Two US senators on Tuesday proposed a major overhaul of the Children’s Online Privacy Protection Act (COPPA) that would give parents and kids an “Eraser Button” to wipe out personal information scooped up online on kids.
The bipartisan bill, put forward by Senators Edward J. Markey (D-Mass.) and Josh Hawley (R-Mo.), would also expand COPPA protection beyond its current coverage of children under 13 in order to protect kids up until the age of 15.
The COPPA update also packs an outright ban on targeting ads at children under 13 without parental consent, and from anyone up until the age of 15 without user consent. The bill also includes a “Digital Marketing Bill of Rights for Minors” that limits the collection of personal information on minors.
The proposed bill would also establish a first-of-its-kind Youth Privacy and Marketing Division at the Federal Trade Commission (FTC) that would be responsible for addressing the privacy of children and minors and marketing directed at them.
“Rampant and nonstop” marketing at kids
Markey said in a press release that COPPA will remain the “constitution for kids’ privacy online,” and that the senators’ proposed changes would introduce “an accompanying bill of rights.”
As it is, Markey said, marketing at kids nowadays is rampant and nonstop:
In 2019, children and adolescents’ every move is monitored online, and even the youngest are bombarded with advertising when they go online to do their homework, talk to friends, and play games. In the 21st century, we need to pass bipartisan and bicameral COPPA 2.0 legislation that puts children’s well-being at the top of Congress’s priority list. If we can agree on anything, it should be that children deserve strong and effective protections online.
The right of kids to be forgotten
The proposed law has the flavor of the EU General Protection Data Regulation (GDPR), what with the greater control it grants citizens over how their personal data is obtained, processed, and shared, as well as visibility into how and where that data is used.
The citizens, in this case, would be children and their parents, who would be entitled to get their hands on any personal information of the child or minor that’s been collected, “within a reasonable time” after making a request, without having to pay through the nose to get it, and in a form that a child or minor would find intelligible.
The bill also requires that online operators provide a “clear and prominent means” to correct, complete, amend, or erase any personal information about a child or minor that’s inaccurate: in other words, what the senators are calling an Eraser Button.
What would change?
These are the specific privacy protections that the bill would strengthen:
- Prohibiting internet companies from collecting personal and location information from anyone under 13 without parental consent, and from anyone 13 to 15 years old without the user’s consent.
- Banning targeted advertising directed at children.
- Revising COPPA’s “actual knowledge” standard to a “constructive knowledge” standard for the definition of covered operators. Here’s a discussion of the difference.
- Requiring online companies to explain the types of personal information collected, how that information is used and disclosed, and the policies for the collection of personal information.
- Prohibiting the sale of internet-connected devices targeted towards children and minors unless they meet robust cybersecurity standards.
- Requiring manufacturers of connected devices targeted to children and minors to prominently display on their packaging a privacy dashboard detailing how sensitive information is collected, transmitted, retained, used, and protected.
Recently, the FTC has been flexing its COPPA bicep like never before. Last week, video-streaming app TikTok agreed to pay a record $5.7 million fine for allegedly collecting names, email addresses, pictures and locations of children younger than 13 – all illegal under COPPA.
These tech companies know too much about our kids, and we don’t know what they’re doing with that data, Senator Hawley was quoted as saying in Markey’s press release:
Big tech companies know too much about our kids, and even as parents, we know too little about what they are doing with our kids’ personal data. It’s time to hold them accountable. Congress needs to get serious about keeping our children’s information safe, and it begins with safeguarding their digital footprint online.
“Landmark legislation”
Markey’s press release quoted multiple children’s rights campaigners who lauded the bill. One was Josh Golin, Executive Director, Campaign for Commercial-Free Children, who called it “landmark legislation.”
The Markey-Hawley bill rightly recognizes that the internet’s prevailing business model is harmful to young people. The bill’s strict limits on how kids’ data and can be collected, stored, and used – and its all-out ban on targeted ads for children under 13 – would give kids a chance to develop a healthy relationship with media without being ensnared by Big Tech’s surveillance and marketing apparatuses. We commend Senators Markey and Hawley for introducing this landmark legislation and urge Congress to act quickly to put children’s needs ahead of commercial interests.
Mahhn
That’s great the kids are getting the digital rights – that “everyone” should have……
So senators are going to up the age on the age of children’s PII companies are banned from taking/buying/holding.
Everyone should have this, not just children.
Epic_Null
True, but once it is avalible for children, the infrastructure will exist in a way customers know about. With that in mind, others can start requesting those tools be used for them as well.
Meredith
Not going to happen in this administration. We have seen the FCC basically sell our information to the highest bidder with the repeal of Net Neutrality.
The current head was the CEO of Verizon. That should tell everyone that the FCC is not looking out for the interest of the people.
Mahhn
If you say not going to happen “this” administration, best to remember “none” of the previous administrations gave a rats pooper about it either.
CEOs of companies tell the FCC what regulations should be (based on tech-ability, willingness, and public opinion), just like how the Nuclear Regulatory Commission was founded.
CEOs don’t need to wait for the FCC to tell them how to be responsible, but it usually depends on how it affects the budget.
Matt Parkes
How on earth can they introduce the prohibition of IOT devices aimed at children that do not have robust security, unless IoT security has a standard of it’s own to adhere to, a benchmark if you will, this is achievable, also how is every website out there going to know absolutely whether the person engaging with the or with their service is a minor, in order to apply specific child legislation? In my opinion, asking a user “Are you 13 or under” or “Are you 13 and over” does not cut it, people lie or get hold of mommy or daddy’s credit card.
Ulysses
Okay so let just say your kids has personal information online and you decided to erase it. Done! But that doesn’t really delete their information as the company who are hosting it will have access to the information through their servers and backup drives. Therefore, they can still exploit those information and sell it to others for profit.
Steve
I would fully support the items listed above which pertain to security and privacy. But what’s this thing about advertising targeted at kids? Television commercials have been targeted – incessantly, overtly and shamelessly – at children for decades… how or why should online advertising be any different, as long as data collection & retention isn’t involved?
anonymous
Exactly! Cereal and toy commercials pay for the TV shows that kids love.
Kids should be able to have their privacy rights respected online, but it’s crazy to think that companies should be prohibited from subsidizing the free services kids use with advertising.