WASHINGTON, June 21, 2022 – Observers at an Information Technology and Innovation Foundation event on Wednesday urged Washington not to take legislation protecting children online down the path of congressional overhaul, instead preferring guidance for the existing text to come from its administrator, the Federal Trade Commission.

The Child Online Privacy Protection Act, passed in 1998, includes online data protections for children under 13. In 2013, as designated by Congress, the FTC updated enforcement rules, giving parents more control over the online collection of their children’s personal information.

Since then, new advances in technology and social media has brought COPPA to the attention of many who consider substantive changes are needed, including privacy experts, senators and U.S. President Joe Biden, who addressed it in his State of the Union address earlier this year.

Some lawmakers have long called for an age increase for those protections through legislative reforms, which came before lawmakers this month introduced a proposal for the first federal privacy law, which would include data privacy protections for children under 17.

“We can’t keep overhauling the regulatory structure,” said Julia Tama, partner at law firm Venable LLP. “It takes a big investment for companies to come up to speed.”

Instead, she said, she wants “improvements on what we have rather than replacing it with a completely different framework.”

In May, the FTC issued a policy statement that will guide its enforcement of COPPA. It focused on four provisions: limiting the amount of data collected for children’s access to educational tools; restricting types of data collected and requiring reasons for why they are being collected; prohibiting ed tech companies from holding on to data for speculative purposes; and prohibiting the use of the data for targeted advertising purposes.

Graham Dufault, senior director for public policy at the App Association, said the FTC should be responsible for potential provisions made to COPPA. “The FTC’s enforcement of COPPA is a really important thing for us.”

But panelist James Cooper, associate professor of law and director of the program on economics and privacy at George Mason University, said COPPA isn’t in need of any major revisions. He said if the legislation requires change, he doesn’t want to see it done through FTC policy statements and instead should come from the crafters in Congress.

“If the FTC feels [the need to] expand COPPA beyond its current boundaries, it should go back to Congress,” Cooper said.

WASHINGTON, June 16, 2022 – Panelists before the subcommittee on consumer protection and commerce recommended Tuesday that a newly-crafted draft for federal privacy legislation introduced earlier this month include online protections for 17-year-olds.

The draft of the American Data Privacy and Protection Act, which would be the first federal privacy law, includes a provision to enhance privacy protections online for children under 17, including restrictions on Big Tech platforms’ data collection and targeted advertisements to those age groups.

But testimony from Jolina Cuaresma, senior counsel on privacy and technology policy at Common Sense Media, suggested that the language include 17-year-olds as well.

If the bill becomes law, she said this would provide a substantial upgrade to the Child Online Protection Privacy Act, which provides online protections for children under 13. “We need to cover all minors under the draft’s protections,” Cuaresma said, adding, “one in four children between the ages of 9 and 17 have had a sexual encounter with an adult online.”

With ongoing discussion about potential changes to COPPA and ensuring children’s privacy online due to increasing use of online educational tools and social media, Rep. Kathy Castor, D-Fl, stated during the hearing, “there is room for improvement in the draft for children’s protections.”

Big Tech regulation

Witnesses also said the draft should make clearer limits for Big Tech companies. Caitriona Fitzgerald, deputy director of the Electronic Privacy Information Center, said, “technology companies have too much power” and have been unregulated for too long. She urged the bill to define responsibilities more clearly for big tech companies, individuals, states, and federal entities.

Chairman Frank Pallone Jr. of the energy and commerce committee stated that if the bill passes, “our kids will be protected from abusive advertising and data transfers, and businesses will be required to protect consumer data or face real consequences.

“Comprehensive national privacy legislation is necessary to limit the excesses of Big Tech and ensure Americans can safely navigate the digital world,” said Pallone.

WASHINGTON, June 3, 2022 – Leaders of the House Committee on Energy and Commerce and the Senate Commerce Committee announced on Friday a discussion draft of a “comprehensive” data privacy bill that they say has been in the making for years.

The bipartisan bill overall addresses a national data privacy framework, a set of consumers’ data privacy rights and appropriate enforcement mechanisms.

The release was announced by the House committee’s Chairman Frank Pallone, D-N.J., its ranking member Rep. Cathy McMorris-Rodgers, R-Wash., and the Senate committee’s ranking member Sen. Roger Wicker, R-Miss.

“In the coming weeks, we will be working with our colleagues on both sides of the aisle to build support and finalize this standard to give Americans more control over their personal data,” they said.

“We welcome and encourage all of our colleagues to join us in this effort to enable meaningful privacy protections for Americans and provide businesses with operational certainty. This landmark agreement represents the sum of years of good faith efforts by us, other members, and numerous stakeholders as we work together to provide American consumers with comprehensive data privacy protections.”

They called the release of the draft a “critical milestone.”

The proposed bill would grant Americans protections against discriminatory use of their data, require covered entities to minimize on the front end the data they collect, enforce loyalty duties and prevent customers from needing to pay for privacy, prohibit targeted advertising for covered entities, enhance data protections for children and minors and establish “regulatory parity” across the internet.

Child privacy has been a particular topic of interest on Capitol Hill, with several high profile hearings taking place with social media companies to investigate their practices of catering to teenage users.