Assessing 3 Bills To Expand Kids' Online Protections In 2022

Back to News & Insights

February 4, 2022

Insights

Michael P. Canty

Danielle Mazzeo

Carol C. Villegas

Partners Michael P. Canty and Carol C. Villegas and Law Clerk Danielle Izzo are authors of the analysis "Assessing 3 Bills to Expand Kids' Online Protections in 2022," published by Law360 on February 2, 2022.

Data privacy issues dominated law and politics in 2021.
Major data breaches plagued corporations including Colonial Pipeline Co., Microsoft Exchange and Twitch Interactive Inc.¹
The public became aware of internet tracking, in part due to Apple Inc.'s software update providing App Tracking Transparency, which allows users to opt out of app tracking.²

The Wall Street Journal investigated Meta Platforms Inc., formerly known as Facebook Inc., publishing "The Facebook Files,"³ and Big Tech faced damaging whistleblower accusations.⁴

Alongside these events, the U.S. Senate conducted several technology-focused hearings.

First, Antigone Davis, Meta's global head of safety, testified about Facebook's internal knowledge related to Instagram's effect on children.⁵ ⁶

Later, whistleblower Frances Haugen also testified in front of the Senate about Instagram's effect on children,⁷ and urged lawmakers to take action.⁸

Additionally, Snap Inc., TikTok Inc. and YouTube Inc. testified about the privacy protections in place on their platforms, or the lack thereof.⁹

A variety of proposals were submitted in an attempt to effectuate change. As the new year begins, the key question is: Will this pending legislation change the state of data privacy law in 2022?¹⁰

Website and social media operators have enjoyed legal immunity while children have suffered, having sensitive personal information collected and experiencing detrimental psychological effects stemming from the platforms.

Last year's events highlight that Big Tech has gone too far. It is time for the technology industry to be policed. This article assesses three proposed pieces of legislation aimed at expanding protections for children online that may reshape the technology industry this year.

Proposed COPPA Amendment

The Current Version of COPPA

The Children's Online Privacy Protection Act is an existing Federal Trade Commission rule governing website operators with users under 13.¹¹ Among other requirements, websites may only collect personal data from children with parental consent.¹²

Unfortunately, COPPA has been ineffective and underenforced.¹³ Website operators circumvent the requirements by claiming they were not aware of children's presence on their platform to evade liability.¹⁴ In fact, merely posting that users be over 13 is sufficient to absolve website operators of liability, even where data is collected from minors.¹⁵

The Proposed Amendment

In response to these compliance concerns, Sens. Ed Markey, D-Mass., and Bill Cassidy, RLa., proposed a COPPA amendment on May 11, 2021. The amendment would expand COPPA protections by:

Including children up to 15 under the law's purview;¹⁶
Lowering the "actual knowledge" standard to constructive knowledge;¹⁷
Banning targeted advertising to minors;¹⁸
Requiring a deletion feature allowing minors to delete personal information previously collected;¹⁹
Imposing labeling requirements to provide detailed disclosures concerning the type of personal information collected from minors on each platform;²⁰and
Creating a Youth Marketing and Privacy Division of the FTC to regulate online marketing directed at minors.²¹

What to Expect

If passed, the amendment would meaningfully expand online protections for minors.

The lower constructive-knowledge standard would finally hold website operators accountable to the minors that access their platforms. By increasing potential liability, web platforms would be forced to implement long-overdue age verification systems, because merely posting an age limit will no longer suffice.

Companies will be required to make a choice in order to comply with the amendment: either (1) implement and enforce stringent age verification systems, differentiating between practices allowed for adults and prohibited for minors, or (2) completely cease data collection across the board.

Both options make meaningful strides in creating more effective safeguards for children on the internet. In either case, the way the public accesses internet-connected devices would be forever changed.

Equally significant is the amendment's total bar on targeted advertising directed at minors. Again, website operators will be obligated to decide whether to cease targeted advertising across the board, or to develop and implement new tactics to ensure that ads are not being directed to minors based on their personal data.

