This week, Senators Ed Markey (D-Mass.) and Bill Cassidy (R-La.) introduced the Children and Teens’ Online Privacy Protection Act, which would update the Children’s Online Privacy Protection Act (COPPA).  COPPA is the comprehensive federal children’s privacy law enacted in 1998 that regulates the collection, use, and disclosure of personal information online from children under 13.

The bill is significantly similar to legislation that Markey and other co-sponsors have introduced in prior legislative sessions, but those bills repeatedly died in committee. Among other things, the proposed legislation would change COPPA in the following ways:

  • Consent from “minors”: Online operators would be prohibited from collecting personal information from users between the ages of 13 and 15 (defined as “minors” in the bill) without the user’s consent. Notably, this consent would be provided by the minors themselves—not their parents.  The bill would not change the definition of “child” or the requirements for children under 13, whose parents must still provide verifiable parental consent.
  • Constructive knowledge standard: COPPA currently applies only to online sites and services that are either directed to children under 13 or have “actual knowledge” that a user is under 13. The bill would change COPPA’s “actual knowledge” standard to a lower “constructive knowledge” standard, meaning that sites and services that have a reason to know that children or minors are using the service would need to obtain verifiable parental consent (or verifiable consent from the minor) before collecting personal information.  The bill includes an extensive description of situations in which a site or service would have constructive knowledge that a user is either a child or a minor.  Notably, the Federal Trade Commission (FTC) has rejected such a standard in the past, stating the “Commission does not advocate that Congress amend the COPPA statute’s actual knowledge requirement at this time. Actual knowledge is far more workable, and provides greater certainty, than other legal standards.” 76 Fed. Reg. 59,804, 59,806 (Sept. 27, 2011).
  • Targeted advertising: Targeted advertising directed at children under 13 would be prohibited altogether, and only permitted for minors who have consented to such marketing.
  • “Eraser button”: Companies would be required to permit parents and kids to request the removal of personal information collected from a child or minor “to the extent technologically feasible.”
  • Privacy dashboard for connected devices: Manufacturers of connected devices targeted to children and minors would be required to prominently display on their packaging a privacy dashboard detailing how personal information is collected, transmitted, retained, used, and protected.
  • “Digital Marketing Bill of Rights” for minors: Companies would be prohibited from collecting personal information from minors unless they agree to comply with a “Digital Marketing Bill of Rights,” which the bill directs the FTC to create through a future rulemaking process.
  • Youth Marketing and Privacy Division at the FTC: The bill would create a new division at the FTC to focus on both the privacy of and marketing directed at children and minors.

Last year, Senators Markey and Richard Blumenthal (D-Ct.) also introduced the Kids Internet Design and Safety (KIDS) Act, aimed at platforms directed to users under 16 years old.  The bill would prohibit certain engagement features (such as auto-play and push notifications), restrict certain content, and limit advertising and marketing.  However, the KIDS Act has not yet been re-introduced this legislative session.

Print:
EmailTweetLikeLinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the…

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the U.S. Congress, and other federal and state regulators on a proactive basis, she has experience helping clients respond to informal investigations and enforcement actions, including by self-regulatory bodies such as the Digital Advertising Alliance and Children’s Advertising Review Unit.

Ms. Tonsager’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, behavioral advertising, e-mail marketing, artificial intelligence the processing of “big data” in the Internet of Things, spectrum policy, online accessibility, compulsory copyright licensing, telecommunications and new technologies.

Ms. Tonsager also conducts privacy and data security diligence in complex corporate transactions and negotiates agreements with third-party service providers to ensure that robust protections are in place to avoid unauthorized access, use, or disclosure of customer data and other types of confidential information. She regularly assists clients in developing clear privacy disclosures and policies―including website and mobile app disclosures, terms of use, and internal social media and privacy-by-design programs.