Connect with us

Privacy

Advocates Push For Higher Age Privacy Threshold As COPPA Proposal Hits Senate

Advocates want age 13 and over for privacy protection as Senate sees COPPA reform proposal.

Published

on

Photo of Richard Blumenthal, Chair of Subcommittee On Consumer Protection

May 19, 2021 — Witnesses in front of a Senate hearing on internet privacy for children recommended a more comprehensive age threshold to encompass more children they say are having their rights violated online, as a proposed bipartisan Senate bill is introduced to include better protections.

Beeban Kidron, a children’s rights advocate, told the Subcommittee on Consumer Protection, Product Safety, and Data Security on Tuesday that current Children’s Online Privacy Protection Act (COPPA) legislation that consider only those under the age of 13 to be children is harming a swath of other children above that threshold.

Kidron said a better age to start with is 18 and below, arguing that no parent would consider a 13-year-old an adult.

On Friday, Senators Ed Markey, D-Massachusetts, and Bill Cassidy, R-Louisiana,  introduced new bipartisan legislation meant to extend greater online consumer protections to minors, including making it illegal for companies to collect data from anyone 13-15 years old without their consent. Additionally, it would create what the bill refers to as an online “Eraser Button,” which would allow consumers to request that they scrub collected data from a child or teen.

The bill is known as the “Children and Teens’ Online Privacy Protection Act,” and is designed to update COPPA, which was passed in 2000.

The proposed bill would establish the Youth Privacy and Marketing Division at the Federal Trade Commission, which would be tasked with ensuring that the consumer and privacy rights of children and teens. It would also ban targeted advertising for children, which uses browser and purchase history, economic status, consumer values, and numerous other variables to direct consumers to ads.

The bill would also raise cybersecurity standards for online devices marketed at children and require that they clearly label what kind of data is collected or transmitted. More broadly, this legislation would require all online companies to disclose what kind of data is being collected from consumers and how it is used.

New legislation is a product of a new environment

Children are being drawn to apps such as Tik Tok, YouTube, Instagram, and other social media platforms, spending more and more time online as education and entertainment becomes increasingly virtual. This raises concerns about how their data is being used, how marketers are targeting them, and even how their social identities are being developed online.

In her opening statement, ranking member Sen. Marsha Blackburn, R-Tennessee, said, “Social media is causing our children to become more distressed than ever before.” She accused platforms of illegally tracking children, as well as exposing minors to harmful and manipulative content.

In his opening statement, Chair of the Subcommittee Richard Blumenthal, D-Connecticut, said, “Eventually, the tech platforms must be held accountable. They must bear liability for obvious violations of criminal and civil law.”

A letter drafted by the committee and sent to Facebook came back with no meaningful commitments; Tik Tok was reprimanded several times throughout the hearing for refusing to appear before the Senate.

COPPA limitations

Serge Egelman, research director of the Usable Security and Privacy Group at the International Computer Science Institute, testified that in a study he conducted, around half of apps marketed towards children violate COPPA.

These ads often promote extreme, unhealthy weight loss and unrealistic beauty and body standards that can be markedly impactful on their mental health and personal identities. These ads can even include age-illegal activities such as drinking or vaping, Egelman said, adding social media platforms demonstrate “grooming” behavior that can lead to a “perilous web” of behavior.

Angela Campbell, professor emeritus of Georgetown Law, said ads directed toward children can also be “unfair marketing” and “manipulative.”

Campbell noted that in 21 years, the Federal Trade Commission has moved to prosecute those in violation of COPPA law only 34 times. In leu of the platforms’ apparent apathy on the subject, the bipartisan committee and witnesses alike are in agreement that the best way forward involves not only expansion of current policy but increased legal and public pressure for tech companies to comply with legal code.

With files from Benjamin Kahn

Privacy

Online Protections for Children Bill Passes Committee Despite Concern over FTC Authority

Opposition to a reformed COPPA include the ability of the FTC to enact broad rule-making.

Published

on

Photo of Senator Edward Markey, D-Mass.

WASHINGTON, July 28, 2022 – The Senate Committee on Commerce, Science and Transportation approved two online privacy protection bills in a Wednesday markup, including an update to legislation that will increase the age for online protection for children.

An update to the Children and Teens’ Online Privacy and Protection Act (S.1628) – which originally passed in 1998 but had amendments proposed last May – would see the age of protections increase from 13 to 15, meaning large internet companies will be prohibited from collecting the personal information of anyone under 16 without consent and ban targeted marketing to those children. The bill passed via voice vote.

Other provisions in the bill include a mandate to create an online “eraser button” that will allow users to eliminate personal information of a child or teen; implement a “Digital Marketing Bill of Rights for Minors” that limits the collection of personal information from young users; and establish a first-of-its-kind Youth Privacy and Marketing Division at the FTC,” according to a summary of the bill’s key components.

“The Senate Commerce Committee this morning took a historic step towards stopping Big Tech’s predatory behavior from harming kids every day,” Senator Edward Markey, D-Mass., who introduced the amendments, said Wednesday.

The other bill, the Kids Online Safety Act (S.3663), will give parents enhanced control over their children’s online activities to “better protect their health and well-being.” The bill, introduced by Senator Richard Blumenthal, D-CT, and Senator Marsha Blackburn, R-TN, passed 28-0.

The bill would put in place additional safeguards and tools, such as platforms giving minors options to protect their personal information and to disable recommendations.

