Article Hero
News4 minutes read
October 26, 2022
  • telegram
  • facebook
  • twitter
  • github

COPPA Developments In Early 2022

For those who aren't in the know: COPPA, or the Children's Online Privacy Protection Act, is a federal law in the United States that is intended to protect children under the age of 13 from content that specifically targets younger folks. This includes some topics for some slightly older kids as well, ones that might have cross-generational appeal.

COPPA regulation hopes that the level of consent required will filter out viewers who are likely too young to be exposed to certain topics without direct parental supervision. It was signed into law by President Bill Clinton in October of 1998.

There have been a number of issues with COPPA since its inception, of course. Anything that tries to establish a child's age online is a slippery slope, particularly when some parental guidance might need to be involved. Still, violations are (sometimes) prosecuted, even when the companies in question aren't U.S.-based. Because of this, and because the U.S. is such a big market for international Internet-based businesses, COPPA compliance and developments are important to everyone around the globe.

This article will talk about the challenges that the Children's Online Privacy Protection Act faces, as well as fresh developments in the first few months of 2022.


The Children's Online Privacy Protection Act - A Rocky Road

For a law that has been around for multiple decades, COPPA hasn't got much easier to implement or understand, particularly for people outside of the U.S. who might accidentally run afoul of it.

The first major issue is that there's no solid definition of 'targeted towards children'. In fact, the Federal Trade Commission (FTC) implements a sliding scale when judging whether or not a site or app needs to comply with COPPA:

'Thus, under the ''sliding scale,'' the more reliable methods of consent will be required for activities involving chat rooms, message boards, disclosures to third parties, and other ''disclosures'' as defined in Section 312.2 of the Rule.'

An archive of the FTC ruling on how they planned on implementing COPPA regulation can be found here.

So now website owners have to guess the intent and judgment of the FTC if they want to ignore COPPA. Since the fines can be crippling to small businesses, that's not a gamble many are willing to take. But websites intended for the young adult audience can get tattooed with a 'kids' vibe if they include the disclosures and checks required, just to be safe. This threatens to drive away their actual target audience.

So many sites avoid this entire issue by stating that children 13 years or younger simply cannot sign up or have a profile. They also try to avoid appealing to younger audiences at all costs. This creates a virtual wasteland of content for 10 to 13-year-olds because nobody wants to deal with the cost of age verification, COPPA compliance, or fines.

The sites that do implement information collection for pre-teens, so that they can create personalized accounts, for example, need to meet the parental permission standards. Methods include:

  • Signed consent forms
  • Credit or debit card validation
  • Having the parent call a toll-free phone number staffed by trained personnel
  • A parent video-conference
  • Checking a government-issued identification against central databases
  • Requiring the parent to answer a series of knowledge-based challenge questions
  • Verifying a picture of a driver's license or other photo ID via facial recognition technology

As you might imagine, the more reliable the method, the more expensive and time-consuming it is. Most small businesses will opt for the cheapest methods and hope that they are considered adequate for their type of content.

Others will simply rely upon the fact that it's trivially easy to lie about one's age online, and kids aren't stupid. If the website claims to be 13+ only, even if its target audience is younger, they know that most kids will simply say they're over 13 to access the content. Then the website is off the hook, as long as they avoid themes and advertising that specifically goes after pre-teens.

The fact that a U.S. law can be applied to people and companies in other nations might seem disturbing. But if the FTC determines that the majority of their customers are U.S. based and they meet all of the other COPPA criteria, they will fine foreign entities. If those fines are ignored, they'll freeze their accounts via the payment processors, if they have a significant U.S. presence.

What's Happening With COPPA in 2022?

Some recent incidents and court proceedings have come to light in 2022 that may influence how the Children's Online Privacy Protection Act is interpreted and implemented going forward. Here are some of the highlights.

In late April 2022, Google / Youtube in conjunction with channel owners including Hasbro, Cartoon Network, and DreamWorks finished their reply brief to the COPPA-related case brought against them in California courts.

