Children’s Federal Online Safety and Privacy: A Tentative Path for Congress

Listen to this post as read by the author:

What We’re Watching

Children’s safety and privacy online.

The focus on protecting children online has taken center stage in the latest push to pass comprehensive data privacy legislation. Just before August recess, two children’s online safety and privacy bills – S. 1418, the Children and Teens’ Online Privacy Protection Act (COPPA 2.0) and S. 1409, the Kids Online Safety Act (KOSA) – passed unanimously out of the U.S. Senate Committee on Commerce, Science and Transportation. These bills previously passed out of Committee in the 117^th Congress but failed to progress to the Senate floor.

Why This Matters

These bills highlight the growing concerns around safeguarding the well-being of youth online. We identified this growing trend toward children’s data privacy in 2022, and the momentum to pass a federal standard is again evident: several states have introduced and even passed children’s data privacy and online safety laws. The Biden Administration, through the State of the Union Address and Executive actions, continues to call on Congress to strengthen protections for children’s privacy, health, and safety online. Moreover, key children’s advocacy groups spoke favorably about these bills.

Additionally, the implications of these bills could extend beyond children’s online privacy. They could significantly impact the larger digital landscape, such as using artificial intelligent systems and content moderation techniques. We have discussed the complexities of legislating in this policy trifecta, and how resulting laws could greatly shape online experiences. Policymakers must be aware of these effects as they design and shape legislation.

KOSA and COPPA 2.0

The Kids Online Safety Act, originally introduced in 2022 by Sens. Richard Blumenthal (D-CT) and Marsha Blackburn (R-TN), was reintroduced in May 2023. The newly amended bill that passed Committee seeks to establish legal standards to protect “minors” (defined to include people under the age of 17) from online harms, such as content promoting self-harm, eating disorders, substance abuse, and others. The amendments notably modify the duty of care which refers to the responsibility of online service providers to design and operate their products in a way that prioritizes the protection of children from potential dangers. Of particular significance, Sen. John Thune (R-SD) added an amendment to KOSA that mandates companies notify users if their content is filtered using algorithms and offers an opt-out option.

The Children and Teen’s Online Privacy Protection Act, originally introduced in 2021 by Sens. Edward Markey (D-MA) and Bill Cassidy (R-LA), was also reintroduced in May 2023. This amended bill seeks to update the existing Children’s Online Privacy Protection Act of 1998 (COPPA). Key provisions in COPPA 2.0 include banning targeted ads to minors and extending privacy protections to users aged 13 to 16.

Key Issues

While the passage of these bills through the committee signifies positive steps toward protecting children online, other issues are still up for debate.

One area currently being debated around these bills is their potential impact on minority groups or LGBTQIA+ communities. Specific parental controls and consent requirements included in these bills raise concerns about the extent of parental surveillance over their children’s internet activities. Additionally, the “duty of care” requirements under KOSA to prevent harm on platforms are thought by some groups to result in broad content moderation that restricts valuable information and support for youth. The bill’s authors amended the language from a duty to “act in the best interests of a user” to a duty to “take reasonable measures in the design and operation of any product, service, or feature” to address these concerns, though advocates continue to express reservations about potential online censorship and its implications for these communities. In the opening statement, Committee Chair Sen. Maria Cantwell (D-WA) expressed support for both bills but asserted she would continue to work with advocates to address their concerns.

Another area currently up for debate revolves around the specific language and requirements for age assurance and verification. The amended bills seek to address some of the concerns around mandates to verify users’ age, however online services are still required to treat minors differently than adult users, for example by incorporating parental tools for young users. This raises questions about the necessity for extensive data collection to identify a user’s age. Distinguishing between websites targeted at children or those with mixed audiences could also potentially imply platforms will need additional information to determine the age of users online. Some advocates are assessing whether these bills could still jeopardize the intended privacy protections. Though the amended bills attempt to address these concerns, the proliferation of state laws with strong age verification requirements and continued study of this issue, emphasized by the FTC’s recent request for comments, underscores the ongoing concerns around this topic.

Another disputed issue is around advertising to youth. The committee made concerted efforts to amend the text to differentiate between targeted or behavioral advertising and contextual advertising, a sticking point for many stakeholders who had reservations about the older version of the bill last Congress. The term “targeted advertising” was replaced by “individual-specific advertising to children or teens” in the amended version of COPPA 2.0 and similarly amended to “individual-specific advertising to minors” in KOSA. This distinction reflects an attempt to address concerns regarding personalized advertising that might exploit young users’ data. However, debates about online advertising (and other types of content recommendations) likely will continue in ongoing privacy debates, including over the comprehensive data privacy bill the American Data Privacy and Protection Act (ADPPA), as stakeholders continue to deliberate on the extent to which advertising practices should be regulated to ensure the protection of privacy and prevent potential exploitation of children.

A Path Forward?

If passed, KOSA and COPPA 2.0 bills could profoundly impact how youth interact and use online platforms by significantly expanding mandated protections. Whether Congress sees a path forward for either of these bills could determine if we see comprehensive federal legislation on children’s online safety and privacy. Both bills have yet to pass the full Senate or be introduced in the House of Representatives. As lawmakers work to reconcile the debated issue areas, there is a possibility that the terminology and key provisions will converge between KOSA and COPPA 2.0. However, it remains uncertain if Congress will attempt to merge the two bills into one unified approach. It is also important to watch for other federal kids’ privacy and safety bills that may gain the spotlight in the coming months and the potential reintroduction of the ADPPA. The House Energy and Commerce Chair and Ranking Member, Reps. Frank Pallone (D-NJ) and Cathy McMorris Rogers (R-WA) have yet to reintroduce this comprehensive federal data privacy bill that also passed out of committee last year.