{"id":7789,"date":"2024-02-05T11:44:12","date_gmt":"2024-02-05T10:44:12","guid":{"rendered":"https:\/\/s8.tgin.eu\/?p=7789"},"modified":"2024-02-05T11:44:13","modified_gmt":"2024-02-05T10:44:13","slug":"data-protection-digest-05022024-social-media-giants-grilled-over-child-safety","status":"publish","type":"post","link":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/","title":{"rendered":"Data protection digest 18 Jan &#8211; 2 Feb 2024: social media industry grilled over child safety and mental health"},"content":{"rendered":"\n<p><em>Child safety online was the subject of a sometimes heated US Congressional hearing, forcing CEOs of the biggest American social media giants to apologise to parents of victims. While legislators are struggling to find a legal solution to the crisis, police are finding evidence of children as young as seven being at risk of harm.<\/em><\/p>\n\n\n\n<p><a href=\"#newslettersignup\"><em>Sign up to receive our fortnightly digest via email<\/em><\/a>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Children at risk<\/h4>\n\n\n\n<p>Last week, the CEOs of Meta, X, TikTok, Snap and Discord were questioned before the US Congress over <a href=\"https:\/\/www.theguardian.com\/us-news\/2024\/jan\/31\/tiktok-meta-x-congress-hearing-child-sexual-exploitation\">alleged harms to young users on their platforms<\/a> &#8211; access to drugs and subsequent overdoses, harassment, grooming and trafficking exploitation, leading in some cases to death. Legislators stated that the industry, through its constant pursuit of engagement and profit, failed to adequately invest in trust and child safety. Executives highlighted controls and tools they have introduced to mitigate harm.\u00a0<\/p>\n\n\n\n<p>US legislators are pushing forward legal solutions to the existing crisis through the debated Kids Online Safety Act and anti-CSAM legislation, as well as <a href=\"https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2023\/12\/ftc-proposes-strengthening-childrens-privacy-rule-further-limit-companies-ability-monetize-childrens\">changes to the COPPA rule<\/a>. Meanwhile in neighbouring Canada, <a href=\"https:\/\/www2.gov.bc.ca\/gov\/content\/safety\/public-safety\/intimate-images\">(British Columbia province), some of the measures<\/a> have just been enforced.<\/p>\n\n\n\n<p>In the EU, a draft Parliament <a href=\"https:\/\/www.europarl.europa.eu\/news\/en\/press-room\/20231110IPR10118\/child-sexual-abuse-online-effective-measures-no-mass-surveillance\">position was adopted by the LIBE<\/a> Committee at the end of last year, now awaiting further enforcement. The privacy regulators meanwhile warn about present risks to children and their personal information online. For instance, the Guernsey data protection authority recently identified a local Snapchat group that includes <a href=\"https:\/\/www.odpa.gg\/news\/news-article\/?id=bcf8b73c-bfbe-ee11-9079-6045bd8c5a56\">children as young as seven<\/a>, possibly encouraging them to share explicit images of themselves. The police now advise parents:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>to have conversations with their children regarding the reputational and long-term risks associated with sharing personal information via such networks, and&nbsp;<\/li>\n\n\n\n<li>ensure children are not using social networks or apps if they\u2019re under the authorised age for those networks\/apps, (13 for Snapchat).&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>In the UK, the Information Commissioner\u2019s Office also created <a href=\"https:\/\/ico.org.uk\/for-organisations\/uk-gdpr-guidance-and-resources\/data-sharing\/a-10-step-guide-to-sharing-information-to-safeguard-children\/sharing-information-to-safeguard-children-marketing-materials\/\">a toolkit of free resources<\/a> to promote responsible data sharing to safeguard children and renewed its age assurance opinion, an important part of its <a href=\"https:\/\/ico.org.uk\/about-the-ico\/what-we-do\/information-commissioners-opinions\/age-assurance-for-the-children-s-code\/\">world-leading Children\u2019s code<\/a>, reflecting developments over the past two years. A similar age-assurance design code was passed into law in <a href=\"https:\/\/californiaaadc.com\/#news\">California<\/a> in 2022.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Legal updates<\/h4>\n\n\n\n<p><strong>Draft AI Act:<\/strong> The draft legislation received a unanimous endorsement from all 27 European Union member states. Negotiations over the shape of the law concluded last December, with the main focus on safeguards for foundation models and the <a href=\"https:\/\/www.europarl.europa.eu\/news\/en\/press-room\/20231206IPR15699\/artificial-intelligence-act-deal-on-comprehensive-rules-for-trustworthy-ai\">use of facial recognition software<\/a>. According to Euractiv analysis, the <a href=\"https:\/\/www.euractiv.com\/section\/artificial-intelligence\/news\/eu-countries-give-crucial-nod-to-first-of-a-kind-artificial-intelligence-law\/\">primary opponent of the political agreement<\/a> was France, which, together with Germany and Italy, asked for a lighter regulatory regime for powerful AI models, that support general-purpose AI systems, (protecting domestic start-ups). Nonetheless, the Parliament insisted on the need for strict guidelines for these models. In April, Parliament will hold its final vote on the law.