North Carolina Attorney General Josh Stein and 42 other attorneys general are urging the Federal Trade Commission (FTC) to update and strengthen online protections for minors, citing concerns over children’s data privacy.
Under the Children’s Online Privacy Protection Act (COPPA), passed by Congress in 1998, the FTC established regulations for technology companies on how they collect and share personal information about children under 13 years of age. Despite the world’s rapid technological evolution in the past decade, particularly social media and artificial intelligence, the laws to protect minors have not evolved with them.
“It has been more than ten years since the COPPA Rule was amended to address the increased use of mobile devices and social networking,” the letter states. “The digital landscape is a much different place than it was in 2013. We urge the Commission to update the COPPA Rule to keep pace and give State Attorneys General the tools they need to respond to a digital world rife with risk.”
In December, the FTC proposed new protections and offered a comment period. A notable proposal the AGs make is to expand the definition of “personal information.” They say that personal information should include biometric identifiers such as fingerprints, facial data, retina and iris patterns, DNA sequence, and data derived from a voice. Not only should physical information be protected, such as a fingerprint for scanning devices, but also the mathematical representation of the data.
The attorneys general also asked the FTC to adopt a framework for determining whether services qualify for a proposed parental consent exception. They believe that industry partners, platforms, and other non-government entities can play a role in establishing consent mechanisms to enable users to obtain Verifiable Parental Consent (VPC). This could include government-issued IDs, biometric data, or payment card information.
Age verification is a policy proposal commonly debated because of the controversial identity requirement. In 2023, the North Carolina state legislature passed legislation that required pornographic websites to verify the age of those visiting the site.
Age verification approaches can come with privacy costs, warned Matt Perault, the director of the Center on Technology Policy at UNC. With a background working for Facebook’s public policy team, Perault said that asking or requiring a tech company to do more work to understand the ages of their users is essentially telling them to collect more data about their users. The same concerns could apply to parents providing additional documentation for age verification.
“Age verification inherently comes with costs, and approaching it seriously means wrestling with those costs rather than pretending they don’t exist,” Perault told the Carolina Journal. “I think it’s important that we don’t make decisions on the right policy approaches based merely on politics and headlines, but actually on a real evaluation of the likely harms and benefits.”
SEE ALSO: Keeping teens safe online: Can policy balance privacy and security?
His team’s research shows many downsides to age verification approaches. One of his main concerns is the implementation of sound tech policy that assesses the benefits, restrictions, and harms.
“It should be informed by research,” said Perault. “You want policy to be informed by research; […]it’s not clear to me that that’s something that lawmakers are really doing right now.”
In addition, the letter urges the Commission to consider protections for healthcare information and other highly sensitive data. Wearable digital health technology, like a smartwatch, has been the subject of several high-profile privacy and data misuse concerns in recent years.
In a press release, Stein said it’s time for the FTC to “strengthen online privacy protections for kids so we can keep them, and their personal information, safe.”