BBB National Programs Blog

  • How to Protect Children’s Privacy Beyond Parental Controls

    Children’s privacy is a hot topic in the media these days. It may seem like a new concern but we at the BBB National Programs’ Children’s Advertising Review Unit (CARU) have been keeping an eye on it since the beginning. CARU was established decades ago to promote responsible advertising to children at a time when advertising was mainly on television. The self-regulatory program and its guidelines were designed to adapt to changes in the marketing and media landscape – offline and online - so when concerns about online data collection practices arose, CARU was able to get a jump on it even before lawmakers could pass the federal Children’s Online Privacy Protection Act in 1998.
    May 22
  • Data Protection for Students Relying on a Virtual Learning Environment

    Amidst school closures and other education uncertainties, education technology, or “ed tech” is at the forefront of conversation. We rely on their online tools to facilitate learning in a virtual environment.
    May 20
  • Like Data for Chocolate: Takeaways from a recent mobile video ads case

    Our recent Chocolate decision may seem complicated; it actually serves as an illustration of some very basic responsibilities from the DAA Principles. Collectively, companies’ responsibilities under the Principles all flow from two simple ideas. First, consumers need to know when interest-based advertising (IBA) happens on websites and mobile apps. Second, they should be able to opt out of it if they want to.
    May 20
  • Privacy Shield Compliance Tip #1: Navigating Your Annual Re-Certification

    Re-certification is the process by which you annually re-affirm to DOC your Privacy Shield self-certification. Your annual Privacy Shield re-certification is essentially a process of re-approval, much the same as the initial process of becoming approved under Privacy Shield. The required steps are almost identical to those you went through to secure initial approval of your Privacy Shield self-certification, including verifying that DOC has copies of your most up-to-date disclosures and policies. After submission, your account receives a thorough review by a Privacy Shield team member.
    May 20
  • What is the California Consumer Privacy Act?

    Most Americans are unsure about how their personal data is collected, used, and shared (collectively, processed) by companies, and desire government-mandated protections to ensure they are not harmed by this activity. In the absence of federal consumer privacy legislation, the California State Legislature has stepped in to protect its residents’ privacy. The California Consumer Privacy Act (CCPA) empowers state residents to learn more about how companies process their personal data, demand that companies delete their data, and prohibit companies from selling their data.
    May 20
  • What the Draft CCPA Regs Could Mean for Your Privacy Shield-Compliant Notice

    On October 10, 2019 the California Attorney General released the long-awaited draft regulations under the California Consumer Protection Act (CCPA). CCPA goes into effect on January 1, 2020. The draft regulations interpret and clarify the CCPA. Among these clarifications are detailed descriptions of the requirements of the privacy notices that should be provided to California consumers.
    May 20
  • Consent under the GDPR

    Processing of personal data takes many forms. At times, the entire point of the service that a business provides requires the business to process its customers’ personal data. If someone orders a pair of shoes online, the business must receive and process the person’s physical address in order to complete the delivery. Thus, for the purpose of order fulfillment, the collection and processing (and perhaps even sharing with shipping providers) of the person’s physical address is necessary. Perhaps in a soft sense of “consent,” such a transaction involves the consent of the consumer.
    May 20
  • Why Brexit Matters to Your Privacy Shield Business

    You may have heard that the United Kingdom is expected to exit the European Union soon in a process that many are calling “Brexit.” (For background, this article offers a no-frills Brexit explainer.) The Brexit process continues to be politically contentious, and, though the U.K. is scheduled to leave the EU on March 29, 2019, it is not yet certain whether or not this will happen by that date, either partially or fully.
    May 20
  • A Reminder from the FTC: Making False Statements about Privacy Shield has Consequences

    The U.S. Federal Trade Commission has always taken very seriously any company’s statement about certification, membership, or participation in recognized privacy and security programs. For example, the Commission has cracked down on numerous companies over the years for making incorrect statements about their participation in APEC-CBPR and the Safe Harbor Frameworks.
    May 20
  • EU Privacy Shield Year In Review: 2017

    The first full year of the new Privacy Shield Frameworks was a success for the BBB EU Privacy Shield (BBB EUPS) program, its participants, and EU consumers alike. Reflecting on the progress we have made, and looking forward to the future, we have collected some of the significant developments and accomplishments in this year-in-review blog post.
    May 20