The Children’s Online Privacy Protection Act (COPPA) became effective on April 21, 2000. The act is designed to protect children under age 13 by controlling what information is collected from their online activity. Operators of commercial websites and services must post an online privacy policy with regard to their practices for collecting personal information from children, obtain parental consent, and provide parental access to their child’s personal information for review or deletion. COPPA is not designed to prevent children from accessing inappropriate online material but is aimed at giving parents control over online collection, use and disclosure of a child’s personal information.
This act required the Federal Trade Commission (FTC) to issue and enforce regulations which concern children’s online privacy. Violators of COPPA can face civil penalties of up to $51,744 per violation. The appropriate penalty varies on a case-by-case basis. Several factors are considered in determining the penalty such as amount and type of personal information collected, how it was used and number of children involved.
COPPA 2.0 amends the original act to extend the protection of personal information of children and minors up to age 17. This amendment will establish a Youth Privacy and Marketing Division at the FTC to address emerging concerns related to children’s privacy and marketing. The Act will also update the definition of personal information to include biometrics such as fingerprints and facial recognition.
The Kids Online Safety Act (KOSA) aims to address various harms from social media and protect a child’s mental health. This Act would regulate tech companies by requiring them to protect kids from dangerous online content and hold them accountable for the harm their sites may cause. Social media platforms would need to provide a minor with protective options for their information. The social media platforms must disclose details regarding the use of personalized recommendations and marketing to minors, allow reporting of certain harms, refrain from advertising age-restricted products (tobacco, alcohol) to minors and report annually on the risks of using the platform. Certain Internet services are exempt from this Act; Internet service providers, email services and educational institutions.
Enforcement of this Act is also through the FTC.
Both Acts have passed the United States Senate and are now in the hands of the House of Representatives. Regardless of whether these bills will be signed into law, the FTC has been clear that they will continue to enforce issues regarding children’s privacy.