<\/p>\n\n\n\n<p><strong>German employee data protection: <\/strong>DLA Piper&#8217;s legal analysis looks at the data protection provisions relating to employees and other workers in Germany. Currently, it is largely determined by case law, and <a href=\"https:\/\/privacymatters.dlapiper.com\/2024\/01\/germany-new-legislative-procedure-for-an-employee-data-protection-act\/\">national legislators are very cautious about using Art. 88<\/a> of the GDPR &#8211; the adoption of provisions that specify data protection requirements in the employment context. Even more problematic, relevant provisions of the Federal Data Protection Act, (BDSG),\u00a0 <a href=\"https:\/\/gdprhub.eu\/index.php?title=CJEU_-_C-34\/21_-_Hauptpersonalrat_der_Lehrerinnen_und_Lehrer_beim_Hessischen_Kultusministerium\">after being clarified by the CJEU<\/a> last year, did not meet the conditions set out in the GDPR. Read more on the envisaged <em>Single Employee Data Protection Act<\/em> in Germany, in the <a href=\"https:\/\/privacymatters.dlapiper.com\/2024\/01\/germany-new-legislative-procedure-for-an-employee-data-protection-act\/\">original analysis<\/a>.\u00a0<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Automated decisions<\/strong><\/h4>\n\n\n\n<p>The Isle of Man data protection commissioner reminds the public of Art. 22 of the GDPR which provides individuals with the <a href=\"https:\/\/www.inforights.im\/organisations\/latest-news-updates\/2024\/jan\/data-protection-week-2024-automated-processing\/\">right not to be subject to a decision based solely on automated processing<\/a>, including profiling, which produces legal effects concerning them or similarly significantly affects them. It is permitted to use such methods only: a) with the explicit consent of the individual; b) if necessary for entering into, or performing a contract between the individual and the data controller; or c) is authorised by law. The controller must also have safeguards in place to allow individuals to obtain human intervention regarding the decision, to contest it in certain cases or to express their point of view.\u00a0<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">AI checklist<\/h4>\n\n\n\n<p>The Bavarian data protection authority for the private sector published a draft &#8216;Data Protection and AI&#8217; checklist, (in German). In addition to a legal basis for the creation of AI models and the operation\/use of AI applications, the <a href=\"https:\/\/www.lda.bayern.de\/media\/ki_flyer.pdf\">rights of those affected and other compliance requirements of the GDPR must also be implemented<\/a>. The data protection risk model must be documented and regularly checked to ensure that it is up-to-date and complete. If necessary, the <a href=\"https:\/\/www.lda.bayern.de\/media\/ki_checkliste.pdf\">test points, (see them here)<\/a>, can be checked as part of the control activities by the data protection officer.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Software for schools<\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:30% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"769\" height=\"1024\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/student-5734455_1280-769x1024.jpg\" alt=\"children\u2019s safety\" class=\"wp-image-7791 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/student-5734455_1280-769x1024.jpg 769w, https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/student-5734455_1280-225x300.jpg 225w, https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/student-5734455_1280-768x1023.jpg 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/student-5734455_1280.jpg 961w\" sizes=\"(max-width: 769px) 100vw, 769px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p>The Danish supervisory authority has investigated the <a href=\"https:\/\/www.datatilsynet.dk\/presse-og-nyheder\/nyhedsarkiv\/2024\/jan\/datatilsynet-giver-paabud-i-chromebook-sag\">use of Google Workspace in Danish schools<\/a> in 53 municipalities. The report considers that the municipalities have had no reason to forward student data to Google for the development and measurement of services, ChromeOS and the Chrome browser. The data protection authority also reminds the municipalities that they should have found out how Google processes the transmitted personal data before implementing the tools. Municipalities now have to bring the processing in line with the rules:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Municipalities should no longer pass on personal data to Google for these purposes. This will likely require Google to develop a technical option for the data streams in question to be intercepted.<\/li>\n\n\n\n<li>Google must itself refrain from processing the information for these purposes.<\/li>\n\n\n\n<li>The Danish Parliament provides a sufficiently clear legal basis for disclosure for these purposes.