Dan Frechtling, Data Security Thought Leader, explores the U.S. government’s current measures to protect children online and what more needs doing
In December 2022, there was an eleventh-hour effort by lawmakers in to pass two bills to further protect children online in the U.S., but they failed to make it to Congress’s 2023 fiscal spending plan.
The advocacy group Fairplay called the development “beyond heartbreaking,” furthermore sharing that “preventable harms and tragedies” were allowed to continue unimpeded. Lawmakers sponsoring the bills blamed the “behemoth sway” of lobbyists working on behalf of Big Tech.
Dan Frechtling, Data Security Thought Leader, is calling attention to the growing dangers of certain online activities to vulnerable children. He sheds light on the proposed changes and protections, some of which will go into effect in 2024.
To regain the initiative, President Joseph Biden demanded a ban on online ads targeting children during his State of the Union address in February 2023.
The prospect of privacy violations poses a unique threat to children online because the concept of “meaningful consent” is highly nuanced.
What kinds of threats are children at risk of online?
While online, there is a myriad of potential threats: sexual predators, cyberbullies, data collection and misuse of that data and inappropriate or harmful content impacting well-being and mental health.
The collection of a minor’s personal data can be used to promote unlawful, unwanted, inappropriate and malicious ads to children. Financial consequences can occur as well. Amazon, Facebook, TikTok and many other tech giants have faced FTC complaints, fines and litigation related to the unlawful collection of children’s data to influence and promote their products and services to garner revenue.
Even the definition of who constitutes a minor varies by law
Children spend more time online, gaming, surfing and watching videos. The opportunity for their personal data to be gathered and shared is greater than ever. A recent survey by Pew Research Center found there has been an increase in daily teen internet users, from 92% in 2014-15 to 97% as of 2022. In addition, the share of teens who say they are online almost constantly has roughly doubled since 2014-15 – currently about 46% and 24% then.
Parental consent is rarely gathered, making it nearly impossible to protect our children.
Current regulations have many areas of loopholes and grey areas. Even the definition of who constitutes a minor varies by law.
What is the biggest privacy threat to children online?
There are many, but exposure to potentially harmful content or targeted ads that could influence behaviour. Think in terms of sexual exploitation, substance abuse, cyberbullying, self-image and self-harm.
Think in terms of sexual exploitation, substance abuse, cyberbullying, self-image and self-harm
Additionally, bad actors and predators online may access children’s data and use it for nefarious purposes, even contacting them directly. This potential threat can have grim consequences and is of tremendous concern.
What laws are there to protect children online?
Two key acts currently provide some level of protection to underage internet users. They are COPPA and the California Consumer Privacy Act (CCPA).
In April of 2000, the Children’s Online Privacy Protection Act (COPPA) came into effect. It is the only federal act addressing the harmful effects of targeted advertising on children. The legislation requires “verifiable consent” before data can be collected from underage users. Additionally, COPPA compels digital service providers and website publishers to reveal how and why a child’s user data is being collected.
In 2013, the law was amended to extend the definition of “children’s personal information” to include cookie trackers, geolocation data and any audio-visual information. Despite all the items COPPA addresses, it is still considered inadequate in terms of its applicability (children under 13 years) and innovations in online technologies.
The California Consumer Privacy Act (CCPA) is the first and most influential state-level data privacy law. It addresses loopholes left by COPPA. Among other things, CCPA:
- Increases the age of data consent to 16 years. Minors under 16 must personally authorize the collection of personal information for clearly disclosed purposes, whereas children under the age of 13 require parental consent.
- Defines personal information to include geolocation, IP addresses, shopping and browsing history, and consumer preferences.
- Assumes a business that willfully disregards the consumer’s age has actual knowledge of the consumer’s age.
California has passed another bill to strengthen children’s data privacy. The California Age-Appropriate Design Code Act (CAADCA), which goes into effect July 1, 2024, expands the definition of children under 18. It also compels businesses to “estimate the age of child users with a reasonable level of certainty.” Further, CAADCA applies to companies developing services children are “likely” to access, as opposed to being directed at them.
Should the government be doing more to protect children online?
Absolutely. There are two new laws currently on the Senate floor: The Children and Teens’ Online Privacy Protection Act (CTOPPA) and the Kids Online Safety Act (KOSA). Drafts for both CTOPPA and KOSA remain on the floor of the U.S. Senate pending voting.
KOSA focuses on the features and designs of websites directed at children or used by children and teens. It stipulates publishers apply the strictest privacy setting as the default option for minors. The act requires social media sites to stop displaying or propagating certain content to minors, including content related to self-harm and substance abuse.
Further, it compels publishers to allow children and parents to opt out of recommendation systems using a minor’s data and limits the time juveniles spend on a service.
CTOPPA seeks to amend COPPA and is referred to as COPPA 2.0. It strengthens regulations surrounding the online collection, use and disclosure of children’s personal information. The goals of the bill include a mandate that businesses obtain explicit data collection consent from children between 13 and 16. Further, it bans targeted marketing for users below 16 years of age. It calls for websites to create an “eraser button” so users can eliminate all personal information collected from children. And finally, it dictates businesses and websites reasonably determine whether their users are, in fact, children.
The FTC has taken action, such as the $245 million settlement with Epic Games, the maker of the Fortnite video game. The FTC said that Epic used dark patterns to mislead players to make unwanted purchases, allowing children to accrue unauthorized charges and no parental consent. The FTC also recently settled with Edmodo over the lack of parental consent before sharing children’s data.
Additionally, many states have and continue to enact laws to protect children across the country.
What is Joe Biden doing to protect children online?
President Joe Biden has emphasized that parents and legislators are working toward prioritizing the safety and well-being of children over profit and revenue.
Biden is definitely putting pressure on the government. He reinforced the importance of the news laws, CTOPPA and KOSA in his State of the Union address this year. It will be up to lawmakers to overcome lobbyists and the tech industry in order to make these laws real and enforceable.
How can parents help children avoid risks online?
Education and monitoring are necessary.
Start by helping children understand ad targeting and malicious actors online. Setting parental controls on sites your children frequent is another good protection. Create limits and rules on what sites they are allowed to frequent.
Also, parents can and should research and support brands that do have privacy policies in place and adhere to or even exceed current regulations.
This piece has been written and provided by Dan Frechtling, Data Security Thought Leader and CEO of Boltive Q&A.