The amendment could create two internet systems—a system for minors, where personal data is protected from invasive data collection and targeted advertising, and a system for adults, where web operators can continue with business as usual.

This divergence is likely to raise difficult questions for website operators. If targeted advertising can be eliminated for children, why not eliminate it across the board?

KIDS Act

The Components of the Act

The Kids Internet Design and Safety, or KIDS, Act was proposed on Sept. 30, 2021, by Markey; Sen. Richard Blumenthal, D-Conn.; and Rep. Kathy Castor, D-Fla. The goal of this act is to reduce the harms of algorithms and targeted marketing.²²

This act would expand internet protections to minors up to 16. These protections would include:

A lower standard, constructive knowledge, for liability;²³
A ban on certain interface elements or functional aspects of platforms directed to children;²⁴
Limitations on the scope of algorithms;²⁵ and
Regulations on content, prohibiting sexual, violent, unlawful or unrecognizable commercial content, and advertisements for tobacco and nicotine products.²⁶

What to Expect

Aside from imposing new regulations, the KIDS Act will require website operators to completely change the operating features of its platforms, such as alerts, engagement and autoplay features. This would bring about essential change given the harmful effects that likes, follower counts and streaks have on minors.²⁷

The act would also require an overhaul of the algorithms used to operate these platforms. App developers and web operators will become responsible for the content amplified by algorithms, reducing the expansive shield from liability online platforms currently hide behind.

Developers will have to ensure that algorithms are not promoting sexual, harmful or unlawful conduct to minors, a complete change from the existing responsibility for algorithms.

In addition to implementing extensive changes to the core operational features of apps and websites, the KIDS Act prohibits recommending content that includes influencer marketing to minors.²⁸

This change would serve as a positive step toward addressing the FTC's concerns regarding deceptive advertising in influencer marketing.²⁹ Children are particularly at risk of falling prey to unfair or untrue advertisements.³⁰

The act would treat online advertisements for tobacco and nicotine products similarly.³¹

EARN IT Act

The Components of the Act

On March 5, 2020, the Eliminating Abusive Rampant Neglect of Interactive Technologies, or EARN IT, Act was proposed by Sens. Lindsey Graham, R-S.C.; Josh Hawley, R-Mo., Dianne Feinstein, D-Calif.; and Blumenthal. The act was reintroduced on Feb. 1.

The underlying aim of the EARN IT Act is to scale back Section 230 of the Communications Decency Act, which insulates interactive computer services from liability for content published on platforms by third parties.³²

This effort to reduce Section 230 protections comes from concerns about the breadth of the provision and its potential to absolve website operators from all liability.³³

The key to this proposed legislation involves the creation of a committee that would develop rules to govern website operations, referred to as the National Commission on Online Child Sexual Exploitation Prevention.³⁴

These regulations will likely cover content that may be shown to minors and the methods for collecting data from minors online.³⁵

This act is intended to be closely tied to Section 230 of the CDA by requiring website operators to abide by the committee's rules in order to earn Section 230 immunity.³⁶ Accordingly, failure to comply with the established rules would jeopardize and reduce any available Section 230 protection.

Much of this power will be left to the proposed committee. However, the proposed legislation does recommend that the proposed agency consider a few key topics in developing a set of best practices and regulations. These recommendations are largely focused on expanding efforts to eliminate human trafficking and child sexual exploitation online.

This includes, for example, "preventing, identifying, disrupting, and reporting online child sexual exploitation," and "receiving and triaging reports of online child sexual exploitation by users of interactive computer services, including self-reporting."³⁷

What to Expect

While the full scope of the requirements that will be tied to Section 230 immunity are not currently known, we do know for certain that this act will lead the charge in policing conduct in the tech space.

For the first time, the industry will face broad liability without the guaranteed protections of the CDA.³⁸ Tech companies will be forced to implement meaningful, lasting changes in order to achieve the level of immunity that was once automatically granted.

Full development of this proposed agency and its checkpoints may take years, but the passage of the EARN IT Act alone would call for immediate, anticipatory action by companies to take steps to protect user data and privacy.