<\/li>\n<\/ul>\n<\/div><\/div>\n\n\n\n<p>A similar investigation on the use of Google&#8217;s teaching platform in schools was conducted <a href=\"https:\/\/tietosuoja.fi\/-\/tanskan-tietosuojaviranomainen-antoi-paatoksen-googlen-ohjelmistojen-kaytosta-peruskouluissa\">in Finland in 2021. The decision does not prohibit the use of the educational platform<\/a> but states that a legal basis must be defined for the processing of students&#8217; data in Google services.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Purpose limitation<\/strong><\/h4>\n\n\n\n<p>How to comply with the principle of purpose limitation? The Latvian data protection authority explains that <a href=\"https:\/\/www.dvi.gov.lv\/lv\/jaunums\/dviskaidro-ka-ieverot-noluka-ierobezojuma-principu\">when your data is transferred to someone else, it is usually done with the confidence that the data will be used for a specific purpose<\/a> that is clearly understood by you. The principle of purpose limitation is closely related to other principles established in the GDPR, such as the principle of transparency, because only by knowing the specific purpose of data processing can a person understand what to expect within the scope of their data processing.\u00a0<\/p>\n\n\n\n<p>Likewise, determining the exact purpose is related to the principles of data minimisation and storage limitation, because depending on the purpose, the amount of data needed to achieve it can be determined, as well as how long the data needs to be stored. The connection is also with the principle of legality because only the data that is planned to be used to achieve a clearly defined purpose will be able to establish an appropriate legal basis. When concluding processing for a different purpose, the controller must first assess whether this purpose is compatible with the initial processing, including the following aspects:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>the connection between the purposes;<\/li>\n\n\n\n<li>the context in which data has been collected;<\/li>\n\n\n\n<li>nature of data;<\/li>\n\n\n\n<li>the consequences that further processing would have for the data subject;<\/li>\n\n\n\n<li>the existence of adequate safeguards in both initial and intended subsequent processing operations.<\/li>\n<\/ul>\n\n\n<div id=\"newslettersignup\"><\/div>\n<div id=\"role-block_194a1e859e64738e6a50160b44132fb7\" class=\"text-t-black bg-t-pink p-6 md:p-12 rounded-tr-50 rounded-bl-50 mb-4 lg:mb-12 text-center role\">\n  \n      <h2 class=\"text-xl lg:text-2xl max-w-screen-lg mx-auto text-t-black font-display mb-4\">\n      Receive our digest by email    <\/h2>\n        <h3 class=\"text-base max-w-screen-lg mx-auto text-t-black font-body mb-4\">Sign up to receive our digest by email every 2 weeks<\/h3>\n  \n  <div id=\"rmOrganism\">\n    <div class=\"rmEmbed rmLayout--vertical rmBase\">\n      <div data-page-type=\"formSubscribe\" class=\"rmBase__body rmSubscription\">\n                  <form method=\"post\" action=\"https:\/\/mailing.techgdpr.com\/145\/6351\/5e9fc3cdda\/subscribe\/form.html?_g=1698845230\" class=\"rmBase__content\">\n                  <div class=\"rmBase__container mx-auto max-w-screen-sm\">          \n            <div class=\"rmBase__section\">\n              <div class=\"text-left rmBase__el rmBase__el--input rmBase__el--label-pos-none\" data-field=\"email\">\n                <label for=\"email\" class=\"rmBase__compLabel rmBase__compLabel--hideable hidden\">\n                  Email address\n                <\/label>\n                <div class=\"rmBase__compContainer mb-2\">\n                  <input type=\"text\" name=\"email\" id=\"email\" placeholder=\"Email\" value=\"\" class=\"p-4 border rounded border-gray-400 w-full rmBase__comp--input comp__input\">\n                  <div class=\"rmBase__compError text-left font-display font-bold text-xs\"><\/div>\n                <\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section mb-4\">\n              <div class=\"rmBase__el rmBase__el--consent\" data-field=\"consent_text\">\n                <div class=\"rmBase__comp--checkbox\">\n                  <label for=\"consent_text\" class=\"flex space-x-2 items-baseline text-left vFormCheckbox comp__checkbox\">\n                    <input type=\"checkbox\" value=\"yes\" name=\"consent_text\" id=\"consent_text\" class=\"vFormCheckbox__input\">\n                    <div class=\"vFormCheckbox__indicator hidden\"><\/div>\n                    <div class=\"vFormCheckbox__label\">\n                                              I consent to the processing of my data, and to receiving regular updates from TechGDPR. Data is processed according to our <a href=\"https:\/\/techgdpr.com\/privacy-policy\/\"> Privacy Notice<\/a>.                                          <\/div>\n                  <\/label>\n                <\/div>\n                <div class=\"rmBase__compError text-left font-display font-bold text-xs\"><\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--cta\">\n                <button type=\"submit\" class=\"inline-flex items-center justify-center px-8 py-3 text-white visited:text-white font-bodybold rounded-md bg-t-navy border-3 border-t-navy hover:border-t-navy hover:bg-transparent hover:text-t-navy transition-all hover:text-white cursor-pointer rmBase__comp--cta\">\n                  Subscribe\n                <\/button>\n              <\/div>\n            <\/div>\n          <\/div>\n        <\/form>\n      <\/div>\n      <div data-page-type=\"pageSubscribeSuccess\" class=\"rmBase__body rmSubscription hidden\">\n        <div class=\"rmBase__content\">\n          <div class=\"rmBase__container\">\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--heading\">\n                <div class=\"rmBase__comp--heading\">\n                  Thank you for your subscription!