations. 

Marcus and Fraser explain the current regulatory landscape and unpack the evolution of children’s privacy laws, including COPPA. They discuss the increasing number of legislative proposals at both the state and federal level and explore challenges businesses face today related to verifiable parental consent, examine proposed technological solutions like biometrics, and discuss the responsibility of third-party operators. 

The conversation includes a look at age-appropriate design codes and the shifting responsibility from parents to the entire ecosystem, as well as, third-party liability and the role platforms play in protecting children’s privacy. The conversation concludes with a discussion on the potential future of children’s privacy laws.

Additional Resources:

Key Takeaways:

  • (02:41) Children’s Privacy Landscape – Children’s privacy laws, such as COPPA, have evolved over time to address the challenges posed by new technologies and online platforms.
  • (06:30) Shifting Responsibility – The responsibility for protecting children’s privacy is shifting from parents to the entire ecosystem, including platforms and service providers.
  • (13:17) Verifiable Parental Consent – Verifiable parental consent is a key consideration for companies that collect personal information from children, and there are various mechanisms available to obtain consent.
  • (20:30) Third-Party Liability – Third-party liability is an important aspect of children’s privacy laws, holding not just first-party operators but also third parties accountable for compliance.
  • (32:23) Holding Platforms Accountable – The role of platforms in protecting children’s privacy is still evolving, with discussions around consent management and the sharing of age information.
  • (39:39) A Look to the Future – The future of children’s privacy laws is uncertain, with potential updates to COPPA and ongoing debates about the role of federal and state legislation.