Conclusion

This proposed legislation, paired with the public spotlight placed on Big Tech in 2021, has set the stage for long-overdue changes to the internet in 2022. Any one of these proposed acts has the potential to create a kid-friendly internet, affording much needed protections to minors and their personal information.

Michael P. Canty and Carol C. Villegas are partners, and Danielle Izzo is an associate, at Labaton Keller Sucharow LLP.

The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.

Read the article here.

¹See Lily Hay Newman, The Worst Hacks of 2021, Wired (Dec. 24, 2021), https://www.wired.com/story/worst-hacks-2021/.

²See Brian X. Chen, To Be Tracked or Not? Apple Is Now Giving Us the Choice, The New York Times (Apr. 26, 2021), https://www.nytimes.com/2021/04/26/technology/personaltech/apple-app-trackingtransparency.html; Chaim Gartenberg, Why Apple's new privacy feature is such a big deal, The Verge (Apr. 27, 2021), https://www.theverge.com/2021/4/27/22405474/apple-apptracking-transparency-ios-14-5-privacy-update-facebook-data; David Ingram, How to take advantage of Apple's new iPhone privacy features, NBC News (Apr. 29, 2021), https://www.nbcnews.com/tech/tech-news/apple-ios-145-update-know-newprivacy-features-rcna796.

³Jeff Horwitz et al., The Facebook Files, The Wall Street Journal (Sept. 13, 2021), https://www.wsj.com/articles/the-facebook-files-11631713039.

⁴See Meredith Whittaker and Ifeoma Ozoma, How Whistleblowers Have Put Big Tech On The Back Foot, NPR (Oct. 21, 2021), https://www.npr.org/2021/10/21/1048129722/howwhistleblowers-have-put-big-tech-on-the-back-foot; Anya Kamenetz, Facebook's own data is not as conclusive as you think about teens and mental health, NPR (Oct. 6, 2021), https://www.npr.org/2021/10/06/1043138622/facebook-instagram-teens-mentalhealth.

⁵See Protecting Kids Online: Facebook, Instagram, and Mental Health Harms available at, https://www.commerce.senate.gov/2021/9/protecting-kids-online-facebook-instagramand-mental-health-harms.

⁶See id.

⁷See Protecting Kids Online: Testimony from a Facebook Whistleblower available at, https://www.commerce.senate.gov/2021/10/protecting%20kids%20online:%20testimony%20from%20a%20facebook%20whistleblower.

⁸See id.

⁹See Protecting Kids Online: Snapchat, TikTok, and YouTube available at, https://www.commerce.senate.gov/2021/10/protecting-kids-online-snapchat-tiktokand-youtube.

¹⁰See Lauren Feiner, 2022 Will Be the 'Do or Die' Moment for Congress to Take Action Against Big Tech, CNBC (Dec. 31, 2021), https://www.cnbc.com/2021/12/31/2022-will-bethe-do-or-die-moment-for-congress-to-take-action-against-big-tech.html.

¹¹15 U.S.C.A. § 6501 (West).

¹²The requirements include: (i) posting a privacy policy on the website; (ii) posting a parental notice on the website; (iii) receiving parental consent; and (iv) maintaining confidentiality of children's personal information. Protecting Children's Privacy Under COPPA: A Survey on Compliance, available at https://www.ftc.gov/sites/default/files/documents/rules/children's-online-privacyprotection-rule-coppa/coppasurvey.pdf.

¹³We've got a crisis of enforcement." Craig Timberg, Sex, Drugs, and self-harm: Where 20 years of child online protection law went wrong, The Washington Post (Jun. 13, 2019), https://www.washingtonpost.com/technology/2019/06/13/sex-drugs-self-harmwhere-years-child-online-protection-law-went-wrong/; Complying with COPPA: Frequently Asked Questions available at, https://www.ftc.gov/tips-advice/businesscenter/guidance/complying-coppa-frequently-asked-questions0#A.%20General%20Questions.