In a nutshell, Google and the channel owners contend that the FTC has jurisdiction to regulate COPPA rules and restrictions on a national level. The plaintiffs claim that they can add additional requirements on a state-by-state basis.

Though the plaintiffs lost round one, if this appeal reverses the decision, things will get a lot more complex in the world of COPPA. Not only will national and international entities be responsible for additional state-by-state restrictions… but so will overseas content creators and site hosts. This is one to watch closely, as it will multiply the regulatory responsibility of pre-teen websites, and likely force even more sites to restrict account creation to the 13+ crowd (or those willing to lie about their age).

In a related statement from attorneys at Robins Kaplan, a warning has gone out to the legal community: Streamers are the next group in the FTC's sights.

Because most content creators have no control over the advertisers that make use of their streaming platform, they may accidentally be used as pawns to appeal to and collect the personal information of viewers under the age of 13. In order to protect themself, they might need to eliminate all content that could be construed as appealing to kids, while explicitly banning any viewers 12 or younger from their channels.

Additionally, the 'child star' provisions of COPPA that have hit streamers in the past are likely to rear their ugly head again if streaming services fall under the FTC's crosshairs. And because so many stream viewers are from the U.S., this will impact even young international stars.

Finally, kids on a diet may have landed WW International (formerly known as Weight Watchers) in hot water recently. In March 2022, the FTC launched a case against the health and lifestyle company for multiple COPPA violations. The allegations are that WW illegally harvested children's health data without proper consent or regulation.

Rather than going through the parental verification steps mentioned above, their Kurbo app and website just let kids skip the process by claiming they were over the age of 13. This loophole only works if the site isn't targeted specifically at pre-teens, which Kurbo seemed to be. They were also (supposedly) keeping their information without an expiration date, only deleting it when a parent specifically requested it.

This might be one of those cases that the FTC plans to use as an 'example', seeing as it got its own press release from the government organization. Certainly, one to follow.

Protect Your Family's Privacy

Whether or not websites properly comply with COPPA, the act doesn't take into account one of the greatest threats to online privacy today: Device and browser fingerprinting.

COPPA would be far more reasonable if it had concrete standards without a sliding scale. Free, publicly available portals that could be used for parental validation would be nice as well, to relieve the burdens of the law on small businesses. In its current state, the regulations are far too easy to mess up and far too subjective and unreliable.

In the meantime, a robust privacy app can go a long way towards protecting children under the age of 12 from predatory advertising, as well as shielding the browser fingerprints of their entire family.

Will R
Hoody Editorial Team

Will is a former Silicon Valley sysadmin and award-winning non-functional tester. After 20+ years in tech, he decided to share his experience with the world as a writer. His recent work involves documenting government hacking methods while probing the current state of privacy and security on the Internet.

Latest


Blog
Timer7 minutes read

How the Government Hacks You, Final Chapter: IoT Hacks

Chapter 14: IoT Hacks

Will R
6 months ago
Blog
Timer9 minutes read

How the Government Hacks You, Chapter 13: GPS Tracking

Dive into the unsettling world of government-controlled GPS tracking!

Will R
6 months ago
Blog
Timer7 minutes read

How the Government Hacks You, Chapter 12: Garbage Day

Trash Talk: How your garbage can be exploited by hackers, law enforcement, and government agencies

Will R
7 months ago
Blog
Timer8 minutes read

How the Government Hacks You, Chapter 11: Resonance Attacks

It’s time to uncover how government surveillance gets personal.

Will R
7 months ago

Bulletproof privacy in one click

Discover the world's #1 privacy solution

  • Chrome Icon
  • Brave Icon
  • Edge Icon
  • Chromium Icon
  • Coming soon

    Firefox Icon
  • Coming soon

    Safari Icon
  • Coming soon

    Opera Icon

No name, no email, no credit card required

Create Key