\n      <!-- this linebreak is important, don't remove it! this will force trailing linebreaks to be displayed -->\n                  <br>\n                <\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--text\">\n                <div class=\"rmBase__comp--text\">\n                  We have sent you an email &#8211; please confirm your email address by clicking the activation link in it.\n      <!-- this linebreak is important, don't remove it! this will force trailing linebreaks to be displayed -->\n                  <br>\n                <\/div>\n              <\/div>\n            <\/div>\n          <\/div>\n        <\/div>\n      <\/div>\n    <\/div>\n  <\/div>\n\n      <script src=\"https:\/\/mailing.techgdpr.com\/form\/145\/6069\/8a53c9178b\/embedded.js\" async><\/script>\n  \n<\/div>\n\n\n\n<h4 class=\"wp-block-heading\">EDPB documentation<\/h4>\n\n\n\n<p>The EDPB published a <a href=\"https:\/\/edpb.europa.eu\/our-work-tools\/our-documents\/other\/one-stop-shop-case-digest-security-processing-and-data-breach_en\">One-Stop-Shop case digest on Security of Processing and Data Breach Notification<\/a>. The relevant decisions were initially filtered using Art. 32 of the GDPR, (security of processing), as the main legal reference. This article establishes an obligation for both data controllers and data processors to implement \u201cappropriate technical and organisational measures to ensure a level of security appropriate to the risk\u201d. The analysis of decisions will provide insights into how regulators interpret these obligations in concrete situations, such as how to protect organisations against hacking, how to ensure meaningful and robust encryption, how to build strong passwords, etc.&nbsp;<\/p>\n\n\n\n<p>The EDPB has launched a <a href=\"https:\/\/code.europa.eu\/edpb\/website-auditing-tool\/-\/releases\">website auditing tool<\/a> that can be used to help analyse whether websites are compliant with the law. It can be used by both legal and technical auditors at data protection authorities, as well as by controllers and processors who wish to test their websites. The tool is Free and Open Source Software under the EUPL 1.2 Licence and is available <a href=\"https:\/\/code.europa.eu\/edpb\/website-auditing-tool\">for download on code.europa.eu<\/a>. The source code is available <a href=\"https:\/\/code.europa.eu\/edpb\/website-auditing-tool\">here<\/a>.\u00a0<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Enforcement decisions<\/h4>\n\n\n\n<p><strong>Prospect data:<\/strong> The French CNIL fined TAGADAMEDIA, (online competition and product testing websites), 75,000 euros<a href=\"https:\/\/www.cnil.fr\/en\/data-brokers-tagadamedia-fined-eu75000\">t<\/a>. The data collected by brokers is sent to the company&#8217;s partners for commercial prospecting. The prospect questionnaire did not allow free, informed and unambiguous consent to be obtained. The <a href=\"https:\/\/www.cnil.fr\/en\/data-brokers-tagadamedia-fined-eu75000\">highlighting of the button allowing users to give their consent contrasted to the one allowing users refuse consent<\/a>, which also featured an incomplete text of reduced size, alongside a strong encouragement for users to agree to the transmission of their data to partners.<\/p>\n\n\n\n<p><strong>Insurance companies:<\/strong> An administrative court in Finland upheld the data protection commissioner&#8217;s decisions on the handling of health data by insurance companies. In some situations, insurance companies request personal health information directly from healthcare providers. However, data should be identified and precisely defined, which means <a href=\"https:\/\/tietosuoja.fi\/-\/hallinto-oikeus-piti-voimassa-tietosuojavaltuutetun-paatokset-vakuutusyhtioiden-terveystietojen-kasittelysta\">only the necessary information from the provider and for the period that is relevant in assessing<\/a> the insurance company&#8217;s liability is required. Also, the insurance applicant&#8217;s data from health services cannot be processed before concluding the contract.<\/p>\n\n\n\n<p><strong>Intrusive scientific research:<\/strong> The Italian regulator sanctioned a municipality for conducting two <a href=\"https:\/\/www.garanteprivacy.it\/home\/docweb\/-\/docweb-display\/docweb\/9977299\">scientific studies, using cameras, microphones and social networks.<\/a> The projects, financed with European funds, aim to develop technological solutions to improve safety in urban areas. It involved footage from video surveillance cameras already installed in the municipal area, as well as audio obtained from microphones specifically placed on the street. One of the projects also analysed hateful messages and comments published on social media, detecting any negative emotions and processing information of interest to the police. The municipality has not proven the existence of any legal framework for the processing: the data was unlawfully shared with third parties and partners. Furthermore, the anonymisation techniques proved insufficient.