¹⁴Tony Romm and Craig Timberg, Federal Regulators Eye Update to Rules Governing Children's Privacy and the Internet, The Washington Post (July 18, 2019), https://www.washingtonpost.com/technology/2019/07/18/federal-regulators-eyeupdate-rules-governing-kids-privacy-internet/.

¹⁵See Tony Romm and Craig Timberg, Federal Regulators Eye Update to Rules Governing Children's Privacy and the Internet, The Washington Post (July 18, 2019), https://www.washingtonpost.com/technology/2019/07/18/federal-regulators-eyeupdate-rules-governing-kids-privacy-internet/.

¹⁶Proposed COPPA Amendment available at, https://www.markey.senate.gov/imo/media/doc/children_and_teens_online_privacy_protection_act.pdf.

¹⁷Id.

¹⁸Id.; see also Rae Nudson, When Targeted Ads Feel a Little Too Targeted, Vox (Apr. 9, 2020), https://www.vox.com/the-goods/2020/4/9/21204425/targeted-ads-fertility-eatingdisorder-coronavirus; Brian X. Chen, The Battle for Digital Privacy is Reshaping the Internet, The New York Times (Sept. 16, 2021), https://www.nytimes.com/2021/09/16/technology/digital-privacy.html.

¹⁹Proposed Amendment Text, supra note 8.

²⁰Id.

²¹Id.

²²Proposed Text of KIDS Act available at, https://www.markey.senate.gov/imo/media/doc/2_bill_text_-_kids_act.pdf.

²³Id.

²⁴Id.

²⁵Id.

²⁶Id.

²⁷Anne Marie Albano, Is Social Media Threatening Teens' Mental Health and Well-being?, Columbia University Irvine Medical Center (May 20, 2021) https://www.cuimc.columbia.edu/news/social-media-threatening-teens-mentalhealth-and-well-being.

²⁸See FTC Releases Advertising Disclosures Guidance for Online Influencers available at, https://www.ftc.gov/news-events/press-releases/2019/11/ftc-releases-advertisingdisclosures-guidance-online-influencers.

²⁹See The FTC's Endorsement Guides: What People Are Asking, U.S. FED. TRADE COMM'N (Aug. 27, 2020), https://www.ftc.gov/tips-advice/business-center/guidance/ftcsendorsement-guides-what-people-are-asking.

³⁰See Rebecca Klar, Instagram sparks new concerns over 'kidfluencer' culture, The Hill (Apr. 15, 2021), https://thehill.com/policy/technology/548342-instagram-sparks-newconcerns-over-kidfluencer-culture.

³¹Proposed Text of KIDS Act available at, https://www.markey.senate.gov/imo/media/doc/2_bill_text_-_kids_act.pdf.

³²47 U.S.C. §230.

³³Adi Robertson, Congress Proposes Anti-Child Abuse Rules to Punish Web Platforms – and Raises Fears About Encryption, The Verge (Mar. 5, 2020), https://www.theverge.com/2020/3/5/21162983/congress-senate-earn-it-actlindsey-graham-richard-blumenthal-section-230-encryption-bill-proposed.

³⁴Adi Robertson, A New Bill Could Punish Web Platforms for Using End-to-End Encryption, The Verge (Jan. 31, 2020), https://www.theverge.com/2020/1/31/21116788/earn-it-actsection-230-lindsey-graham-draft-bill-encryption.

³⁵Id.

³⁶Proposed Text of EARN IT Act available at, https://www.congress.gov/bill/116thcongress/senatebill/3398/text?q=%7B%22search%22%3A%5B%22earn+it%22%5D%7D&r=1&s=1.

³⁷Id.

³⁸See Casey Newton, Everything You Need to Know About Section 230, The Verge (Dec. 29, 2020), https://www.theverge.com/21273768/section-230-explained-internet-speechlaw-definition-guide-free-moderation; Michael D. Smith & Marshall Van Alstyne, It's Time to Update Section 230, Harvard Business Review (Aug. 12, 2021), https://hbr.org/2021/08/its-time-to-update-section-230.