Children’s Online Privacy Legislation Overwhelmingly Passed by Senate
The Children and Teens’ Online Privacy Protection Act (COPPA 2.0) and the Kids Online Safety Act (KOSA) have been passed by the U.S. Senate this week to better protect children and teens from dangerous online content. These two bills are the most significant children’s privacy bills to be passed by the Senate since the original Children’s Online Privacy Protection Act of 1998 (COPPA), which took effect on April 21, 2000.
The main requirements of COPPA were for website operators to obtain parental consent before collecting the personal information of children under 13 years of age, to provide clear and concise privacy policies, and to display a prominent and easy-to-use mechanism for parents to review and delete their child’s personal information. COPPA requires reasonable security measures to be implemented to protect the confidentiality, security, and integrity of children’s personal information, a COPPA compliance officer must be delegated who is responsible for ensuring compliance with COPPA, and employees must be provided with ongoing training on COPPA compliance.
COPPA 2.0 was introduced by Senators Edward J. Markey (D-MA) and Sen. Bill Cassidy (R-LA). COPPA 2.0 updates COPPA and raises the maximum age of children covered by the law to 17, thus prohibiting website operators from collecting the personal information of children under 17 without consent. Limits are placed on how third-party companies can advertise to individuals under 17 years of age, and there is a ban on contextual advertising to young users. Companies are prohibited from using certain types of personalized data, such as phone location and web surfing histories, and tailored adverts are prohibited for most minors. The definition of personal information has been updated to include biometric indicators such as fingerprints, voiceprints, facial scans, and gait, and a loophole in COPPA has been closed, which allows some companies to track children online if they do not have actual knowledge that those individuals are underage.
KOSA was introduced by Sens. Richard Blumenthal (D‑CT) and Marsha Blackburn (R‑TN) and establishes guidelines for protecting children on social media platforms. The bill was sparked by a whistleblower at Facebook (now Meta) in 2021 who revealed the negative effects of Instagram on the mental health of minors. KOSA creates a duty of care for social media platforms and apps regarding content that may not be suitable for minors and companies that fail to filter out inappropriate content can be sued. Risks must be reduced through design changes or opting out of algorithm-based recommendation systems.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
While KOSA has attracted considerable support, there has also been criticism. Critics warn that the legislation could backfire and cause more harm than it seeks to prevent. There is concern that the legislation could result in the overcensorship of content, as there is considerable room for interpretation of harm.
COPPA 2.0 and KOSA were passed with an overwhelming majority of 91-3, with only Sens. Ron Wyden (D-OR), Mike Lee (R-UT), and Rand Paul (R-KY.) voting against the bills. Sen. Wyden strongly backed some of the elements of COPPA 2.0 but felt that KOSA was insufficient and that future administrations could use the legislation to pressure companies to censor the LGBGT community and reproductive health information. “I fear this bill could be used to sue services that offer privacy-enhancing technologies like encryption or anonymity features that are essential to young people’s ability to communicate securely and privately without being spied on by predators online.”
Sen. Lee felt KOSA did not go far enough, and that the bill would not address the biggest online threats to children and could open the door to political censorship. “This legislation empowers the [Federal Trade Commission] to censor any content it deems to cause ‘harm,’ ‘anxiety,’ or ‘depression,’ in a way that could (and most likely would) be used to censor the expression of political, religious, and other viewpoints disfavored by the FTC.”
Sen. Paul voted against the bill due to concerns about it stifling free speech and not ensuring that the positive aspects of the Internet are preserved. “KOSA would impose an unprecedented duty of care on internet platforms to design their sites to mitigate and prevent harms associated with mental health, such as anxiety, depression, and eating disorders,” explained Paul. “This requirement will not only stifle free speech, but it will deprive Americans of the benefits of our technological advancements.”
Sen. Maria Cantwell (D-WA.), Chair of the Senate Committee on Commerce, Science and Transportation, helped to get the bills through the Senate Commerce Committee and met with families whose children were harmed by online content. “Americans, including kids, are being tracked across the internet and every place they go with a phone or mobile device,” said Sen. Cantwell. “Social media companies are harvesting our children’s personal data and making billions of dollars a year through targeted ads aimed at them. Taken together, COPPA 2.0 and KOSA will give parents new tools to protect their kids online, hold social media companies accountable for harm, require consent before data can be collected, and ban targeted advertising to kids under 17.”
The bills have yet to be passed by the House of Representatives and there is currently no timetable for the bills to be brought to the floor for a vote. President Biden is encouraging the House to send the legislation to his desk without delay for him to sign the bills into law.
