ARTICLE
9 September 2024

Regulators On Both Sides Of The Pond Seek Input On Children's Privacy

SM
Sheppard Mullin Richter & Hampton

Contributor

Sheppard Mullin Richter & Hampton logo
Sheppard Mullin is a full service Global 100 firm with over 1,000 attorneys in 16 offices located in the United States, Europe and Asia. Since 1927, companies have turned to Sheppard Mullin to handle corporate and technology matters, high stakes litigation and complex financial transactions. In the US, the firm’s clients include more than half of the Fortune 100.
Explore Firm Details
The New York Attorney General's office and the UK Information Commissioner's Office were busy last month when it came to children's privacy. Both sought input from the public about regulating children's online privacy...
United States New York Privacy
Photo of Liisa M. Thomas
Photo of Tracy Chau
Photo of Kathryn Smith
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

The New York Attorney General's office and the UK Information Commissioner's Office were busy last month when it came to children's privacy. Both sought input from the public about regulating children's online privacy, including on social media.

New York

In New York, the AG office released notices of proposed rulemaking for the New York Child Data Protection Act (effective June 20, 2025) and the Stop Addictive Feeds Exploitation (SAFE) for Kids Act (effective 180 days after rulemaking is complete). In the notice, the AG office is seeking comments to rules for these two laws by the end of this month.

The New York Child Data Protection Act places restrictions on businesses that collect personal information from teens and requires "privacy protection by default." The law includes obligations not only on information collection and use for children under 13, but also for those from 13 to 18. For those under 13, companies must comply with COPPA. The SAFE for Kids Act, on the other hand, governs "addictive social media" patterns on websites and apps for kids under 18.

United Kingdom

Across the pond, the UK ICO has signaled that it will be looking closely at social media platforms' compliance with its UK Age Appropriate Design Code. The Code outlines for companies how to adhere to UK GDPR when offering digital services to children. Similar to New York, the ICO is also asking for public comments, with a deadline of October 11, 2024. It has asked for input how children's data is used by recommender systems and developments in the use of age assurance systems to identify children under 13.

By way of background, the Code calls on companies to adopt privacy-friendly default settings when offering services to children. In April of this year the ICO issued a compliance strategy that offered suggestions for these privacy-friendly defaults. This includes not defaulting to geo-tracking or profiling children. As a further development, late this summer, the ICO reviewed account sign-up flows for over 30 platforms and had concerns with many for not adhering to the Code.

Putting it into Practice: We expect to see more developments in children's privacy through the end of the year, especially in social media space. These two requests for comments are a reminder that regulators expect companies to default to "privacy friendly" settings when interacting with children online.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Liisa M. Thomas
Liisa M. Thomas
Photo of Tracy Chau
Tracy Chau
Photo of Kathryn Smith
Kathryn Smith
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More