May 18, 2023
COPPA 2.0: The Costs of Layering on Liability
The Senate recently reintroduced the Children and Teens’ Online Privacy Protection Act (COPPA 2.0), which would broaden the scope of regulated websites and expand the original COPPA to all minors under age 17 to protect their online data. In a new insight, Technology and Innovation Policy Analyst Joshua Levine walks through the potential harms of COPPA 2.0 and proposes alternative measures to protect minors online.
COPPA 2.0 is part of a larger push by federal and state lawmakers to address concerns about online harms to children. COPPA 2.0 would add to existing law that requires websites receive verified parental consent to collect data on users under age 13 by raising the age threshold to include all users under age 17, expanding the scope of covered websites and services, and increasing regulatory compliance related to data collection and use for minors. Protecting children from unscrupulous data practices is a worthy goal. Yet the proposed changes would impose significant costs on the digital economy for users of all ages, including children. Compliance costs for COPPA are already significant and COPPA 2.0 would increase these costs, as more sensitive data would be collected and stored. This also presents real risks related to cybersecurity and privacy. If lawmakers want to protect children’s data and promote a safer online experience, they could enact a uniform federal data privacy standard, promote and improve programs related to digital literacy, and consider how to focus regulations to support the law’s original intent of empowering parents as it relates to the collection and use of their child’s data.