Two bills combined – the Kids Online Safety Act (KOSA) and the Children and Teens’ Online Privacy Protection Act (COPPA 2.0) – have passed in the US Senate in a 91-3 vote, and will now be considered by the House.
Criticism of the bills focuses mainly on the likelihood that, if and when they become law, they will help expand online digital ID verification, as well as around issues like censorship (removal and blocking of content).
Related: The 2024 Digital ID and Online Age Verification Agenda
The effort to make KOSA and COPA 2.0 happen was spearheaded by a parent group that was pushing lawmakers and tech companies’ executives to move in this direction, and their main demand was to enact new rules that would prevent cyberbullying and other harms.
And now the main sponsors, senators Richard Blumenthal, a Democrat, and Republican Marsha Blackburn are trying to dispel these concerns, suggesting these are not “speech bills” and do not (directly) impose age verification.
Further defending the bills, they say that the legislation does not mandate that internet platforms start collecting even more user data, and reject the notion it is invasive of people’s privacy.
But the problem is that although technically true, this interpretation of the bills’ impact is ultimately incorrect, as some of their provisions do encourage censorship, facilitate the introduction of digital ID for age verification, and leave the door open for mass collection of online users’ data – under specific circumstances – and end ending anonymity online.
The bills are hailed by supporters as “landmark” legislation that is the first to focus on protecting children on the internet in the last 20 years, with some lawmakers in the Senate, like majority leader, Democrat Chuck Schumer, describing the result of the vote as “a momentous day.”
But digital rights group Electronic Frontier Foundation (EFF) is describing KOSA in particular as “a terrible idea” and is, instead of positive sloganeering about protecting the children, delving deeper into what the bills in fact seek to mandate or pave the way for.
The EFF is convinced that they should never become law and is urging citizens to take action to stop Congress from adopting KOSA. The overall criticism is that long-existing problems plaguing youths – such as mental disorders, drug, alcohol, and tobacco abuse, etc., should not be linked to the internet as if these issues weren’t present before.
EFF believes that the bill is in fact designed to “punish bad internet speech,” and makes a point prior to the House vote – appearing to warn about possible politicization – that once it becomes law, it will be out of the hands of the members of Congress to implement it.
Instead, the task would be entrusted to the Federal Trade Commission (FTC), which EFF makes sure to note is “majority-controlled by the president’s party.”
The group said that lawmakers supporting KOSA have chosen to ignore that “the vast majority of speech that KOSA affects is constitutionally protected in the US, which is why there is a long list of reasons that KOSA is unconstitutional.”
KOSA – although stating that platforms are not required to implement age verification – is seen by opponents as paving the way for expansion of this controversial policy, as it wants FTC, FCC, and the Secretary of Commerce to study “options for developing systems to verify age at the device or operating system level.”
Censorship-wise, it allows the FTC to investigate and sue sites that are branded as serving content “harmful” to children. And unlike the previous versions which covered only certain platforms, guided by the number of users, revenue, etc., the bill now appears to cover all platforms, which, unless the wording is changed, would be a fairly drastic provision.
When it comes to privacy and data collection, despite claims to the contrary, platforms will be able to collect or buy data on people with the goal of estimating a user’s age.
According to Senator Blumenthal, this happens “if an online platform already knows that a user is underage.”
How a platform might know that aside, the senator adds, “then it has to provide the safety and privacy protections required by the legislation -the platform cannot bury its head in the sand when it knows a user is underage.”
“Online platforms often already request a date of birth from new users, either for advertising and profiling the user or for compliance with the Children’s Online Privacy Protection Act (COPPA). Online platforms also frequently collect or purchase substantial amounts of other data to understand more about their users,” Blumenthal has said.
AS for COPPA 2.0, it also indirectly pushes for more age verification thanks to the new restrictions on the collection of data from minors. And while the bill doesn’t mandate age verification – platforms that want to collect data or target ads will have to verify the users’ age.
One way to abuse this provision for censorship is the same as what has been happening with the first iteration of COPPA – put creators in a position (say, through specific platform rules) to mark content as safe for children, which means it becomes restricted, and demonetized (stripped of ads).
