Refreshed COPPA? (Free Preview)

Refreshed COPPA? (Free Preview)
Photo by Katherine Hanlon on Unsplash


A tweaked refresh of the “Children’s Online Privacy Protection Act of 1998” may prove the privacy bill with the best chances of enactment during the lame duck session of Congress.


In July, Senate Commerce, Science, and Transportation Committee Chair Maria Cantwell (D-WA) held a markup of two bills, and of the two, the “Children and Teens’ Online Privacy Protection Act,” (S.1628) stands the better chance of enactment. This bill refreshes the “Children’s Online Privacy Protection Act of 1998” (COPPA), which was enacted 25 years ago. S.1628 was changed a bit but not too much in the markup.


The Senate Commerce, Science, and Transportation Committee took up the “Kids Online Safety Act” (KOSA) (S.3663) (see here for more detail and analysis on the bill as introduced) and the “Children and Teens’ Online Privacy Protection Act,” (S.1628) (see here for more detail and analysis of the original version.) The latter bill rewrites the “Children’s Online Privacy Protection Act of 1998” (COPPA) (15 U.S.C. 6501 et. seq.), in part, to address the changed online world facing children and to provide protection to some teens, which are termed “minors” and  defined as those between the ages of 12 and 17.

Of course, this markup did not occur in a vacuum. It was a countermove to the House Energy and Commerce Committee proceeding with marking up the “American Data Privacy and Protection Act” (ADPPA) (H.R. 8152), the broader bill that the chair of the Senate Commerce committee opposes. As has been extensively reported, Senator Maria Cantwell (D-WA) declined to join Ranking Member Roger Wicker (R-MS) and House Energy and Commerce Committee Chair Frank Pallone Jr. (D-NJ) and Ranking Member Cathy McMorris Rodgers (R-WA) in introducing ADPPA. Cantwell reportedly wanted a range of changes and refused her support. In early July, Cantwell had pledged to marking up data privacy bills pertaining to children and teens, in part, to appease Members of her committee inclined to support ADPPA.

This multi-Congress effort to rewrite COPPA comes as the agency charged with enforcing the regime may be rewriting its regulations. In 2019, the Federal Trade Commission (FTC) asked for comments “on the effectiveness of the amendments the agency made to the Children’s Online Privacy Protection Rule (COPPA Rule) in 2013 and whether additional changes are needed.” The FTC stated it is posing “its standard regulatory review questions to determine whether the Rule should be retained, eliminated, or modified” and is asking “whether the 2013 revisions to the Rule have resulted in stronger protections for children and more meaningful parental control over the collection of personal information from children, and whether the revisions have had any negative consequences.”

This potential rulemaking has still not played out, and some lawmakers have been pressing the agency to proceed. At the end of September, Markey and U.S. Senator Richard Blumenthal (D-CT) and U.S. Representatives Kathy Castor (D-FL) and Lori Trahan (D-MA) sent a letter to FTC Chair Lina Khan “urg[ing] the Commission to update rules issued under the Children’s Online Privacy Protection Act (COPPA).”

Other Developments

The “Digital Services Act” was published in the European Union’s Official Journal, which sets the first on which the new law will apply in the EU: 17 February 2024.

Ireland’s Data Protection Commission (DPC) submitted “a draft decision in an inquiry into Yahoo! EMEA Limited to other Concerned Supervisory Authorities, or fellow regulators, across the EU…which commenced on 1 August, 2019, centred around Yahoo!’s compliance with its obligations under Articles 5(1)(a), 12, 13 and 14 of the GDPR, which deal with the processing of personal data, in the context of its products and services across the EU.”

The United States (U.S.) Consumer Financial Protection Bureau has reopened for comments its “Inquiry into Big Tech Payment Platforms.”

The European Union Agency for Cybersecurity (ENISA) published its “annual report on the status of the cybersecurity threat landscape.”

Germany’s Bundesamt für Sicherheit in der Informationstechnik (Federal Office for Information Security) published its annual cybersecurity and IT report and foundthe “threat level in cyberspace higher than ever.”

The United States (U.S.) Financial Crimes Enforcement Network (FinCEN) issued “its most recent Financial Trend Analysis of ransomware-related Bank Secrecy Act (BSA) filings for 2021, indicating that ransomware continued to pose a significant threat to U.S. critical infrastructure sectors, businesses, and the public…[that] focuses on ransomware trends in BSA filings from July-December 2021, and addresses the extent to which a substantial number of ransomware attacks appear to be connected to actors in Russia.”

The Australian Competition and Consumer Commission (ACCC) “has instituted Federal Court proceedings against Dell Australia Pty Limited (Dell Australia) for allegedly making false or misleading representations regarding the price of monitors that consumers could add on to purchases of Dell computers.”

The United States (U.S.) Federal Trade Commission announced it “is taking action against the online alcohol marketplace Drizly and its CEO James Cory Rellas over allegations that the company’s security failures led to a data breach exposing the personal information of about 2.5 million consumers.”

The Organisation for Economic Co-operation and Development (OECD) published a report on commercial dark patterns that “proposes a working definition of dark commercial patterns, sets out evidence of their prevalence, effectiveness and harms, and identifies possible policy and enforcement responses to assist consumer policy makers and authorities in addressing them. It also documents possible approaches that consumers and businesses may take to mitigate dark commercial patterns.”

The Court of Justice of the European Union (CJEU) found that the General Data Protection Regulation (GDPR) requires a “controller of personal data…to take reasonable steps to inform internet search engine providers of a request for erasure by the data subject.”