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Data breaches<\/h4>\n\n\n\n<p><strong>Undetected attacker:<\/strong> America\u2019s <a href=\"https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2024\/02\/ftc-order-will-require-blackbaud-delete-unnecessary-data-boost-safeguards-settle-charges-its-lax\">FTC\u2019s proposed action against Blackbaud<\/a> alleges that the company\u2019s failure to implement some basic safeguards resulted in the theft of highly sensitive data about millions of consumers, including Social Security numbers and bank account information. South Carolina-based Blackbaud provides a wide variety of data, fundraising, and financial services to more than 45,000 companies, including nonprofits, foundations, educational institutions, and healthcare organisations.&nbsp;<\/p>\n\n\n\n<p>In 2020, an attacker purportedly used a Blackbaud customer\u2019s login and password to access certain Blackbaud databases. The attacker rummaged around undetected for three months until Blackbaud finally spotted a suspicious login on a backup server. By then, the attacker had stolen data from tens of thousands of Blackbaud\u2019s customers, which compromised the personal information of millions of consumers. Blackbaud eventually agreed to pay 24 Bitcoin, (valued at about 250,000 dollars), in exchange for the attacker\u2019s promise to delete the stolen data. But Blackbaud hasn\u2019t been able to verify that the attacker followed through.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:33% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"682\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/doctor-6029079_1280-1024x682.png\" alt=\"\" class=\"wp-image-7810 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/doctor-6029079_1280-1024x682.png 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/doctor-6029079_1280-300x200.png 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/doctor-6029079_1280-768x512.png 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/doctor-6029079_1280.png 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p><strong>Data processor supervision: <\/strong>The Danish data protection authority reported Capio A\/S to the police for not having supervised data processors. The private hospital may face a fine of approx 200,000 euros. In particular,\u00a0 the <a href=\"https:\/\/www.datatilsynet.dk\/presse-og-nyheder\/nyhedsarkiv\/2024\/feb\/privathospitalet-capio-as-indstilles-til-boede\">hospital has not been able to ensure and demonstrate that personal data is processed for legal and reasonable purposes<\/a> and in a way that ensures sufficient security for the sensitive personal data of the large number of data subjects in question, over several years.<\/p>\n<\/div><\/div>\n\n\n\n<h4 class=\"wp-block-heading\">Data security<\/h4>\n\n\n\n<p><strong>TOMs:<\/strong> The Swiss data protection authority has revised its guide on <a href=\"https:\/\/www.edoeb.admin.ch\/dam\/edoeb\/en\/Dokumente\/datenschutz\/leitfaden_tom.pdf.download.pdf\/TOM_EN.pdf\">technical and organisational security measures, (in English)<\/a>. The guide is primarily intended for people in charge of information systems, whether technicians or not, who are directly confronted with the problem of personal data management.\u00a0<\/p>\n\n\n\n<p><strong>Cloud: <\/strong>The French CNIL published <a href=\"https:\/\/www.cnil.fr\/fr\/informatique-en-nuage-cloud-la-cnil-publie-deux-fiches-pratiques-sur-le-chiffrement-et-la-securite\">factsheets on encryption and data security<\/a>, (in French). It offers a detailed analysis of the different types of encryption applied to a cloud computing service: encryption at rest, in transit and in-process, and e2ee. The guide also looks at various tools to secure cloud services, (anti-DDoS, WAF, CDN, load balancer), and key vigilance points.<\/p>\n\n\n\n<p><strong>Login:<\/strong> What to do <a href=\"https:\/\/vdai.lrv.lt\/lt\/naujienos\/valstybines-duomenu-apsaugos-inspekcijos-informacija-del-incidentu-susijusiu-su-ivairiu-paslaugu-vartotoju-prisijungimo-duomenimis\/\">if you detect a credential-stuffing attack<\/a>? The Lithuanian data protection authority recommends responding quickly and proactively:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>determining whether the attacker managed to use the available accesses,<\/li>\n\n\n\n<li>blocking potential malicious activity,<\/li>\n\n\n\n<li>notifying users of an attack and encouraging them to change their passwords,<\/li>\n\n\n\n<li>notifying the regulator about the personal data security breach that has occurred,<\/li>\n\n\n\n<li>conducting a thorough incident investigation and implement additional security measures to prevent similar attacks in the future, (2FA, automatic attack detection systems, password policy).