Refreshed COPPA?

A tweaked refresh of the “Children’s Online Privacy Protection Act of 1998” may prove the privacy bill with the best chances of enactment during the lame duck session of Congress.

In July, Senate Commerce, Science, and Transportation Committee Chair Maria Cantwell (D-WA) held a markup of two bills, and of the two, the “Children and Teens’ Online Privacy Protection Act,” (S.1628) stands the better chance of enactment. This bill refreshes the “Children’s Online Privacy Protection Act of 1998” (COPPA), which was enacted 25 years ago. S.1628 was changed a bit but not too much in the markup.

The Senate Commerce, Science, and Transportation Committee took up The “Kids Online Safety Act” (KOSA) (S.3663) (see here for more detail and analysis on the bill as introduced) and the “Children and Teens’ Online Privacy Protection Act,” (S.1628) (see here for more detail and analysis of the original version.) The latter bill rewrites the “Children’s Online Privacy Protection Act of 1998” (COPPA) (15 U.S.C. 6501 et. seq.), in part, to address the changed online world facing children and to provide protection to some teens, which are termed “minors” and  defined as those between the ages of 12 and 17.

Of course, this markup did not occur in a vacuum. It was a countermove to the House Energy and Commerce Committee proceeding with marking up the “American Data Privacy and Protection Act” (ADPPA) (H.R. 8152), the broader bill that the chair of the Senate Commerce committee opposes. As has been extensively reported, Senator Maria Cantwell (D-WA) declined to join Ranking Member Roger Wicker (R-MS) and House Energy and Commerce Committee Chair Frank Pallone Jr. (D-NJ) and Ranking Member Cathy McMorris Rodgers (R-WA) in introducing ADPPA. Cantwell reportedly wanted a range of changes and refused her support. In early July, Cantwell had pledged to marking up data privacy bills pertaining to children and teens, in part, to appease Members of her committee inclined to support ADPPA.

This multi-Congress effort to rewrite COPPA comes as the agency charged with enforcing the regime may be rewriting its regulations. In 2019, the Federal Trade Commission (FTC) asked for comments “on the effectiveness of the amendments the agency made to the Children’s Online Privacy Protection Rule (COPPA Rule) in 2013 and whether additional changes are needed.” The FTC stated it is posing “its standard regulatory review questions to determine whether the Rule should be retained, eliminated, or modified” and is asking “whether the 2013 revisions to the Rule have resulted in stronger protections for children and more meaningful parental control over the collection of personal information from children, and whether the revisions have had any negative consequences.”

This potential rulemaking has still not played out, and some lawmakers have been pressing the agency to proceed. At the end of September, Markey and U.S. Senator Richard Blumenthal (D-CT) and U.S. Representatives Kathy Castor (D-FL) and Lori Trahan (D-MA) sent a letter to FTC Chair Lina Khan “urg[ing] the Commission to update rules issued under the Children’s Online Privacy Protection Act (COPPA).”