Two bills aimed at safeguarding children online moved out of committee and into consideration by the full Senate, signaling that the federal government recognizes the need to modernize outdated protections of children and teens.
Days after President Joe Biden endorsed them, the Kids Online Safety Act (KOSA) and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0) moved out of the Committee on Commerce and into consideration by the full Senate. Both bills have bipartisan sponsorship, but that is not necessarily a guarantee of success. Both bills stalled on the Senate floor last year, and neither has been introduced in the House of Representatives yet.
KOSA gives parents tools and safeguards to protect children, and notably imposes a “duty of care” on tech companies to act in children’s best interest. COPPA 2.0 increases the age of protection to 16 (from 13 under COPPA) and also bans advertising targeted at those under 16 years old. One of the key provisions of KOSA requires companies notify users if they are using an algorithm to create content feeds and giving them the right to opt out of the algorithm.
Neither bill authorizes a special regulatory agency, although varying groups of senators have proposed the creation of regulatory groups to ensure technology companies comply with regulations and the broader ethical mandate to protect consumer privacy. As expected, advocacy groups and lobbyists have lined up both for and against the bills.
Only time will tell if these bills fare better than previous attempts to update privacy regulations at the national level.
While both laws would regulate how online businesses interact with minors, they have different objectives and would impose different obligations.
KOSA would require social media, messaging, video game and streaming apps and sites to protect minors from a wide range of ills, including mental health disorders, addictive behavior, sexual exploitation, bullying and harassment, promoting drugs, alcohol and gambling, predatory and deceptive marketing practices and financial harms. KOSA’s cornerstone requirement—and the object of much of its criticism—is the imposition of a duty of care on covered platforms to act in the “best interests” of a user that the platform knows is a minor to prevent or mitigate these harms. Critics charge that this requirement is fatally flawed, because it will likely lead platforms to err on the side of restricting free speech to avoid being sued by a state attorney general or the FTC.
COPPA 2.0 would significantly expand the reach of the nation’s first children’s privacy law--the Children’s Online Privacy Protection Act--by expanding COPPA’s coverage to children under the age of 17. It would also expand the types of online services covered by COPPA from those that are directed to children or to include services that are “reasonably likely” to be used by children or teens unless they verify the user’s age. Given the vagueness around what is “reasonably likely” to be used by children, the law, if passed, is likely to lead to the use of age verification across a broad array of services.
Organizations must recognize that cookie banners and older forms of acquiring and managing consumer consent will no longer suffice, especially for complicated requirements like those put forth under COPPA. They must deploy enterprise consent management solutions. Find out what it takes to make sure you’re compliant in our recent infographic.
Download the PDF version of this Data Privacy Alert here.