One of the biggest tasks of any parent is to protect their children from content that isn’t age-appropriate. While this was relatively easy when most media was consumed in magazines and large TVs, portable devices like smartphones and tablets have made it harder than ever to stay on top of your children’s media consumption.
That’s why legislation like the Children and Teens’ Online Privacy Protection Act (COPPA) requires social media companies to have more comprehensive controls over your children’s data and the kind of content they have access to online. Recently, the U.S. Congress introduced a bill to expand the scope of this law, which would stretch the responsibilities of social media platforms and your children’s online privacy rights.
What Is COPPA?
COPPA is a federal law that requires social media providers to protect the privacy of all users under the age of 13. The law was passed by the U.S. Congress in 1998 and is enforced by the Federal Trade Commission (FTC). In short, the purpose of COPPA is to protect children under 13 from being targeted by commercial websites and predators who may try to get children to disclose more information than is deemed safe or appropriate.
Current COPPA legislation regulates:
- When and how parents must provide verifiable consent for their child’s use of social media
- How websites must require verifiable parental consent for certain actions, including the collection of any personal information
- The general responsibility of a website in protecting the privacy and safety of all its users under 13
What Websites Does COPPA Apply To?
Not all websites and apps are required to comply with COPPA. Generally, only those that have actual knowledge of having users under the age of 13 are required to maintain COPPA compliance. Here is a list of all online operators that are required to comply with COPPA regulations:
- All social media websites and apps
- Commercial websites or apps directed at children under 13
- Commercial websites or apps that have knowledge of children under 13 using the app
- Any ad network or third-party plugin that has knowledge of collecting personal data from any website that is required to comply with COPPA
- Geo-location services
- Gaming platforms with internet connectivity
- VoIP services
Keep in mind that COPPA rules also apply to third-party app and website developers that provide services to an operator that is regulated by COPPA. For example, a certain plugin or add-on that isn’t required to comply with COPPA on its own would be required to do so if providing services through an online platform that is required to comply with COPPA.
Why Do Children Need Extra Protections From Social Media Companies?
Unsupervised social media use can be harmful to children, especially those under the age of 13. As an adult on the internet, you’re probably familiar with scamming and phishing attempts. However, children can fall prey to scamming more easily attempts as they are unable to discern between safe and unsafe interactions on the internet. Even companies can take advantage of unsuspecting children online. For example, research shows that over 75% of children between 8 and 11 years old cannot accurately distinguish between ads and original content, making them more likely to fall for predatory business tactics.
How Can Websites and Apps Comply With COPPA Laws?
While COPPA doesn’t include specific details on how the privacy and safety of children should be protected, the FTC offers a wide range of guidelines and regulations to ensure COPPA compliance. These regulations require operators subject to COPPA to:
- Clearly display parental consent forms that may be downloaded, mailed or faxed to the operator
- Allow parents to consent to the operator’s collection of data but prohibit it from sharing said data with third parties
- Take reasonable measures to ensure that parents are aware of the operator’s privacy notice regarding children’s data collection
- Take reasonable steps to ensure the privacy of the child
- Only collect personal information when necessary and strictly for the purpose for which it was collected
- Delete all personal information when no longer necessary to prevent data theft or unauthorized further use
- Require parental authorization for any online transactions by authenticating age through a credit card
- Not request more personal information than is reasonably necessary to participate in an activity or receive a service
- Take reasonable steps to ensure that all child data collected is kept safe and confidential
What Would the New COPPA Update Do?
Lawmakers in the U.S. Congress are trying to amend the current COPPA regulation to reflect the drastic changes in internet use that have happened over the past 25 years. Since COPPA’s introduction in 1998, social media websites have grown exponentially and online privacy challenges have continued to increase. As such, this law seeks to expand the scope of COPPA protections and close loopholes.
First, the “COPPA 2.0” amendment would raise the age of COPPA compliance from 13 to 16. This would include a larger share of teenagers who are also susceptible to online privacy attacks. The proposed amendment would also create tighter requirements for operators by requiring compliance from all those with reasonable expectations that children under 16 are using their service. Currently, only those with actual knowledge of children under 13 using their service are required to comply with COPPA regulations, which makes it easy for operators to turn a blind eye to underage users.
COPPA 2.0 would also introduce a strict age-verification process for all account holders. This would prevent children from circumventing age restrictions by lying about their age when creating an account. In order to do this, the Secretary of Commerce would create verifiable digital identification credentials for online users. These credentials would be linked to a user’s real identification documents, such as a driver’s license or Social Security card.
Finally, the COPPA amendment would create a Youth Privacy and Marketing Division at the FTC to enhance the monitoring of marketing practices toward children. This division would be required to report directly to the U.S. Congress on the work being done to protect minors and its effectiveness.
This is the third attempt at reforming the COPPA laws, after a 2013 update that included app developers and ad network companies in the list of operators required to comply with COPPA laws. COPPA 2.0 was introduced to the U.S. Senate by Senator Markey on May 13, 2023, and was referred to the Committee on Commerce, Science, and Transportation.
Can You Sue a Social Media Company for Violating COPPA?
There have been many cases of class-action lawsuits after widespread violations of COPPA rights. In T.K. v. ByteDance Technology Co., Ltd., the FTC obtained a civil penalty of $5.7 million against TikTok — the largest civil penalty obtained in a children’s privacy case at the time. In this 2012 putative class action lawsuit, parents were able to obtain a $1.1 million settlement on behalf of close to 6 million parents whose children used social media apps TikTok or Musical.ly.
Since then, numerous lawsuits have been filed against social media operators. In December 2022, a historic ruling was made against Epic Games, the maker of the popular children’s video game Fortnight. In this record-breaking penalty, the FTC was able to obtain a $275 million penalty for violating COPPA law, making it the largest penalty ever secured for violating any FTC rule.
The FTC was able to obtain such a large penalty by showing that Epic Games:
- Failed to notify parents and obtain consent. One of the most important pillars of COPPA revolves around parental consent and knowledge about their child’s online activity. The lawsuit showed that Epic Games collected children’s data without the parents’ consent and required parents to go through an unreasonably convoluted process when requesting that their children’s personal information be deleted.
- Default settings fail to protect the safety of children. The FTC found that Fortnite settings enabled live text and communications by default. This resulted in suffering from bullying, threats, harassment, and other traumatizing issues for underage children, showing that COPPA does require social media platforms to take reasonable steps to protect the safety of children.
These lawsuits are important developments in COPPA rights, as COPPA law itself does not provide parents with a private right of action. However, the FTC now enforces a civil penalty of $50,120 per COPPA violation. Most of these violations are handled as putative class-action lawsuits, as it is unlikely that social media operators would target specific children in their violations. Instead, class-action lawsuits identify policy violations in social media organizations to bring cases on behalf of all children who suffered from the same rights violations.
Protect Your Children’s Rights After a COPPA Violation
If your child’s rights were violated while using a social media platform, you are not on your own. A social media lawyer may be able to help you obtain financial compensation in a lawsuit against a social media company that failed to follow COPPA regulations. Contact the personal injury attorneys at Morris & Dewett today.
Federal Trade Commission: Complying with COPPA: Frequently Asked Questions
Federal Trade Commission: Children’s Online Privacy Protection Rule (“COPPA”)
United States District Court: T.K. v. ByteDance Technology Co., Ltd.
Common Sense: Children and Teens’ Online Privacy Protection Act