Skip to main content
Advertising

Congress is considering bills that could regulate how advertisers interact with children

“A clear point in all of these proposals is that they’re specifically going after marketing and advertising,” Anthony Prestia, former senior counsel for Snap and head of privacy at TerraTrue, told Marketing Brew.
article cover

Illustration: Dianna “Mick” McDougall, Photo: tunart/Getty Images

6 min read

President Joe Biden hasn’t said much publicly about targeted advertising. But when he has, he’s usually talking about privacy. Specifically, children’s online privacy. In fact, in both State of the Union addresses he’s delivered, he’s called for a ban on targeted advertising to children, not to mention written a Wall Street Journal opinion piece on the topic.

This year, the president might get his wish, as Congress is reconsidering bipartisan legislation that would further regulate how social media companies and the advertisers that help fund them interact with young people.

The push largely stems from concerns centered on the potential effects of social media on children. Though they’re protected by some online privacy laws, legislators are taking more steps to crack down on digital advertising that caters to children, an industry projected to be worth $1.7 billion in the US in 2021, according to a 2019 estimate from PwC.

Online platforms are “vacuuming up tons of data they can use to build profiles and target our kids with even more ads and content,” Sen. Dick Durbin said in a recent Senate hearing dedicated to children’s online safety. “It’s a lucrative business at the expense of our kids’ privacy, safety, and health.”

In a House hearing dedicated to a proposed national standard for data privacy earlier today, Rep. Jan Schakowsky said that the “harmful targeting of advertising on social media has exacerbated the mental health problems that we face, particularly among our young people, our adolescents, our kids are the most vulnerable…We have to make sure we’re protecting them.”

Kids in America

Last year saw the introduction and reintroduction of two such bills: an update to the Children’s Online Privacy and Protection Act (COPPA), introduced by Sen. Ed Markey, and the Kids Online Safety Act (KOSA), introduced by Sen. Richard Blumenthal and Sen. Marsha Blackburn.

Neither one passed. KOSA would have required specific platforms to “take reasonable measures…to prevent and mitigate” things like mental health disorders, violence, and addiction. It would also enable minors to opt out of algorithmic recommendation systems and delete their data.

Separately, COPPA—which passed in 1998 and was last revised by the Federal Trade Commission (FTC) in 2013—requires digital companies to get consent from a parent or guardian before collecting personal data from anyone 13 or younger and limits how that data is used.

It’s one of the few federal privacy laws in the US and is enforced by the FTC. In December, the agency hit Fortnite-maker Epic with a $275 million fine for allegedly violating COPPA. YouTube faced a similar fine in 2019.

COPPA 2.0 “would finally put in place commonsense guardrails to stop Big Tech from tracking, targeting, and traumatizing America’s youth,” Rosemary Boeglin, a spokesperson for Sen. Markey, told Marketing Brew over email.

As proposed last year, COPPA 2.0—which Markey plans to reintroduce—would have raised the age limit for privacy protections from 13 to 16 and outright banned targeted ads aimed at children. Markey has spent over a decade trying to pass updates to the law.

Get marketing news you'll actually want to read

Marketing Brew informs marketing pros of the latest on brand strategy, social media, and ad tech via our weekday newsletter, virtual events, marketing conferences, and digital guides.

Earlier this month, Sen. Blumenthal, along with Sen. Durbin and Sen. Mazie Hirono, introduced a separate update to COPPA called the Clean Slate for Kids Online Act, which would give people an “enforceable legal right to demand” that data collected about them while they were under 13 be deleted.

A federal privacy bill called the American Data Privacy Protection Act (ADPPA) was also introduced last year. It would have included data protections for children and banned targeted advertising if a platform “has knowledge” that a user is a minor. Its reintroduction was hinted at during this morning’s hearing.

“A clear point in all of these proposals is that they’re specifically going after marketing and advertising,” Anthony Prestia, former senior privacy counsel for Snap and head of privacy at TerraTrue, told Marketing Brew.

Actual vs. constructive

Though it’s still unclear what COPPA 2.0 might look like in practice, there is debate around whether advertisers and platforms would be required to have explicit actual knowledge of a user’s age, or the more malleable and gray constructive knowledge, aka enough contextual information that it can be assumed they’d know. Currently, advertisers and platforms are operating under the “actual knowledge” framework to comply with COPPA.

Last year, COPPA 2.0’s language was updated, stating websites, online services, applications, or devices must avoid data collection if a user is “reasonably likely” to be a child or minor.

“It’s definitely vague, and it’s definitely a softer, mushier, standard than even actual knowledge or constructive knowledge,” Travis P. Brennan, chair of Stradling Yocca Carlson and Rauth’s privacy and data security practice, said. Marketing Brew reached out to Sen. Markey’s office for further clarification, but hadn’t received a response at the time of publication.

What that means in practice could be hashed out later, Prestia said. Generally, “reasonable” could range from bright colors and animation to celebrities that exclusively appeal to children—is it Ozzy Osbourne on the page, or The Wiggles?

Support tickets could also serve as a sign that children are using a particular platform or service. “Parents coming in complaining about their kids being on the service—all these platforms get those things all the time,” Prestia said.

The IAB voiced concerns about both KOSA and COPPA 2.0 late last year. Lartease Tiffith, EVP of public policy for the organization, told Marketing Brew that moving away from actual knowledge would be “very expensive” from a compliance perspective, claiming that companies would have to “build all-new systems” to help identify those users.

Ultimately, the significance of bills like COPPA 2.0 marks another example of the US “trying, at various levels, to move to a more European-style privacy framework,” Brennan said.

He pointed out that California recently passed the California Age-Appropriate Design Code Act, based on a UK law, that raises privacy standards and limits data collection for any online businesses “likely to be accessed by a child.” That law goes live in 2024, and several other states are considering similar legislation.

Get marketing news you'll actually want to read

Marketing Brew informs marketing pros of the latest on brand strategy, social media, and ad tech via our weekday newsletter, virtual events, marketing conferences, and digital guides.