UK regulator, California lawmakers tackling children’s online data privacy challenges
The Information Commissioner’s Office (ICO), the UK data protection regulator, may impose a fine of up to £27 million (roughly US$28.93 million) on social media firm TikTok based on a potential breach of U.K. data protection law. The news comes just as the most populous state in America enacts a new law to protect children online, and another social media platform announces it has verified the age of all of its users.
The ICO investigation found the company may have processed the data of children under the age of 13 without explicit parental consent.
The company also reportedly failed to provide accurate information to its users in a concise, transparent and easily understood way, and processed special category data, which includes biometrics, without legal grounds.
The ICO has therefore issued TikTok with a ‘notice of intent,’ a legal document that precedes a potential fine, which claims the social media giant breached UK data protection law between May 2018 and July 2020.
“We all want children to be able to learn and experience the digital world, but with proper data privacy protections,” comments Information Commissioner John Edwards.
“Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement.”
At the same time, the data protection regulator highlighted that the findings in the notice are provisional. The ICO said it would carefully consider any representations from TikTok before taking a final decision.
“I’ve been clear that our work to better protect children online involves working with organizations but will also involve enforcement action where necessary,” Edwards explains.
In addition, the Information Commissioner confirmed that ICO is currently looking into how over 50 different online services conform to the Children’s code.
“[We] have six ongoing investigations looking into companies providing digital services who haven’t, in our initial view, taken their responsibilities around child safety seriously enough,” Edwards concludes.
The notice of intent comes weeks after TikTok executives were under the spotlight in the U.S. after the House of Representatives’ chief administration officer said the company poses privacy and security dangers.
California governor signs bill protecting children’s online data
California Governor Gavin Newsom has announced the signing of bipartisan landmark legislation to protect children’s wellbeing, data, and privacy using online platforms.
“We’re taking aggressive action in California to protect the health and wellbeing of our kids,” Newsom says.
Called Assembly Bill (AB) 2273 and approved by the state of California last month, the new legislation prohibits companies that provide online services, products or features likely to be accessed by children from using a child’s personal information.
“It’s great to see movement in the U.S. on the California Age-Appropriate Design Code is now confirmed in law – this sends a strong signal to the tech industry globally and will play a vital role in protecting children online,” Julie Dawson, chief policy and regulatory officer at Yoti, tells Biometric Update in an email.
“The Children’s Code in the UK is driving businesses to take action, and we are working with organizations across a range of industries to help them develop age-appropriate experiences.”
AB 2273 also prevents companies from collecting, selling, or retaining a child’s geolocation, profiling a child by default, and leading or encouraging children to provide personal information, including biometrics.
The bill also mandates that privacy information, terms of service, policies, and community standards be easily accessible and upheld.
Additionally, it instructs businesses with an online presence to complete a Data Protection Impact Assessment before offering new online services, products, or features potentially accessed by children.
“California’s enactment of the Age-Appropriate Design Code will catalyze protection for children’s rights and privacy,” Dawson adds. “As a parent myself, it’s reassuring to see progress finally being made in this area.”
Yubo to age-verify 100 percent of its users, thanks to Yoti
Social media platform Yubo announced it will implement comprehensive age-verification for all its users, an industry-first, according to the company.
The facial age estimation technology is provided by Yoti and was first introduced in May for iOS users ages 13 and 14. Deployment on all Apple devices was completed ahead of schedule, and Yubo confirmed it will now extend the age-verification technology to all Android users.
The social media firm says the new system further mitigates risks of child abuse and strengthens “age-gating,” a feature designed to separate users into different communities based on age to limit interaction between teens and adults.
“With over 60 million users, Yubo understands the immense challenge of ensuring that their community remains safe,” comments Yoti CEO Robin Tombs.
“By using our industry-leading age verification across their entire platform, users who want to enjoy Yubo responsibly have an easy, privacy-preserving tool to verify their age. We are proud to collaborate with Yubo to help safeguard young people and create age-appropriate experiences online.”
The collaboration with Yubo comes weeks after Yoti celebrated one year since the launch of its Report Remove tool for age verification in the UK.
More recently, the company was among 13 firms selected to join Tech Nation’s eleventh Future Fifty accelerator program.