Where 20 years of child online protection law went wrong

Coverage Type: 

Two decades after Congress tried to wall off the worst of the Internet in hopes of protecting the privacy and innocence of children, the ramparts lie in ruins. Many popular online offerings maintain they are “not directed” at children. But the services also don’t ask users how old they are. This tactic, lawyers say, helps the companies sidestep the Children’s Online Privacy Protection Act (COPPA), a 1998 law that restricts the tracking and targeting of those younger than 13 but requires “actual knowledge” of a user’s age as a key trigger to enforcement.

As researchers and consumer advocates spotlight the weaknesses of federal protections for children, some members of Congress are pushing to toughen the federal privacy law and to impose legal restrictions on what can be shown to children online. But such efforts are struggling to advance in a Congress consumed by partisan battles. Sen. Ed Markey (D-MA), one of the original sponsors of COPPA, has proposed a bill in 2019 that would strengthen it. His COPPA update, co-sponsored by Sen Josh Hawley (R-MO), would set a broader standard requiring compliance if there is substantial evidence that children are using a website or app. The bill also would bring the United States closer to the children’s privacy standards in the European Union by raising the age of those covered by COPPA to include anyone younger than 16. He also is writing a bill that would implement new standards for children’s online content, echoing previous generations’ rules for kids’ shows on broadcast television. Markey said the portability of mobile devices makes it harder than ever for parents to monitor what their children are watching — or receiving through advertising. Although Markey predicted bipartisan support for his bills, they already are generating resistance from some in the technology industry, whose lobbying corps is among the largest and best funded in Washington.

Sex, drugs, and self-harm: Where 20 years of child online protection law went wrong