The United States (U.S.) National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and Office of the Director of National Intelligence (ODNI) releasedSecuring the Software Supply Chain: Recommended Practices Guide for Suppliers”…through the Enduring Security Framework (ESF)  — a public-private cross-sector working group led by NSA and CISA that provides cybersecurity guidance to address high priority threats to the nation’s critical infrastructure.”

The United Kingdom’s (UK) Office of Communications (Ofcom) “proposed to revise its guidance on how the ‘net neutrality’ rules should apply in the UK…[that] follows the announcement of our new programme of work to ensure that digital communications markets are working well for people and businesses in the UK.”

The United States (U.S.) Department of the Treasury announced “the availability of the Committee on Foreign Investment in the United States (CFIUS) Enforcement and Penalty Guidelines.”

The United States (U.S.) Department of Justice announced revisions of regulations to “replace the regulations' prior balancing test and codify the Attorney General's July 2021 directive that the Department of Justice will no longer use compulsory legal process for the purpose of obtaining information from or records of members of the news media acting within the scope of newsgathering, except in limited circumstances.”

The United States (U.S.) Cybersecurity and Infrastructure Security Agency (CISA) has published fact sheets Implementing Phishing-Resistant MFA and Implementing Number Matching in MFA Applications “to highlight threats against accounts and systems using certain forms of multifactor authentication (MFA).”

The United States (U.S.) Consumer Financial Protection Bureau (CFPB) “outlined options to strengthen consumers’ access to, and control over, their financial data as a first step before issuing a proposed data rights rule that would implement section 1033 of the Dodd-Frank Act.”

The United States (U.S.) Department of Energy’s Office of Science invited “interested parties to provide input relevant to developing approaches for accelerating innovations in emerging technologies to drive scientific discovery to sustainable production of new technologies across the innovation continuum; train a science, technology, engineering, and mathematics (STEM) workforce to support 21st century industries; and meet the nation's needs for abundant clean energy, a sustainable environment, and national security.”

The Australian Communications and Media Authority (ACMA) found “the Australian Broadcasting Corporation (ABC) breached the privacy requirements in the ABC Code of Practice by broadcasting an identifiable person’s profile in a news report about dating app scams.”

Tweet of the Day

Further Reading

US vote counting unaffected by cyberattacks, officials say” By Nomaan Merchant and Emily Wagster Pettus — Associated Press

What a Divided Government Could Mean for Tech Policy” By Frank Konkel, Mariam Baksh, Kirsten Errick and Alexandra Kelley — Nextgov

Elon Musk’s Twitter Did Not Perform at Its Best on Election Day” By Tiffany Hsu — The New York Times

Apple Limits AirDrop in China After It Was Used to Spread Protest Messages” By Rachel Cheung — Vice

On Social Media, Hunting for Voter Fraud Becomes a Game” By Sheera Frenkel — New York Times

Musk seeks to reassure advertisers on Twitter after chaos” By Matt O'brien, Mae Anderson and Barbara Ortutay — Associated Press

How the FCC Shields Cellphone Companies From Safety Concerns” By Peter Elkind — ProPublica

Amazon Becomes World’s First Public Company to Lose $1 Trillion in Market Value” By Subrat Patnaik and Jeran Wittenstein — Bloomberg

How Meta went from a trillion-dollar company to mass layoffs” By Daniel Howley — Yahoo! Finance

Twitter’s paid verification service is here. What you need to know.” By Heather Kelly and Gerrit De Vynck — Washington Post

Social Media Is Dead” By Edward Ongweso Jr — Vice

Twitter Users Have Caused a Mastodon Meltdown” By Amanda Hoover — WIRED

Senator Seeks Antitrust Review of Apartment Price-Setting Software” By Heather Vogell — ProPublica

Singapore Wants Open Supply Chains as US Levels Chip Curbs” By Philip Heijmans — Bloomberg

How to avoid falling for and spreading misinformation online” By Heather Kelly — Washington Post

The spectacular implosion of crypto’s biggest star, explained” By Emily Stewart — Vox

Basically everything on Amazon has become an ad” By Jason Del Rey — Recode

Coming Events

§ 14 November

o   The United Kingdom’s House of Commons’ Public Accounts Committee will hold a formal meeting (oral evidence session): The Defence digital strategy.

§ 15 November

o   The Australian Parliament’s Joint Committee on Law Enforcement will hold a hearing as part of its inquiry on law enforcement capabilities in relation to child exploitation.

o   The United States House Homeland Security Committee will hold a hearing titled "Worldwide Threats to the Homeland."

§ 17 November

o   The United States Senate Homeland Security and Governmental Affairs will hold a hearing titled “Threats to the Homeland.”

o   The United States Federal Communications Commission (FCC) will hold its monthly open meeting with this agenda.

§ 18 November

o   The United States (U.S.) Department of Commerce’s Emerging Technology Technical Advisory Committee will hold a meeting.

§ 29 November

o   The European Data Protection Supervisor, Eurojust and EPPO will hold “a conference on data protection in the field of criminal justice in the EU.”

§ 7 December

o   The United States (U.S.) National Science Foundation’s National Artificial Intelligence Research Resource Task Force will hold a meeting.

§ 1 February 2023

o   The Colorado Attorney General will hold a rulemaking hearing on the draft regulations proposed to implement the “Colorado Privacy Act.”

§ 29 and 30 April 2023

o The G7 Digital and Technology Ministers' Meeting will take place.

Photo Credits

Photo by Miguel Alcântara on Unsplash

Photo by Miguel Alcântara on Unsplash

Photo by Pete Nowicki on Unsplash

Photo by Thomas Charters on Unsplash

Photo by John Noonan on Unsplash

Photo by Inge Maria on Unsplash

Photo by Jan-Willem on Unsplash

Photo by Andras Vas on Unsplash