Skip to content

Navigating Children’s Online Privacy Protections: Key Legislative Priorities Under COPPA 2.0

November 15, 2024

As digital platforms increasingly cater to younger audiences, lawmakers are pushing for stronger protections for children and teens online. This advisory series examines two proposed laws that may change the landscape for children’s privacy online. This first installment will offer an in-depth look at the Children and Teens’ Online Privacy Protection Act (COPPA 2.0) and its potential impact on privacy standards.

COPPA 2.0 was initially passed in the Senate with overwhelming support back in July. More recently, the bill was advanced by the House Committee on Energy and Commerce (the “Committee”) in September. If enacted, this law could have a significant impact on businesses operating online platforms.

COPPA 2.0 is an update to the original Children’s Online Privacy Protection Act, which was enacted in 1998. The new version significantly expands the scope of protections and imposes stricter requirements on companies with online platforms. The key provisions of COPPA 2.0 include:

      • Age Expansion: COPPA 2.0 extends the law’s protections to include not just children under 13, but also teens under the age of 17. Many businesses that were confident they were not targeting children under 13 with their services, and therefore less concerned with COPPA, may have more difficulty committing to such an assessment now that the scope of the law has expanded.

        • Data Minimization: The law introduces a “data minimization” requirement, which mandates that companies collect only the information that is necessary for the functioning of their services. This provision aims to reduce the amount of personal data collected from minors, thereby limiting the potential for misuse. This is a concept many businesses have already been grappling with in light of requirements under various comprehensive data protection laws. However, given the national reach of this law, businesses will need to be more intentional in how data is mapped across the enterprise (regardless of the state of residence of the data subject) to ensure it is meeting this obligation.

          • Prohibition on Targeted Ads: COPPA 2.0 places a ban on targeted advertising to minors without explicit consent from their parents or guardians. Businesses that rely heavily on advertising revenue would need to develop new strategies that comply with these restrictions while still reaching their target audiences effectively.

            • Right to Erasure: The law grants minors and their parents the right to request the deletion of any personal data that has been collected. This “right to erasure” is designed to give young users more control over their digital footprints. Businesses would need to establish clear and accessible processes for handling these requests. Similar to data minimization, businesses that already have processes in place for compliance with other laws will still potentially need to expand what they are covering under their current processes.

              • Parental Rights: The law would allow parents to obtain information about their child’s use of social media platforms directly from platform operators without their child’s consent, ultimately giving parents significant oversight into what their child or teen is doing online. This particular change was one of the additions made in the Committee and has been faced with some scrutiny from House Democrats who feel this change would undermine the privacy of a minor and may be the subject of continued debate.

            Despite the changes in the Committee, the legislation still has bipartisan support, reflecting a shared concern across party lines about the need for enhanced protections for children and teens online. Given this support, the bill is expected to pass the House, although the timeline for its passage and the likelihood of any additional modifications remains uncertain.

            Varnum’s Data Privacy and Cybersecurity team is closely monitoring these legislative developments and stands ready to guide clients through the complexities of the new regulations. Should laws like COPPA 2.0 be enacted, businesses will need to swiftly adapt to avoid legal risks and ensure they are effectively protecting the rights and safety of younger users. Stay tuned for the follow up advisory that will discuss the Kids Online Safety Act (KOSA) and its potential changes.

            Featured Authors

            Featured Author

            Bhashit (Sheek) Shah

            Partner

            Sheek advises clients on data privacy best practices and regulatory compliance. With experience in global privacy frameworks and laws including GDPR, CCPA, and COPPA, he helps businesses build and implement compliance programs and manage data breaches.

            Sign up to be the first to access our leading legal insights.

            The link you have selected will redirect you to a third-party website located on another server. We are offering the link for your convenience. Varnum has no responsibility for any external websites and makes no express or implied warranties about any external websites.

            Please be aware that contacting us via e-mail does not create an attorney-client relationship between you and the firm. Do not send confidential information to the firm until you have spoken with one of our attorneys and receive authorization to send such materials.