<\/li>\n<\/ul>\n\n\n\n<p>Finally, if the attack is systemic or involves multiple platforms, it is recommended to collaborate with other data controllers in analyzing the incident.<\/p>\n\n\n\n<p><strong>Cybersecurity program:<\/strong> As cybersecurity threats continue to mount, you need to show improvements over time to your CEO and customers. How do you measure your progress and present it using meaningful, numerical details? America\u2019s NIST offers a Draft Guidance on Measuring and Improving Your Company\u2019s Cybersecurity Program. It is aimed at different audiences within an organisation &#8211;&nbsp; security specialists and C-suite and can <a href=\"https:\/\/www.nist.gov\/news-events\/news\/2024\/01\/nist-offers-guidance-measuring-and-improving-your-companys-cybersecurity\">help organisations move from general statements about risk level toward a more coherent picture founded on hard data<\/a>.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Big Tech&nbsp;<\/h4>\n\n\n\n<p><strong>Amazon \u201cstalking\u201d employees: <\/strong>The French data protection authority fined Amazon France Logistique 32 mln euros for putting employees under constant surveillance. The company manages the Amazon group&#8217;s large warehouses in France, where it receives and stores items and then prepares parcels for customer delivery. Each warehouse employee is given a scanner to document the performance of certain tasks in real time. Each scan results in the recording and prolonged storing of <a href=\"https:\/\/www.cnil.fr\/en\/employee-monitoring-cnil-fined-amazon-france-logistique-eu32-million\">data used to calculate employee quality, productivity and periods of inactivity<\/a>, (the \u201cerror\u201d margin was set to less than 1.25 seconds or longer than 10 minutes). The company was also fined for video surveillance without information or sufficient security.&nbsp;<\/p>\n\n\n\n<p><strong>Uber has been fined<\/strong> 10 mln euros by the Dutch data protection authority for violating privacy regulations related to its drivers\u2019 data. Uber failed to specify in its terms and conditions the <a href=\"https:\/\/www.autoriteitpersoonsgegevens.nl\/en\/current\/uber-fined-eu10-million-for-infringement-of-privacy-regulations\">duration for which drivers\u2019 data is retained and the security measures in place<\/a>, particularly when transferring data to non-European countries. The fine was imposed following a <a href=\"https:\/\/www.cnil.fr\/fr\/uber-lautorite-neerlandaise-de-protection-des-donnees-prononce-une-amende-de-10-millions-deuros\">complaint by over 170 French drivers<\/a>, which was then forwarded to the French data protection authority and subsequently to the Dutch regulator, as Uber\u2019s European headquarters is in the Netherlands.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Child safety online was the subject of a sometimes heated US Congressional hearing, forcing CEOs of the biggest American social media giants to apologise to parents of victims. While legislators are struggling to find a legal solution to the crisis, police are finding evidence of children as young as seven being at risk of harm. [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":7844,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[94],"tags":[251,288,133,197,106,179,35,266],"class_list":["post-7789","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-protection-digest","tag-age-assurance","tag-automated-individual-decision-making","tag-cloud-services","tag-consent","tag-data-breach-notification","tag-data-brokers","tag-gdpr","tag-minors-data"],"acf":[],"featured_image_urls":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280.jpg",1280,972,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280-150x150.jpg",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280-300x228.jpg",300,228,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280-768x583.jpg",640,486,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280-1024x778.jpg",640,486,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280.jpg",1280,972,false],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280.jpg",1280,972,false],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280-200x200.jpg",200,200,true]},"post_excerpt_stackable":"<p>Child safety online was the subject of a sometimes heated US Congressional hearing, forcing CEOs of the biggest American social media giants to apologise to parents of victims. While legislators are struggling to find a legal solution to the crisis, police are finding evidence of children as young as seven being at risk of harm. Sign up to receive our fortnightly digest via email. Children at risk Last week, the CEOs of Meta, X, TikTok, Snap and Discord were questioned before the US Congress over alleged harms to young users on their platforms &#8211; access to drugs and subsequent overdoses,&hellip;<\/p>\n","category_list":"<a href=\"https:\/\/techgdpr.com\/blog\/category\/data-protection-digest\/\" rel=\"category tag\">Data Protection Digest<\/a>","author_info":{"name":"Olya Vasylyk","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"},"comments_num":"0 