As policymakers worldwide reexamine how to more effectively protect children’s privacy online without imposing broad age restrictions across the internet, the Future of Privacy Forum (FPF) recently hosted a webinar to assess diverse approaches to addressing child privacy concerns. The webinar also explored how respective policies can help address the many potential risks children face online, including oversharing, identify theft, physical safety, and exposure to inappropriate content.
“The majority of child privacy laws and proposals are focused on limiting commercialization,” said FPF Director Youth & Education Privacy Amelia Vance. “This includes preventing targeted or behavioral advertising to children, limiting or eliminating the ability to sell or share children’s data, or other protections aimed at limiting children’s exposure to marketing and protecting data from being used in inappropriate ways by companies.”
In addition to child privacy proposals from the European Union, United Kingdom, South Korea, and California, FPF experts highlighted the federal child privacy law in the U.S., the Children’s Online Privacy Protection Act (COPPA), and several of its key limitations.
While two new federal proposals and California’s new consumer privacy law extend the age of COPPA protections to 16, most children in the U.S. are only covered until age 13. Additionally, the ability of the Federal Trade Commission—which is currently reviewing COPPA—to effectively interpret and enforce the law’s standards for determining whether a business has ‘actual knowledge’ that a specific user of their website is a child, or is providing services that are ‘directed’ at children, has varied considerably over the statute’s nearly 20-year history.
“How ‘actual knowledge’ is defined has really changed over time,” Vance said. “We saw in the recent YouTube settlement, for example, the FTC noting that YouTube was telling potential advertisers that there were children on the platform that they could reach.”
FPF’s recent comments to the FTC in response to its ongoing review of COPPA also underscore the need for guidance on the law’s “actual knowledge” definition, as well as for the agency to modernize its policies related to voice-enabled technologies and provide greater alignment with the primary federal student privacy law, FERPA.
When it comes to developing child privacy legislation, Vance cautioned unintended consequences are “incredibly easy to occur.” To mitigate this risk, Vance advised policymakers to be as intentional and clear as possible, and to get input from those on the ground including parents, teachers, school superintendents, attorneys, and children and teens themselves.
“When looking at child privacy, it is important to be focused and ask, ‘what are you trying to regulate?” Vance noted. “Being specific about what potential risks or harms you are trying to mitigate or prevent lends itself to a more targeted bill and one that is more likely to achieve whatever that end goal is.”
Finally, policymakers may need to acknowledge that children today are growing up in a vastly different world. “Look broadly to the stakeholders who you are talking to because schools and homes are very different from how we all grew up as children,” Vance advised. “You want to make sure you’re not limiting some aspect of the digital world that can be important.”
“It’s worth noting that all of this is up for discussion right now,” Vance ultimately concluded. “This is very much an evolving space in the U.S.”
Click here to watch to the full webinar, part of FPF’s ongoing Privacy Legislation Series, which to date has also covered preemption, commercial research and defining covered data. Access the slide deck from the presentation and additional recommended materials on child privacy here.