Although Congress has been hard pressed to do anything in the privacy arena – for years – it has managed to get significant traction this year regarding children's privacy. The Senate in late July passed two bills relating to treatment of data about minors online. The first is an update to the decades-old existing privacy law (COPPA) that would, among other things, raise the age of covered children from 12 to 17 and update what is considered “personal” information about them to include biometric data. The other bill (KOSA) would regulate social media platforms by imposing liability on them if they serve content to children that harms their mental health.
WHY IT MATTERS
The House still has to pass some version of these bills in order for them to stay alive in the current Congressional session. With the presidential election looming large, there is no guarantee that will happen. These bills are a bellwether, though, of how lawmakers view children, privacy, and health issues relating to online usage.
KOSA has been the subject of much controversy in privacy and civil rights circles. Critics worry about the potential that social media companies will simply censor information about sensitive subjects rather than take the risk that it will end up in the feeds of young users. The bill has been amended to account for some of these concerns, but they remain the chief policy obstacle to getting consensus behind it.
The updates to COPPA are less controversial, although many people think regulating 17-year-old's as “children” on the internet is dubious. The updates there may also affect tracking and advertising to children who are covered by the law. Otherwise, the essentials of COPPA would not change much; however, the impact of raising its age limit could mean that the law applies to far more websites and services offered online.