comments","featured_image_urls_v2":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280.jpg",1280,972,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280-150x150.jpg",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280-300x228.jpg",300,228,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280-768x583.jpg",640,486,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280-1024x778.jpg",640,486,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280.jpg",1280,972,false],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280.jpg",1280,972,false],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280-200x200.jpg",200,200,true]},"post_excerpt_stackable_v2":"<p>Child safety online was the subject of a sometimes heated US Congressional hearing, forcing CEOs of the biggest American social media giants to apologise to parents of victims. While legislators are struggling to find a legal solution to the crisis, police are finding evidence of children as young as seven being at risk of harm. Sign up to receive our fortnightly digest via email. Children at risk Last week, the CEOs of Meta, X, TikTok, Snap and Discord were questioned before the US Congress over alleged harms to young users on their platforms &#8211; access to drugs and subsequent overdoses,&hellip;<\/p>\n","category_list_v2":"<a href=\"https:\/\/techgdpr.com\/blog\/category\/data-protection-digest\/\" rel=\"category tag\">Data Protection Digest<\/a>","author_info_v2":{"name":"Olya Vasylyk","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"},"comments_num_v2":"0 comments","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Data protection digest 18 Jan - 2 Feb 2024: social media industry grilled over child safety and mental health - TechGDPR<\/title>\n<meta name=\"description\" content=\"TechGDPR\u2019s review of the most important data-related stories: social media industry grilled over child safety and mental health\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data protection digest 18 Jan - 2 Feb 2024: social media industry grilled over child safety and mental health - TechGDPR\" \/>\n<meta property=\"og:description\" content=\"TechGDPR\u2019s review of the most important data-related stories: social media industry grilled over child safety and mental health\" \/>\n<meta property=\"og:url\" content=\"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/\" \/>\n<meta property=\"og:site_name\" content=\"TechGDPR\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-05T10:44:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-05T10:44:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"972\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Olya Vasylyk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:site\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Olya Vasylyk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\\\/\"},\"author\":{\"name\":\"Olya Vasylyk\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/07e9c14fd01b25bd2c1907537e8547e8\"},\"headline\":\"Data protection digest 18 Jan &#8211; 2 Feb 2024: social media industry grilled over child safety and mental health\",\"datePublished\":\"2024-02-05T10:44:12+00:00\",\"dateModified\":\"2024-02-05T10:44:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\\\/\"},\"wordCount\":2436,\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/user-3257935_1280.jpg\",\"keywords\":[\"Age Assurance\",\"Automated individual decision-making\",\"Cloud services\",\"consent\",\"data breach notification\",\"data brokers\",\"GDPR\",\"minors data\"],\"articleSection\":[\"Data Protection Digest\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\\\/\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\\\/\",\"name\":\"Data protection digest 18 Jan - 2 Feb 2024: social media industry grilled over child safety and mental health - TechGDPR\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/user-3257935_1280.jpg\",\"datePublished\":\"2024-02-05T10:44:12+00:00\",\"dateModified\":\"2024-02-05T10:44:13+00:00\",\"description\":\"TechGDPR\u2019s review of the most important data-related stories: social media industry grilled over child safety and mental health\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\\\/#primaryimage\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/user-3257935_1280.jpg\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2024\\\/02\\\/user-3257935_1280.jpg\",\"width\":1280,\"height\":972,\"caption\":\"child safety\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/techgdpr.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data protection digest 18 Jan &#8211; 2 Feb 2024: social media industry grilled over child safety and mental health\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"name\":\"TechGDPR\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/techgdpr.