Insights / Privacy & Security Law Blog
Information Security & Data Breach Response

Significant Amendments to COPPA Proposed in Do Not Track Kids Act

By Ronald G. London and John D. Seiver
06.22.15
Print this page

LaptopJune19

Reigniting their previous bipartisan attempts to amend the Children’s Online Privacy Protection Act (COPPA) and add greater privacy protections for children and younger teens, U.S. Senator Edward Markey (D-Mass.) and Rep. Joe Barton (R-TX) introduced the “Do Not Track Kids Act of 2015” (S. 1563 and H.R. 2734, respectively) on June 11, 2015.  Senator Markey and Rep. Barton have previously paired up to revise COPPA, citing the need for children’s privacy protections under the law to change as the online and mobile ecosystems evolve. The latest version of the Do Not Track Kids Act closely mirrors similar legislation that the legislators proposed in 2011, and again in 2013.

The Do Not Track Kids Act would, if enacted in its current form:

  • Extend many of COPPA’s existing privacy protections for children under 13 years old to a new category of all “minors” between the ages of 13 and 15;
  • Add unique device identifiers to COPPA’s definition of “personal information” (“PI”);
  • Make it unlawful for operators of websites, online services, or online or mobile applications (“Operators”) to engage in targeted marketing to children or minors without verifiable parental consent for children, or the consent of the minor;
  • Restrict the ability of Operators to collect the geolocation information of children and minors;
  • Mandate that Operators adopt and comply with a Digital Marketing Bill of Rights for Teens consistent with the Fair Information Practices Principles in order to collect PI from a minor;
  • Require Operators to provide a so-called “eraser button” for parents and children to erase or eliminate the PI of children or minors that is publicly available online; and
  • Grant the Federal Trade Commission (FTC) the primary authority to enforce the Act against telecommunications carriers, cable operators, and other Operators, and permit state attorneys general to bring civil actions against violators when the rights of state citizens are adversely affected.

Expanding COPPA’s Reach

The current incarnation of the Do Not Track Kids Act does not substantially differ from previous bills to amend COPPA that Senator Markey and Rep. Barton have introduced before; indeed, a side-by-side comparison of this most recent bill with the 2011 and 2013 versions of the Do Not Track Kids Act reveals almost no substantive changes.

If passed, however, the changes to COPPA would be substantial. Perhaps most importantly, it would apply COPPA’s PI collection restrictions to teens up to 15 years old for the first time, prohibiting an operator from collecting such information without such a minor’s consent (as opposed to parental consent, for those under 13), when the operator’s services, website or online or mobile app is “directed to minors,” and the operator has “actual knowledge” a given user is a minor. Additionally, the Act would require operators to provide parents, minors and children with an “eraser button,” allowing them to erase PI from their online content, when technologically feasible. Finally, the Act would prevent operators from engaging in targeting marketing to children or minors without verifiable parental consent or the consent of the minor.

The introduction of S. 1563 and H.R. 2734 marks the second time that some version of the Do Not Track Kids Act has been proposed this year, having first been offered by Senator Robert Menendez (D-NJ) as part of S. 547 back in February. S. 547 also includes the Commercial Privacy Bill of Rights Act of 2015, a comprehensive data security and breach notification bill that would require covered entities to implement security measures to protect an individual’s identifying information, restrict the range of information covered entities could collect, and compel covered entities to notify individuals and government agencies in the event of a data breach.

It is not clear whether Senator Markey’s decision to reintroduce the Do Not Track Kids Act as a stand-alone bill and partner with Rep. Barton again means that passage of S. 547 – with its data security and breach notification requirements – is unlikely. What is clear, however, is that neither S. 547 nor its companion bill in the House (H.R. 1053) enjoys bipartisan support; likewise, neither has made any substantial legislative progress since being referred their respective committees on February 24. Perhaps further signaling S. 547’s imperiled status, Senator Menendez has also joined S. 1563 as a co-sponsor. While we previously predicted that data security, breach notification and privacy might be among the few issues to enjoy bipartisan support on Capitol Hill during the 114th Congress, there has not been much legislative movement to address these issues over the past six months, despite a plethora of legislation on the topics in both chambers.

Consequently, the introduction of the Do Not Track Kids Act as a stand-alone bill may be a sign that Senator Markey, Senator Menendez and Rep. Barton are hoping that they will be able to gain more traction to reform COPPA in an increasingly frustrated Congress by leaving the Commercial Privacy Bill of Rights Act behind.

Please revisit Davis Wright Tremaine’s Privacy & Security Law Blog for further developments regarding the Do Not Track Kids Act.

Related Insights