“I don’t think we’ve ever had a piece of legislation that has had such strong support across groups across the country” “Parents want a tool kit to protect their children online,” Senator Blumenthal said during Wednesday’s hearing.

The bills now move to the Senate floor.

Concern about FTC authority under new COPPA

Under COPPA 2.0, the FTC authority includes determining what are “unfair or deceptive acts” in marketing practices and enforcing violations. In May, the agency put out a policy statement specifying its focus on enforcing the existing version of the bill.

Some senators voted against passing COPPA 2.0 over concern that it would give the Federal Trade Commission too much rule-making authority.

Senator Blackburn said there should be more restrictions on the ability of the FTC to make rules so there wouldn’t be overreach.

Similarly, Senator Mike Lee, R-UT, said he was not able to support the bill during markup because he is concerned about “giving a blanket ruling power to the FTC.

“We are at our best when we carefully consider legislation and don’t rush through it,” Lee said.

Continue Reading

Cybersecurity

Rep. Swalwell Says App Preference Bill Will Harm National Security

‘I just want to limit the ability for any bad actor to get into your device.’

Published

on

Photo of Representative Eric Swalwell, D-Calif.

July 27, 2022 – Antitrust legislation that would restrict the preferential treatment of certain apps on platforms would harm national security by making more visible apps from hostile nations, claimed Representative Eric Swalwell, D-Calif, at a Punchbowl News event Wednesday.

The American Innovation and Choice Online Act is currently under review by the Senate and, if passed, would prohibit certain online platforms from unfairly preferencing products, limiting another business’ ability to operate on a platform, or discriminating against competing products and services.

The legislation would ban Apple and Google from preferencing their own first-party apps on their app stores, which would make it easier for apps disseminated from hostile nations to be seen on the online stores, Swalwell said.

“[Russia and China] could flood the app store with apps that can vacuum up consumer data and send it back to China,” said Swalwell, adding that disinformation regarding American elections would spread. “Until these security concerns are addressed, we should really pump the breaks on this.”

Swalwell asked for a hearing conducted by Judiciary Committee of the House with the National Security Agency, Federal Bureau of Investigation, and Homeland Security officials to lay out what the bill would mean for national security.

“I just want to limit the ability for any bad actor to get into your device, whether you’re an individual or small business,” said Swalwell.

Lawmakers have become increasingly concerned about China’s access to American data through popular video-sharing apps, such as TikTok. Last month, Federal Communications Commissioner Brendan Carr called for Apple and Google to remove the app on the grounds that the app’s parent company, ByteDance, is “beholden” to the Communist government in China and required to comply with “surveillance demands.”

The comments follow debate surrounding the bill, which was introduced to the Senate on May 2 by Sen. Amy Klobuchar, D-Minn., on how it would affect small businesses and American competitiveness globally.

Continue Reading

Cybersecurity

Government Should Incentivize Information Sharing for Ransomware Attacks, Experts Say

‘Information sharing between the government and the private sector, while integral to tackling ransomware, is inconsistent.’

Published

on

Screenshot of Trent Teyema of GeoTech Center

WASHINGTON, July 27, 2022 – The federal government should incentivize the reporting of cyberattacks through safe harbor and shield laws, said experts at an Atlantic Council event Tuesday, as a recent law requiring companies in critical infrastructure sectors to report such attacks to the federal government is limited and currently unclear on who exactly it impacts.

The Cyber Incident Reporting for Critical Infrastructure Act passed in March does not cover private companies who do not operate in the critical infrastructure sectors and does not include safe harbor and shield laws that would encourage private companies to engage in the process.

Oftentimes, companies will avoid interacting with law enforcement to avoid the stigma associated with being a victim of a cyberattack and out of fear of being held liable by regulators and investors, said Trent Teyema, senior fellow at technology policy university collaborative GeoTech Center.

Teyema called for a safe harbor framework, a law that provides protection against legal liability when other conditions are met. Such a provision would decrease the risk of companies being held liable for cyberattacks from regulators, investors, and the public.

He also called for shield laws that would protect against revealing certain information to the government as a requirement for receiving law enforcement assistance.

The government needs to make it easy for the private sector to share information with law enforcement, said Teyema.

“Information sharing between the government and the private sector, while integral to tackling ransomware, is inconsistent,” read a report written by Teyema and David Bray, fellow at GeoTech Center. Information sharing across sectors allows cybersecurity experts in both sectors to learn about new vulnerabilities in software and new attack vectors. It strengthens collective resiliency and can influence the processes used to anticipate and respond to threats, continued the report.

Ransomware on the rise

Ransomware attacks in which bad actors demand money to release encrypted data are increasing dramatically, reported the White House last year. Ransomware incidents often disrupt critical services, such as banks, hospitals and schools that require constant access to data. In 2021, there was approximately $20 billion in damages from ransomware attacks in the United States, with $11 billion in 2020 and $5 billion the year before, said Bray.

This follows on the heels of the 2021 Colonial Pipeline hack that targeted the billing system and led to the shutdown of the largest fuel pipeline in the United States. The Russian-speaking cybercrime group responsible, DarkSide, received $4.4 million in ransom from Colonial, part of which was later recovered by the United States law enforcement.

Research firm Cybersecurity Ventures predicts that there will be a ransomware attack every two seconds by the year 2031 with global costs exceeding $265 billion.

Continue Reading

Recent

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Trending