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\",\"name\":\"TechGDPR\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"contentUrl\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"width\":501,\"height\":334,\"caption\":\"TechGDPR\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/techgdpr\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/techgdpr\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/07e9c14fd01b25bd2c1907537e8547e8\",\"name\":\"Olya Vasylyk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"caption\":\"Olya Vasylyk\"},\"description\":\"Creator and editor of TechGDPR\u2019s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/author\\\/olyav\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data protection digest 18 Jan - 2 Feb 2024: social media industry grilled over child safety and mental health - TechGDPR","description":"TechGDPR\u2019s review of the most important data-related stories: social media industry grilled over child safety and mental health","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/","og_locale":"en_US","og_type":"article","og_title":"Data protection digest 18 Jan - 2 Feb 2024: social media industry grilled over child safety and mental health - TechGDPR","og_description":"TechGDPR\u2019s review of the most important data-related stories: social media industry grilled over child safety and mental health","og_url":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/","og_site_name":"TechGDPR","article_published_time":"2024-02-05T10:44:12+00:00","article_modified_time":"2024-02-05T10:44:13+00:00","og_image":[{"width":1280,"height":972,"url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280.jpg","type":"image\/jpeg"}],"author":"Olya Vasylyk","twitter_card":"summary_large_image","twitter_creator":"@techgdpr","twitter_site":"@techgdpr","twitter_misc":{"Written by":"Olya Vasylyk","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/#article","isPartOf":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/"},"author":{"name":"Olya Vasylyk","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/07e9c14fd01b25bd2c1907537e8547e8"},"headline":"Data protection digest 18 Jan &#8211; 2 Feb 2024: social media industry grilled over child safety and mental health","datePublished":"2024-02-05T10:44:12+00:00","dateModified":"2024-02-05T10:44:13+00:00","mainEntityOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/"},"wordCount":2436,"publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280.jpg","keywords":["Age Assurance","Automated individual decision-making","Cloud services","consent","data breach notification","data brokers","GDPR","minors data"],"articleSection":["Data Protection Digest"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/","url":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/","name":"Data protection digest 18 Jan - 2 Feb 2024: social media industry grilled over child safety and mental health - TechGDPR","isPartOf":{"@id":"https:\/\/techgdpr.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/#primaryimage"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280.jpg","datePublished":"2024-02-05T10:44:12+00:00","dateModified":"2024-02-05T10:44:13+00:00","description":"TechGDPR\u2019s review of the most important data-related stories: social media industry grilled over child safety and mental health","breadcrumb":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/#primaryimage","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280.jpg","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2024\/02\/user-3257935_1280.jpg","width":1280,"height":972,"caption":"child safety"},{"@type":"BreadcrumbList","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-05022024-social-media-giants-grilled-over-child-safety\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/techgdpr.com\/"},{"@type":"ListItem","position":2,"name":"Data protection digest 18 Jan &#8211; 2 Feb 2024: social media industry grilled over child safety and mental health"}]},{"@type":"WebSite","@id":"https:\/\/techgdpr.com\/#website","url":"https:\/\/techgdpr.com\/","name":"TechGDPR","description":"","publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/techgdpr.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/techgdpr.com\/#organization","name":"TechGDPR","url":"https:\/\/techgdpr.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/","url":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","contentUrl":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","width":501,"height":334,"caption":"TechGDPR"},"image":{"@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/techgdpr","https:\/\/www.linkedin.com\/company\/techgdpr"]},{"@type":"Person","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/07e9c14fd01b25bd2c1907537e8547e8","name":"Olya Vasylyk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","caption":"Olya Vasylyk"},"description":"Creator and editor of TechGDPR\u2019s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"}]}},"_links":{"self":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/7789","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/comments?post=7789"}],"version-history":[{"count":61,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/7789\/revisions"}],"predecessor-version":[{"id":7885,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/7789\/revisions\/7885"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media\/7844"}],"wp:attachment":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media?parent=7789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/categories?post=7789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/tags?post=7789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}