KOSA & COPPA 2.0: Update on Youth Privacy in the U.S.
Background
Last week, the Senate passed the Kids Online Safety Act (KOSA) and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0). Together, the legislation would create regulations that govern the online content offered to minors by tech and social media companies.
The Senate passed the legislative vehicle which included both KOSA and COPPA 2.0 with overwhelming support, in a vote of 91-3. Assuming similar support in the House this fall, the bill’s passage would mark the first time in 25 years that Congress has passed a law aimed at protecting children on the internet.
KOSA
KOSA seeks to hold companies whose users are under the age of 17 responsible for the harm that their platforms can cause. In furtherance of this objective, the landmark legislation creates a legal “duty of care” for companies with online platforms that are used by minors.
This duty would require that any such company take “reasonable” measures in how their online platforms and products are designed to prevent and mitigate certain harms to which children are particularly vulnerable. Such harms include online bullying, sexual exploitation, substance abuse, and eating disorders. KOSA’s proponents argue that holding companies liable for failing to mitigate these harms it is a necessary first step in regulating big tech and requiring them to protect children from dangerous online content.
Though the creation of a duty of care is perhaps the most groundbreaking provision of KOSA, the legislation would also require the implementation of basic safeguards or guardrails for children on the internet, such as preventing unknown adults from communicating with minors or viewing their personal data and restricting a company’s ability to share minors’ geolocation data.
Online platforms will also be required to default the accounts of children to the strictest privacy settings and provide children with clear opportunities to disable addictive product features and opt out of personalized algorithmic recommendations.
Opponents of KOSA argue that the act raises First Amendment concerns and risks creating a chilling effect by pressuring platforms to limit free expression on the internet. In a final speech before the vote on July 30, 2024, Sen. Richard Blumenthal responded to these critics by reiterating that “[a]t its core[,] this bill is a product design bill.” He further stressed that the ultimate purpose of KOSA is in no way to limit expression or block content, but instead to create an environment for young users that is “safe by design.”
COPPA 2.0
COPPA 2.0 expands and updates the original children’s privacy law that was first passed in 1998.
Most notably, the amended legislation would raise the maximum age of internet protections for minors from 13 to 17. One of the senators who sponsored both the original COPPA and its newest update noted that covering kids under 13 was “all [he] could get” in 1998, “but as the years have passed, and technology has evolved, our online world once again started to look like the Wild West.” Because of the dangers inherent to this new world, proponents of COPPA 2.0 argue that online protections should extend to both children and teens.
The updated legislation would also ban companies from collecting personal information from its minor users without their consent.
Since third parties rely on personal information for targeted advertising, the law would effectively ban the use of targeted advertising for minors. COPPA 2.0 further updates the law’s definition of personal information to include biometric indicators and requires the use of age verification mechanisms to close a loophole that allows some companies to track minors by claiming they do not possess “actual knowledge” that their users are underage.
Closing
If the House passes this bill before January, President Biden has strongly indicated he will sign it. With the future of the American Data Privacy and Protection Act so uncertain, passage of this bill would at least put certain privacy protections in place for minors in the United States.
You can read the full text of KOSA on the U.S. Congress website and that for COPPA 2.0 from the U.S. Senate website.
Please feel free to reach out to the HBS Data Privacy & Cybersecurity team with any questions.
Disclaimer
This material is provided for informational purposes only. It is not intended to constitute legal advice nor does it create a client-lawyer relationship between Hall Booth Smith, P.C. and any recipient. Recipients should consult with counsel before taking any actions based on the information contained within this material. This material may be considered attorney advertising in some jurisdictions. Prior results do not guarantee a similar outcome.
Blog Overview
About the Author
Lea McBryde
Attorney at Law | Charlotte Office
T: 980.949.7826
E: lmcbryde@hallboothsmith.com
Lea McBryde is an Associate in our Charlotte office, where she focuses her practice on data privacy and cybersecurity matters.
Leave a comment
You must be logged in to post a comment.