Few issues strike at the core of parents’ concerns more than protecting children’s privacy on the internet. A quarter century ago, Congress enacted the Children’s Online Privacy Protection Act (COPPA) to help give parents more control over the personal information websites collect on their children. Congress needs to revise the act to fully protect children and families from misuse of confidential information on the internet.
The Federal Trade Commission (FTC) enforces COPPA through regulations that impose restrictions on websites that collect data on children to help ensure the confidentiality, security, and integrity of this information. While COPPA proved historic when Congress and the FTC first implemented it, it is clear that the measure, which Congress and the commission haven’t updated in 10 years, is no longer strong enough to meet the challenges of the modern-day digital environment.
In many cases, there are no clear ways to hold bad actors liable under COPPA for failing to protect our children’s data.
Consider SchoolCare, a widely used technology company that “partners with K-12 school nurse offices to seamlessly connect children and their families to health care services.” It was recently sold to a social care company now known as findhelp. Although this effectively constitutes a sale of student data, and seems to violate SchoolCare’s privacy policy that “SchoolCare will NEVER…sell student data to third parties,” there does not appear to be any clear way under COPPA to hold either findhelp or SchoolCare accountable. This is especially concerning considering that, shortly after findhelp’s acquisition of the company, SchoolCare was affected by an August 2022 data breach that put more than two million minors’ information at risk. COPPA does not appear to be adequately protecting this data, so it is long past due for Congress to strengthen it.
In other cases, COPPA has simply proven not to have gone far enough in protecting children from digital abuses.
Matt Cardy/Getty Images
The rule only protects the data of minors younger than 13, even though teenagers (traditionally more active on social media and the internet more generally) face disproportionate risk of having their information collected. For this reason, California recently passed the Age-Appropriate Design Code Act. The bill, which will take effect next year, defines children as anyone under 18 and will require apps and websites to enact more privacy protections for these vulnerable individuals. Other states seek to do the same. However, this is a federal issue, so a federal solution must come to fruition for the problem to be adequately addressed.
Congress has already held over half a dozen hearings on implementing a federal data privacy standard this legislative session. There can be disagreement over a general privacy standard, but there is near unanimity on the need to protect children. While it is clear that the legislative branch is serious about allowing the FTC to implement safeguards for our children’s data, Congress must ensure that it does not let other issues take precedence before the year’s end.
That is regrettably what occurred last year. Although the House Energy and Commerce Committee approved a bill known as the American Data Privacy Act (which would have implemented many much-needed reforms) on a lopsided 53-to-2 vote, the legislative branch ultimately became distracted by other political considerations at the end of the legislative session and did not vote on the bill before it expired.
A July 2022 study by Trusted Future, a nonprofit dedicated to enhancing trust in our digital ecosystem, found that implementing stronger privacy protections is parents’ top congressional priority, with 63 percent saying the legislative branch should focus on protecting privacy. This issue transcends political allegiances because of its significant implications for children’s health, safety, and futures, so Congress would be well-served to allow the FTC to address it at least in part before the upcoming elections.
David Balto is a public interest antitrust and consumer protection attorney and was involved in the enactment of COPPA when he was the Policy Director of the FTC. He advises a wide range of companies on Internet privacy issues.
The views expressed in this article are the writer’s own.
Uncommon Knowledge
Newsweek is committed to challenging conventional wisdom and finding connections in the search for common ground.
Newsweek is committed to challenging conventional wisdom and finding connections in the search for common ground.