The German Federal Court of Justice recently clarified online platforms' liability for user-generated content, ruling platforms aren't directly liable without knowledge but must act swiftly upon notification, significantly impacting digital service providers across Europe.
Australia’s eSafety Commissioner ordered Telegram to pay AUD 1 million for ignoring transparency obligations. Officials requested details on terrorist and child sexual content steps, but Telegram delayed months, triggering enforcement under the Online Safety Act.
On 28 February 2025, Japan’s Cabinet announced significant plans to introduce a Bill to promote research, development, and practical application of artificial intelligence technologies. The legislation focuses on transparency, protection of rights, and international cooperation.
The Philippines' National Privacy Commission has introduced new guidelines mandating child-friendly privacy measures, including default high privacy settings, age assurance mechanisms, and clear, accessible notices, to safeguard children's personal data across various digital platforms.
The National Privacy Commission (NPC) of the Philippines has taken a major step in safeguarding children’s digital rights with the adoption of the Guidelines on Child-Oriented Transparency (No. 2024-03).
Released on 17 December 2024, these guidelines set a new standard for protecting the personal data of children across various sectors.
Under the new rules, Personal Information Controllers (PICs) and Personal Information Processors (PIPs) are required to implement Child Privacy Impact Assessments (CPIAs).
These assessments must be integrated into existing Privacy Impact Assessments (PIAs) to evaluate risks and ensure protective measures for children’s data. The goal is to create a robust framework that prioritises the best interests of children and recognises their evolving capacities to understand and manage their digital interactions.
Additionally, the guidelines mandate the use of age assurance mechanisms to verify users’ ages and enhance privacy controls. These mechanisms aim to prevent unauthorised access to platforms or services that process children’s personal data.
One of the standout features of the guidelines is the emphasis on high privacy settings by default for children’s accounts. This includes measures such as disabling geolocation services, minimising unnecessary data sharing, and ensuring that profiles are set to private unless explicitly adjusted.
These steps are designed to offer children maximum protection from potential data misuse or exploitation.
The NPC also stresses the importance of easy-to-use privacy settings, allowing children to better understand and manage their online privacy preferences. By making these controls more accessible, the guidelines aim to empower young users while maintaining necessary safeguards.
The new guidelines place significant emphasis on transparency. Privacy Notices, often filled with jargon and legal terminology, must now be presented in clear and plain language tailored to a child’s understanding.
PICs are encouraged to use creative formats such as infographics, videos, and animations to make privacy-related information more engaging and comprehensible.
These notices must inform children about the purpose of data collection, the specific processing activities involved, and their rights as data subjects. The inclusion of just-in-time privacy notices—information provided at the moment data is being collected—ensures that children and their guardians remain informed throughout their digital interactions.
The guidelines further address deceptive design practices, explicitly prohibiting the use of designs or characters that manipulate children into sharing more information than necessary.
This aligns with international standards for ethical data processing and reinforces the NPC’s commitment to upholding children’s rights in the digital environment.
The introduction of layered privacy notices, tailored separately for children and adults, ensures that the unique needs of young users are met without compromising their privacy or security.
In cases of data breaches involving children’s information, the guidelines require prompt notification to both the affected children and their parents or guardians.
This approach underscores the NPC’s emphasis on transparency and its dedication to protecting children from potential harm resulting from data vulnerabilities.
Italy has enforced new rules requiring digital devices to support parental control apps, ensuring parents can monitor children's online activity. The law also prevents companies from using collected data for advertising or profiling, strengthening privacy protections.
The CFPB seeks to categorise certain data brokers as consumer reporting agencies under Regulation V. Doing so would tighten obligations, require more transparency, and ensure consumers can see, correct, and control their own information.
House Bill H.210, introduced in Vermont, outlines new guidelines for digital platforms handling minors’ data. By mandating default high-privacy settings and transparent practices, legislators aim to reduce risks of emotional harm and excessive data harvesting.
Both GDPR and HIPAA are key regulations focused on protecting sensitive data. GDPR applies to personal data of EU residents, while HIPAA governs healthcare data in the U.S. Organisations must comply with both for international operations.
Follow the latest Tech Law news and updates about AI, Digital Assets, Internet Law, Data Protection, LawTech.
