In the USA, the Governor of Utah, Spencer Cox, has signed two laws introducing new measures intended to protect children online. The first law prohibits social media companies from using ‘a practice, design, or feature that […] the social media company knows, or which by the exercise of reasonable care should know, causes a Utah minor account holder to have an addiction to the social media platform’. The second law introduces age requirements for the use of social media platforms: Social media companies are required to introduce age verification for users in Utah and to allow minors to create user accounts only with the express consent of a parent or guardian. The laws also prohibit social media companies from advertising to minors, collecting information about them, or targeting content to them. In addition, there is a requirement for companies to enable parents or guardians to access the minors’ accounts. and minors should not be allowed to access their social media accounts between 10:30 pm and 06:30 am.
The laws – set to enter into force in March 2024 – have been criticised by civil liberties groups and tech lobby groups who argue that they are overly broad and could infringe on free speech and privacy rights. Social media companies will likely challenge the new rules.
The 8th IEEE European Symposium on Security and Privacy will be held on July 3-7, 2023, in Delft, Netherlands and is organised by the TU Delft Cybersecurity group.
Since its establishment in 1980, the IEEE Symposium on Security and Privacy has served as the foremost forum for presenting innovations in computer security and electronic privacy and for fostering connections between researchers and practitioners in the field. Expanding upon this achievement, IEEE launched the European Symposium on Security and Privacy (EuroS&P), which takes place annually in different European cities.
For more information, please visit the dedicated web page.
According to Meta, the change does not have any impact on users’ privacy settings and their ‘information will still be protected by UK data protection and privacy laws’.
The World Economic Forum and the Council on the Connected World published the State of the Connected World 2023 report exploring governance gaps related to the internet of things (IoT). The report outlines the findings of a survey conducted with 271 experts worldwide to understand the state of IoT affairs. The COVID-19 pandemic has increased IoT demand in health, manufacturing, and consumer IoT. However, there is a lack of confidence when it comes to matters such as privacy and security.
Two main governance gaps are identified: (1) a lack of governmental regulation and implementation of industry standards and (2) IoT users are more susceptible to cyber threats and cyberattacks.
One recommendation is for businesses and governments to develop and implement practices to improve privacy and security and create a more inclusive and accessible IoT ecosystem. The need to improve equal access to technology and its benefits is also underscored.
The Bundeskartellamt’s preliminary conclusions of its administrative proceeding against Google state that users of Google services ‘are not given sufficient choice as to whether and to what extent they agree to [a] far-reaching processing of data. The choices offered so far, if any, are, in particular, not sufficiently transparent and too general.’ The office argues that users should be able to limit the processing of data to the specific service used and to differentiate between the purposes for which the data are processed. In addition, the choices offered must not be devised in a way that makes it easier for users to consent to the processing of data across services than not to consent to this.
Following the issuance of the statement of objections, Google has the opportunity to comment on the office’s preliminary assessment and present either reasons to justify its practices or suggestions to dispel the concerns. A final decision on the administrative proceeding is awaited in 2023.
In another change to be introduced in March 2023, new controls will allow teenage users to choose to ‘see less’ of certain types of adverts in both Facebook and Instagram.
Meta had previously put in place restrictions to stop advertising for teenagers based on their interests and activities.
The US Federal Trade Commission and the creator of Fortnite, Epic Games, have reached a settlement which would see the company pay a total of US$ 520 million in penalties over allegations that it had violated the Children’s Online Privacy Protection Act and used dark patterns to trick players into making unintentional purchases.
For allegations related to collecting personal information from Fortnite players under the age of 13 without getting consent from their parents or caregivers, Epic has agreed to pay a US$ 275 million penalty. Furthermore, the FTC determined that Epic’s default settings for its live text and voice communication features, as well as its system of pairing children with adults/strangers to play Fortnite with, exposed youngsters to harassment and abuse. Epic is also required to adopt strong privacy default settings for children and teens, ensuring that voice and text communications are turned off by default.
In a second case, the business conceded to pay US$ 245 million to refund users for its dark patterns and billing practices.
The US Federal Trade Commission, the Office of the National Coordinator for Health Information Technology, the Food and Drug Administration, and the Department of Health and Human Services launched an updated Mobile Health Apps Tool that aims to help mobile health app developers better understand which privacy laws and regulations apply to their technology.
The Mobile Health Apps Tool is addressed to everyone who develops a mobile app that accesses, collects, shares, uses, or maintains information related to an individual’s health (e.g. information related to diagnosis, treatment, fitness, wellness, addiction). Its goal is to help developers identify and understand the federal regulatory, privacy, and security laws and regulations that may be applicable to their mobile health apps.
The third ministerial meeting of the EU-US Trade and Technology Council (TTC) was held on 5 December 2022 in Washington, DC, USA. During the meeting, the two parties:
Reiterated the importance of cooperating on trust and security in the ICT ecosystem and noted that the TTC Working Group on ICTS security and competitiveness plans to discuss transatlantic subsea cables’ connectivity and security, including alternative routes, such as the transatlantic route to connect Europe, North America and Asia.
Announced plans to launch a pilot project to assess the use of privacy-enhancing technologies and synthetic data in health and medicine.
Announced plans to establish an expert task force to strengthen research and development cooperation on quantum information science, develop common frameworks for assessing technology readiness, discuss intellectual property, and export control-related issues as appropriate, and work together to advance international standards.
Announced progress on increasing standards cooperation, for instance through the Strategic Standards Information mechanism meant to enable the EU and the USA to share information about international standardisation activities and react to common strategic issues.
Announced that the US Department of Commerce and the European Commission are entering into an administrative arrangement to implement an early warning mechanism to address and mitigate semiconductor supply chain disruptions in a cooperative way.
Stressed the importance of eliminating the use of arbitrary and unlawful surveillance to target human rights defenders, and expressed concerns over government-imposed internet shutdowns.
Announced plans to enhance transatlantic trade, for instance through developing joint best practices for the use of digital tools to simplify or reduce the cost of commercial actors’ interactions with the governments in relation to trade-related policy, legal requirements, or regulatory requirements.
Announced the launch of a Talent for Growth Task Force to facilitate exchanges of experiences on training and capacity building and serve as a catalyst for innovative skills policies.
Ten US state attorneys generals issued a letter to Apple to take action to better protect reproductive health information. In response to the US Supreme Court’s decision overturning Roe v. Wade, which protected the constitutional right to abortion, at least 14 states have tightened restrictions on, or criminalised, abortion. The coalition of attorneys general expressed concerns in the letter that users’ private information stored in third-party apps could be weaponised against individuals seeking or providing abortions. Against this background, the attorneys general urged Apple to protect reproductive health data from being wrongfully exploited by requiring app developers whose apps are hosted on the App Store to either certify to Apple or include the following measures in their privacy policies:
– Delete data that is not essential for the use of the app, including location history, search history, and any other data of consumers who may be seeking, accessing, or assisting reproductive healthcare providers;
– Provide notices on the potential for App Store applications to disclose third-party user data related to reproductive healthcare, and require that apps do so only when required by a valid subpoena, search warrant, or court order;
– For apps that collect reproductive health data, implement at least the same privacy policies as Apple concerning that data.
