This week, Senators Ed Markey (D-Mass.) and Bill Cassidy (R-La.) introduced the Children and Teens’ Online Privacy Protection Act, which would update the Children’s Online Privacy Protection Act (COPPA).  COPPA is the comprehensive federal children’s privacy law enacted in 1998 that regulates the collection, use, and disclosure of personal information online from children under 13.

The bill is significantly similar to legislation that Markey and other co-sponsors have introduced in prior legislative sessions, but those bills repeatedly died in committee. Among other things, the proposed legislation would change COPPA in the following ways:

  • Consent from “minors”: Online operators would be prohibited from collecting personal information from users between the ages of 13 and 15 (defined as “minors” in the bill) without the user’s consent. Notably, this consent would be provided by the minors themselves—not their parents.  The bill would not change the definition of “child” or the requirements for children under 13, whose parents must still provide verifiable parental consent.
  • Constructive knowledge standard: COPPA currently applies only to online sites and services that are either directed to children under 13 or have “actual knowledge” that a user is under 13. The bill would change COPPA’s “actual knowledge” standard to a lower “constructive knowledge” standard, meaning that sites and services that have a reason to know that children or minors are using the service would need to obtain verifiable parental consent (or verifiable consent from the minor) before collecting personal information.  The bill includes an extensive description of situations in which a site or service would have constructive knowledge that a user is either a child or a minor.  Notably, the Federal Trade Commission (FTC) has rejected such a standard in the past, stating the “Commission does not advocate that Congress amend the COPPA statute’s actual knowledge requirement at this time. Actual knowledge is far more workable, and provides greater certainty, than other legal standards.” 76 Fed. Reg. 59,804, 59,806 (Sept. 27, 2011).
  • Targeted advertising: Targeted advertising directed at children under 13 would be prohibited altogether, and only permitted for minors who have consented to such marketing.
  • “Eraser button”: Companies would be required to permit parents and kids to request the removal of personal information collected from a child or minor “to the extent technologically feasible.”
  • Privacy dashboard for connected devices: Manufacturers of connected devices targeted to children and minors would be required to prominently display on their packaging a privacy dashboard detailing how personal information is collected, transmitted, retained, used, and protected.
  • “Digital Marketing Bill of Rights” for minors: Companies would be prohibited from collecting personal information from minors unless they agree to comply with a “Digital Marketing Bill of Rights,” which the bill directs the FTC to create through a future rulemaking process.
  • Youth Marketing and Privacy Division at the FTC: The bill would create a new division at the FTC to focus on both the privacy of and marketing directed at children and minors.

Last year, Senators Markey and Richard Blumenthal (D-Ct.) also introduced the Kids Internet Design and Safety (KIDS) Act, aimed at platforms directed to users under 16 years old.  The bill would prohibit certain engagement features (such as auto-play and push notifications), restrict certain content, and limit advertising and marketing.  However, the KIDS Act has not yet been re-introduced this legislative session.

Tags: COPPA, FTC
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Read more about Lindsey TonsagerEmail
Show more Show less