Data Protection Leader Magazine | May 2023
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Data Protection Leader is the bi-monthly magazine from OneTrust DataGuidance featuring interviews with some of privacy’s top voices as well as expert insight and analysis on trending topics in data protection, cybersecurity, and beyond.
In this issue, we take a closer look at how to modernize online privacy protections for children in the US with Goli Mahdavi and Gabrielle Harwell, from Bryan Cave Leighton Paisner LLP looking closely at the Children’s Online Privacy Protection Act (COPPA) and California’s Age-Appropriate Design Code. The May edition of Data Protection Leader Magazine also celebrates five years of the GDPR with OneTrust DataGuidance’s expert contributors offering their five top tips for compliance. Other articles include a breakdown of the latest privacy law in Iowa with Lothar Determann, Helena Engfeldt, Jonathan Tam, and Michelle Shin from Baker & McKenzie LLP as well as an interview with Pedro Marques Gaspar, Manager in the Digital Regulation - New Law division of PwC, Madrid.
Future proofing global digital regulation
In his regular editorial, Eduardo Ustaran, Partner at Hogan Lovells discusses the need for digital regulation to be agile in the face of rapid technological development as well as how various lawmakers are approaching this.
“It is always said that technology moves faster than law, but that does not take away the need for regulatory frameworks to be agile and address technological challenges as they emerge. That agility becomes even more pressing when the issues at stake are global, and two of the most urgent global challenges right now are cross-border data flows and AI governance.”
The path to modernizing online privacy protections for children
Goli Mahdavi and Gabrielle Harwell, from Bryan Cave Leighton Paisner LLP provide us with an in-depth look at how the protection of children’s personal data is being regulated through the lens of COPPA and California’s Age Appropriate Design Code.
“The protection of children's online privacy has emerged as one of the most important data privacy issues in the US. With the existing framework for protecting children's online privacy viewed almost universally as weak and outdated, there has been a flurry of lawmaking activity at the state and federal levels. California has led the way with the passage of the expansive California Age- Appropriate Design Code Act (AADC), with other states following suit either with facsimiles of the AADC, or modernized versions of the federal Children's Online Privacy Protection Act (COPPA).”
Iowa: Breaking down the new privacy law
There is also a commentary on the new privacy law passed in Iowa from Lothar Determann, Helena Engfeldt, Jonathan Tam, and Michelle Shin from Baker & McKenzie LLP.
“With the Iowa Consumer Data Protection Act (CDPA), Iowa became the sixth US state to enact an omnibus consumer privacy statute, following California, Colorado, Connecticut, Virginia, and Utah. All six states' laws vary in minor and, in some cases, significant ways. Companies around the world should start preparing for the CDPA with respect to the personal data of consumers in Iowa. The CDPA excludes consumers acting in a commercial or employment context.”
Deceptive design patterns in social media - how to recognize and avoid them
João Peixe, Senior Associate Lawyer, from Vasconcelos Arruda Advogados, gives us insight into the European Data Protection Board Guidelines 03/2022 on Deceptive design patterns in social media platform interfaces and how social media providers can avoid them.
“Given the exponential growth and presence of social networks in the market, and the massive processing of personal data that this entails, this is a particularly relevant legal instrument, which makes it possible to clarify the link that should be established with the provisions of the GDPR in particular. The Guidelines provide practical recommendations to social media providers (who remain responsible and accountable for ensuring that their platforms are GDPR compliant) as controllers of social media, and designers and users of social media platforms on how to assess and avoid so-called 'deceptive design patterns' in social media interfaces that infringe on GDPR requirements.”
