Ile 1

Madeline Ile

Dr. Kielbowicz

COM 440 AB

13 March 2020

Modern Communication and the Inefficacy of the Children’s Online Privacy Protection Act

The influence of the Internet has changed drastically since its development. People’s

whole lives-their finances, school, work, social interaction, even the security of their homes-exist

on their phones and computers. The federal government has made efforts to regulate what

happens on the internet as it relates to people’s privacy. One of such efforts is the Children’s

Online Privacy Protection Act of 1998 (COPPA), a law that enables the Federal Trade

Commission (FTC) to hold websites that collect information from children accountable in their

treatment of that information. However, since time has passed and technology has further

advanced, COPPA has struggled to keep up with the new means of which corporations can

collect data from children. COPPA does not go far enough in its efforts to protect children from

unethical online business practices, and should continue to adopt more rules as technology

develops.

Senators Richard Bryan (D-NV) and John McCain (R-AZ) introduced the Children’s

Online Privacy Protection Act of 1998 (COPPA) on July 17th, 1998 (Cong.). The senators had

learned through research conducted by the Center for Media Education that many websites were

gathering personal information from children, often through ploys like games and contests to

learn about their personal lives and families’ financial situations (Cong.). In their original

proposal of the bill, Sen. Bryan and Sen. McCain stated that the FTC should have the ability to
 Ile 2

create requirements that commercial websites aimed at minors disclose that they are receiving

information from children, obtain consent from parents before collecting data on children 12

years of age and under, that the parents of children ages 13-16 be able to opt-out from such data

collection, that parents be able to access the information that has been collected about their child,

and that the data collected from children be secure (Cong.). The proposal also suggested

self-regulation as a means to ensure compliance with the law, and that state attorney generals

enforce it (Cong.).

The House of Representatives Committee of Commerce heard a multitude of opinions in

the September 23, 1998 hearing for this bill (Cong.). Many experts in the industry gave

testimony, all of whom focused a great deal on the efficacy of self-regulation and how much the

bill should allow the government to control business (Cong.). Hon. Robert Pitofsky, the

Chairman of the FTC at the time, said that self-regulation efforts were not working, and that he

thought the government should get involved in the matter (Cong.). Steven J. Cole of Better

Business Bureaus Inc. (BBB) and Gerald Cerasale of the Direct Marketing Association did not

agree, and spoke to the ability of their organizations to help with self-regulation (Cong.). Further

testimony from Deirdre Mulligan (Center for Democracy and Technology) and Kathryn

Montgomery (Center for Media Education) contradicted Cole and Cerasale, reiterating the idea

that self-regulation was insufficient in controlling internet activities (Cong.). Self-regulation was

included in the final section of the law (Admin.). COPPA requires that the FTC evaluate whether

or not a service is complying with COPPA, and also created a provision in which certain

organizations (such as BBB) can create their own compliance programs, and if members break
 Ile 3

them, they are subject to safe harbor discipline instead of enforcement from the federal

government (Admin.).

The government has amended COPPA since it came into existence, and may soon modify

the law again. According to the FTC, COPPA was left unchanged after a 2005 review of the act,

but was amended in 2013 after further scrutiny in 2010 (Admin.). The revision to COPPA adds

“geolocation information, photos, videos and audio recordings” as well as cookies to the list of

information collected about children that operators would have to disclose to parents and keep

secure (Admin.). The FTC is currently considering changing the language of COPPA again to

keep up with rapid developments in technology (Admin.).

Despite these efforts to keep up with the ever-changing nature of the internet, COPPA

has failed to protect children from the collection of their data on many platforms. Social media,

YouTube, and even smart toys have successfully gathered information from minors through

loopholes. COPPA applies to websites that target children as well as websites with “actual

knowledge” that minors under 13 use their site (L. Rev.). This fact means that sites like

Facebook can (and have) created limits on how old one has to be to create an account without

developing any method to verify that someone 13 years or older is running the account (L. Rev.).

