Privacy Talk with Steven Ward, Resident Privacy and Security Fellow, Cybersecurity and Emerging Threats at R Street Institute, What is discussed about kid’s privacy in the United States?
“This interview recorded on 12th March 2024 is talking about Kids’s privacy legislation and federal privacy and security law.”
Kohei is having great time discussing Kids’s privacy legislation and federal privacy and security law.
This interview outline:
- What is discussed about kid’s privacy in the United States?
- What is the current status of states privacy legislation?
- What is discussed about kid’s privacy in the United States?
Steven: Recently, we’ve seen a trend at the state and federal level to focus on children’s privacy. For example, the Kids Online Safety Act. The STOP CSAM act in the The EARN IT Act.
For good reason, too. We should protect children’s privacy. I agree with that, whatever so. But I also believe it shouldn’t be done in a way that decreases data security.
And that is something that we definitely have seen in the STOP CSAM Act and The EARN IT Act which those laws undermine end to end encryption.
And I believe just from my experience in computer forensics and just seeing how effective it can be. It’s vital to protecting sensitive data. So things that we often don’t think of is the amount of data that if we didn’t have any end to end encryption, the amount of data that would be sent without being encrypted.
And a lot of these laws are focused on CSAM which is, you know, just disgusting and deplorable stuff that’s out there. It shouldn’t be stopped and ended. It definitely needs to be funded. And there needs to be funding into law enforcement agencies that are investigating those crimes.
But things that are that are overlooked is the amount of self generated CSAM by you know, just kids that are just being kids, you know, taking their own photographs and thinking of sending it to someone else that they think is going to respect their privacy and they don’t and they send it to someone else.
So in a lot of times, they will use applications or software that makes those things encrypted those sensitive photographs. And so when you take those tools away from not just children but anyone, you compromise data security in general.
So I think that these types of cases or these types of laws should be looked at but it shouldn’t compromise encryption. And if they do pass this type of law, they need to really focus on funding organizations that are investigating these crimes which are incredibly underfunded.
Kohei: Thank you. In addition to the privacy law in the US. There is, like COPPA, is the kind of protecting kids’ privacy. So, how do you think the COPPA is comprehensive and protected under technical innovation at this moment?
Steven: I’m sorry, can you repeat that question again?
Kohei: Okay. Do you think that there is a children’s privacy regulation in the US. Do you think it’s applicable to the new tech, new innovation at this moment?
Steven: I think that COPPA is an extremely important law. I think that with a lot of things that there are areas of that law that should be updated. And one of the areas that should be updated and looked at is the data security requirements in COPPA.
And that is, there is or there was it just closed. There was a request for comments on FTC rulemaking around COPPA to update it. And we’ll see where that goes. But yeah, in general, it’s a very important law that helps protect children. I just feel like it. Perhaps it’s been tested by time. It needs a few updates.
Kohei: Thank you. In your article that you mentioned about some of the new trends in kid’s data privacy and security. That’s been very helpful for the viewers to understand the current status of the privacy discussion space right now.
So let’s move to the next questions. It’s about the state privacy legislation in the US. You mentioned in the article. There are some of the new trends such as the forerunning in California, or other states are trying to do that and also the security requirements such as the CIS control some kind of action. So could you share about the current US state privacy legislations?
- What is the current status of states privacy legislation?
Steven: I think the article you’re referring to has been about the quest for reasonable security. A lot of these laws, whether it’s federal law, like the GLBA or HIPAA, or the state laws in California like the CPRA that I’m in mean to the CPPA and also the GDPR they all have this very big and subjective criteria was like you know, organizations must implement reasonable security.
And that article goes through the, you know, challenges to what is actually reasonable. And the article basically kind of comes to a conclusion that we can use California enforcement, we can use legislation and state enforcement to kind of guide what reasonable security is.
And part of that is looking at these enforcement actions that have happened to organizations and learning from their mistakes, kind of understand what is reasonable and one thing that we know is pretty clear what is reasonable is multi-factor authentication, access controls and encryption.
So even if they even say enforcement is saying how important encryption is, why is it important that when I refer it back to like the CSAM Act and The EARN IT Act is that they’re kind of coming after encryption, whereas the state laws and these are saying, hey, encryption is important.
So we know that is kind of a baseline start for what is reasonable security. We’ll also see that it is helpful because you want a security law that is adaptable and flexible. And this type of call it non-prescriptive approach to security allows organizations to come to the table and implement security safeguards that fit their organization’s best needs.
Kohei: That’s very informative in your article. It’s a help in explaining the current privacy registration at the state level. Do you think any kind of issues to establish the privacy and security legislation at the state level such as the lack of funding, lack of resources, and those kinds of practical things. So do you have any things that we need to discuss about the future state legislation?
Steven: Um, I mean, also, I’ll say that this year has been kind of promising messaging coming from Washington, DC. You know, there’s been recently there’s just been urgent calls for federal privacy law, including support from President Biden in his most recent executive order on data brokers, where he calls out that there is a need for comprehensive federal privacy and security law which is something that we haven’t been able to get done.
And so there’s optimism that Congress needs to work and pass a law that was similar to the American Data Privacy Protection Act, which during the 118th Congress passed that committee I think we 53–2, some of that was a vote so it was a huge bipartisan approach to a comprehensive privacy law that would have benefited all Americans. So something like that could be passed in the near future. That’s my optimism. But there’s also a lot of work that needs to be done.
Kohei: Thank you for sharing insights and the next question about. It’s a current federal privacy law that you speak a bit about in the previous question. In your article you mentioned an AI trend which is highly impacting the federal privacy law in the future as well. So could you just share about your experience, your opinion, the ideas, what do you expect from the federal privacy law in the future?
Thank you for reading and please contact me if you want to join interview together.
Privacy Talk is the global community with diversified expert, and contact me below Linkedin if we can work together!
