For decades the Children’s Online Privacy Protection (COPPA) has been the key piece of legislation governing data collection on users under the age of thirteen. Congress is busy debating a flurry of new bills, one of which is an update to COPPA called the Children and Teens’ Privacy Protection Act. While having some positive features, such as not mandating age verification technology which comes with privacy and accuracy concerns, the act could make compliance more difficult for platform operators. 

The Children and Teens’ Online Privacy Protection Act amends COPPA by extending protections to children under the age of 17, creating a mechanism to allow parents to request their children’s information be deleted, and revising the standard by which these rules apply to include situations where the operator could reasonably assume the user is underage.

A major sticking point regarding recent online privacy proposals has been the issue of age verification. Currently, there is no single uniform method used to verify a user’s age, with most websites simply requiring users to state they are at least 13 years old. 

Proposals that include age verification have faced challenges with reliability, unintentionally discriminating against people who lack appropriate documentation such as a government-issued ID, or privacy concerns related to increased data collection.

The Children and Teens’ Online Privacy Protection Act avoids these issues by explicitly stating that nothing should be construed as requiring the implementation of new age verification requirements or the collection of any more user data than is necessary to provide online services. This is a step in the right direction as privacy advocates such as the Electronic Frontiers Foundation have long argued that laws mandating online age verification come with significant threats to data privacy and the ability to use the internet anonymously due to the inherent flaws in existing methods.

However, not everything about the Children and Teens’ Online Privacy Protection Act is positive. For instance, the bill would change the enforcement standard from actual knowledge that some users are children, as it states in COPPA, to “actual knowledge or knowledge fairly implied based on objective circumstances.” 

Advocates of the law, such as representatives Tim Walburg (R-MI) and Kathy Castor (D-FL), argue that this change is necessary in order to close a loophole in COPPA that still allows minors to access social media platforms. The Information Technology and Innovation Foundation argues that this requirement would create a difficult legal environment for companies to operate in.

The Mercatus Center’s policy brief argues that while many websites directed towards children do not attract a large adult audience, the bill covers  overlap between young adults and those in their late teens.. This would put more platforms and websites under the Act even if they were not created with a teenage audience in mind. They would be forced to redirect valuable resources that could be used in other areas, such as improving platform functionality and safety, to compliance matters.

The Children and Teens’ Online Privacy and Protection Act is a mixed bag. While it avoids many of the pitfalls of similar bills, such as mandating age verification, it also creates new problems such as platform liability. More clarification is needed to make the internet safer for both users and platform operators. 

Trey Price is a policy analyst with the American Consumer Institute, a nonprofit education and research organization. For more information about the Institute, visit us at www.TheAmericanConsumer.Org or follow us on X @ConsumerPal.