At a glance.
- The UK's Age Appropriate Design Code.
- Labor Day ransomware warnings.
- The complications surrounding EU data-sharing regulations.
The UK’s “Children’s Code.”
BBC News says the UK Information Commissioner’s Office’s (ICO’s) “Age Appropriate Design Code,” which came into effect yesterday, was crafted to limit kids’ “physical, emotional and financial harm” and fashion “a better internet for children.” Ireland, and France, TechCrunch notes, are drafting similar guidelines.
Designed to addresses privacy, digital addiction, and advertising concerns, the Code covers foreign and domestic products “likely” to be used by under-eighteens in the UK, including news and retail sites, search engines, messaging services, and networked gadgets, with a focus on streaming, gaming, and social media platforms.
The ICO recommends businesses verify children’s age through AI, “technical measures,” third-party vendors, or the honesty policy, and requires them to build in privacy, limit data collection, protect kids from commercial exploitation, and design for their “best interests”—or face audits and fines. YouTube, TikTok, and Instagram are taking steps like disabling auto-play, turning off notifications at night, banning targeted ads, and restricting adult-to-children messaging.
Some industry groups are calling for greater clarity about the Code’s particulars. Others perceive a trend line towards conflicting recommendations, for example harvesting user age data and weakening end-to-end encryption to promote child safety and privacy. inews reports worries about the free speech implications of a similar Online Safety Bill up for consideration in the UK.
Labor Day lookout: ransomware risk.
While the Administration isn’t aware of any “specific threats,” US Deputy National Security Advisor for Cyber Anne Neuberger cautioned at yesterday’s White House press briefing, holiday weekends often see an uptick in ransomware attacks, NY1 reports. In advance of Labor Day, she said, companies and critical infrastructure operators should revamp their patching, threat hunting, password security, multi-factor authentication, phishing education, backup maintenance, and response planning efforts.
One warning about the holiday threat is based on specific observations: US Cyber Command tweeted this morning that exploitation of unpatched Atlassian Confluence instances is already heavy, and is expected to increase. "Please patch immediately if you haven’t already— this cannot wait until after the weekend."
EU data sharing regulations continue to complicate foreign business.
The EU’s revised standard contractual clauses governing cross-border commercial data transfers taking effect at the end of this month will compel companies to disclose their privacy practices along with domestic laws pertaining to state surveillance, according to the Wall Street Journal. The change entails hundreds of contractual renegotiations for larger companies. As we’ve seen, EU regulators have also moved to restrict local usage of US brands like Microsoft, Zoom, and Cloudflare in the wake of Schrems II. “Seeing these decisions saying don’t use platforms that are just ubiquitous at this point is troubling,” commented International Association of Privacy Professionals VP Omer Tene.