COPPA also fails to define what actual knowledge means, which makes it easier to get away

with collecting information from children (L. Rev.). Facebook only investigates profiles of

people whom others have reported to be underage, which ignores a large number of children who

have profiles on social media (L. Rev.). Facebook and other social media platforms should make

a greater effort to ensure that the people who use their site are of the age that they say they are

(L. Rev.).
 Ile 4

YouTube is another site that has previously not been COPPA compliant, and may still be

uncooperative. In September 2019, Google (which owns YouTube) paid a fine of $170 million to

the FTC for tracking children and subsequently placing advertisements on videos intended for

those minors (Pub. Involv.). As a result, all YouTube videos created for children cannot have

advertisements or comments (Pub. Involv.). If a video reaches children and is not labelled “for

kids”, the creator of the video, not YouTube, would be held legally responsible for violating

COPPA (Pub. Involv.). This change has led to a significant loss of money for creators of kids'

content on the platform, and a legal burden that they should not have to carry. If COPPA

included more specific language which implicated YouTube (instead of content creators) for the

data collection of younger children, COPPA would do its job more effectively and could keep

YouTube from transferring the responsibility of keeping kids safe to those who make videos.

Finally, insufficient regulation of smart toys and other home devices shows that COPPA

does not cover a broad enough scope to fully protect children from the gathering of their personal

information. There are toys that exist which use technology like microphones, cameras,

internet-connectivity, and GPS to influence what the toy does based on its interaction with the

child (Cong.). Since the 2013 amendment to COPPA, a company would need to disclose this

type of data collection to the parents of the children who own the toy (Cong.). COPPA did

clarify, however, that if the toy deletes the recording immediately then it will not be subject to

the enforcement of COPPA (Cong.). This new rule, while somewhat clarifying enforcement of

COPPA relating to smart toys, does not provide clarification for other devices like Google’s

Assistant or Amazon’s Alexa, which can also collect a child’s data (Cong.).
 Ile 5

In summary, the Children’s Online Privacy Protection Act has somewhat accomplished

its goal of protecting children’s personal information, but it has a long way to go. COPPA should

be re-evaluated every five years in order to assess whether or not it is serving the public the way

that it should. With respect to social media, YouTube, and Internet of Things devices, COPPA

could be doing more to hold the industry accountable for the safety of the children who use their

services. Hopefully, the current review of COPPA will lead to more effective rules.
 Ile 6

Bibliography

Bergen, Mark, and Lucas Shaw. 2019. “Inside YouTube’s Year of Responsibility.”

Bloomberg.Com​, December, N.PAG.

http://search.ebscohost.com.offcampus.lib.washington.edu/login.aspx?direct=true&db=bth&AN

=140826794&site=ehost-live. ​(Pub. Involv.)

Gina Stevens, “Smart Toys and the Children's Online Privacy Protection Act of 1998,”

Congressional Research Service ​(2018): 1-3 ​(Cong.)

House Hearing Before the Committee on Commerce,​ 105th Cong., 2nd Sess., p. 310-378 (1998)

(Cong.)

Senator Bryan (NV). “Children’s Online Privacy.” ​Congressional Record ​(October 21, 1998) p.

S12789. Available from: HeinOnline; Accessed: 3/9/20. ​(Cong.)

Senator Bryan (NV). “The Children’s Online Privacy Protection Act of 1998.” ​Congressional

Record (​ July 17, 1998) p. S8482. Available from: HeinOnline; Accessed: 3/9/20. ​(Cong.)

Shannon Finnegan, "How Facebook Beat the Children's Online Privacy Protection Act: A Look

into the Continued Ineffectiveness of COPPA and How to Hold Social Media Sites Accountable

in the Future,"​ Seton Hall Law Review​ 50, no. 3 (2020): 827-854 ​(L. Rev.)

“Request for Public Comment on the Federal Trade Commission's Implementation of the

Children's Online Privacy Protection Rule,” last modified July 25, 2019,

https://www.federalregister.gov/documents/2019/07/25/2019-15754/request-for-public-comment

-on-the-federal-trade-commissions-implementation-of-the-childrens-online.​ (Admin.)

“Revised Children’s Online Privacy Protection Rule Goes Into Effect Today,” last modified July

1, 2013,
 Ile 7

https://www.ftc.gov/news-events/press-releases/2013/07/revised-childrens-online-privacy-protec

tion-rule-goes-effect. ​(Admin.)