Data Security for Kids and Grown-Ups: Two Sides of the Same Coin (R Street)

On February 14, the Senate Judiciary Committee held a hearing on “Protecting Our Children Online,” which focused on children’s privacy and safety. U.S. Sens. Richard Blumenthal (D-Conn.) and Marsha Blackburn (R-Tenn.) rallied around their Kids Online Safety Act (KOSA), which was first introduced in 2022 and has been reintroduced this year. KOSA is an attempt to improve online data privacy for kids, but some say it could cause unintended consequences. It also contains broader online child safety measures where there is not complete agreement on the methods and liability prescribed. Any child-specific privacy law, like KOSA, will be best suited to be built on top of an existing comprehensive federal data privacy and security framework, not before it. Likewise, it is best to keep a comprehensive federal data privacy and security law focused on privacy and security instead of simultaneously incorporating broader measures like KOSA envisions.

Another federal bill, the Children and Teens’ Online Privacy Protection Act (COPPA 2.0), is expected to be reintroduced this year by Sens. Bill Cassidy (R-La.) and Ed Markey (D-Mass.). COPPA 2.0 would update the 1998 Children’s Online Privacy Protection Act to increase the age of consent for data collection from 13 to 16, ban targeted advertising to children and further expand the Federal Trade Commission’s (FTC) rulemaking authority. This bill, like KOSA, advanced out of the Senate Commerce Committee in the 117th Congress. However, concerns over potential FTC overreach and members’ focus on passing a comprehensive bill that would also include provisions protecting children’s privacy meant that it never saw floor action.