While parents of children who suffered a rash of harms related to their online activities looked on, a subcommittee of the U.S. House Committee on Energy and Commerce advanced 18 bills targeting various issues related to children's online safety to a full committee vote during a markup session 11 Dec.
Despite members agreeing on the general objectives of each piece of legislation, the two most notable bills the Commerce, Manufacturing and Trade subcommittee considered — House Resolution 6884, the Kids Online Safety Act, and House Resolution 6291, the Children and Teens' Online Privacy Protection Act, or COPPA 2.0 — required party-line rollcall votes to advance. Republican members in the majority voted both bills out of the subcommittee 13-10 and 14-10, respectively, with Democratic members citing their reservations over state law pre-emption, and each bill's perceived lack of strong duty of care and knowledge standard requirements imposed on technology companies contained in the House versions as their reasons for voting against the measures.
Subcommittee Chairman U.S. Rep. Gus Bilirakis, R-Fla., said the thrust of each of the 18 bills together signals a clear approach "to tackle children's online safety challenges. He said Congress' ultimate goal is to "protect kids, empower parents and future-proof our legislation as new risks and technologies emerge."
"These bills are a strong proposal with concrete safeguards and obligations for companies, but no single bill is a complete solution," Bilirakis said. "These proposals work together; complementing and reinforcing one another to create the safest possible environment for children."
U.S. Rep. Jan Schakowsky, D-Ill., the subcommittee's Ranking Member, said she was "furious" at Big Tech for the mental and physical harms children have endured from an array of online issues including cyberbullying, the sale and purchase of illicit drugs, and suicide. She said the language contained in the new versions of both COPPA 2.0 and KOSA pre-empting state children's online safety legislation and lacking meaningful duty of care requirements would risk enshrining de-facto legal immunity for tech companies.
"The legislation that has been proposed is terribly inadequate," Schakowsky said. "We know that children are, in fact, dying. I don't understand how the Big Tech companies are not prohibiting the kind of activities that we have been seeing, (and) it is wrong for us to continue with the legislation that we are talking about because it leaves out the big issues that we are fighting for."
COPPA 2.0, KOSA proposals draw ire of Democrats
While COPPA 2.0 and KOSA were ultimately voted to advance to the full Energy and Commerce committee, the Democratic subcommittee members' criticism of the House bills that modified the previous iterations of the Senate's versions that passed overwhelming last year suggests the proposed bills may face legislative blocks in the upper chamber if either or both successfully pass in the full House of Representatives.
In announcing his opposition to supporting KOSA as constituted, U.S. Rep. Frank Pallone, D-N.J., the Energy and Commerce committee's ranking member, said he had "strong concerns about the broad pre-emption" contained in the bill. He also said the bill should feature a stronger knowledge standard imposed on tech companies.
"My no vote does not mean that we will not continue to work to find a path on this bill and others, including COPPA 2.0," Pallone said. "Kids' safety is too important to get wrong. I know we all want to get this right, and we're going to continue to work across the aisle to do so."
The subcommittee chairman Bilirakis said the version of KOSA members were considering had recently been re-worked to incorporate feedback from parents whose children engaged in self-harm, were victimized by online predators and bought illicit substances laced with fentanyl from other social media users. He said KOSA contains requirements for platforms to impose default safeguards for minor users and simple parental controls for protecting their child's personal information.
"KOSA will broadly protect kids and teens, while the other bills before us address particular harms or take specific approaches to help ensure no existing thread is left unaddressed," Bilirakis said. "In many ways those bills make KOSA even stronger by working alongside them."
For COPPA 2.0, U.S. Rep. Laurel Lee, R-Fla., said the version under consideration updates the existing knowledge standard contained in the original COPPA legislation passed in 1998, while setting "clear limits" on how platforms may collect, use or maintain a minors' personal information. She said the bill also enables families to request to delete, review and correct minors' personal information.
While not addressing pre-emption directly, Lee said a "child's level of protection should not depend on their zip code" and noted many state children's online safety laws have been subject to litigation brought by technology industry groups.
"This is one of the strongest and most meaningful protections that we can give families in the absence of congressional action," Lee said. "States have understandably attempted to address these issues on their own, but the result has been a patchwork of different, and often conflicting requirements. A fractured legal landscape only delays meaningful protection and creates compliance burdens that small innovators are least equipped to bear."
Speaking in opposition to COPPA 2.0, U.S. Rep. Kathy Castor, D-Fla., said the version under consideration during the hearing was a "gutted version" of the law, adding that it "turns the back of Congress on families."
"There's such a Big Tech-friendly pre-emption clause here that it swallows the entire effectiveness of the entire Children's Online Privacy Protection Act,” Castor said. "(This) flies in the face of our good bipartisan work in the last Congress. It's also a slap in the face to everyone (who has) worked at the state level on kids' privacy."
Questions remain over age assurance in other bills
Among the remaining 16 bills, another piece of legislation that created buzz among subcommittee members was House Resolution 6333, the Parents Over Platforms Act. The bill would require app store providers to implement age assurance mechanisms and send a secure age signal identifying the user's age to an app developer, while also performing their own form of age assurance.
"We know from recent polling that 70% of parents believe protections shouldn't stop at the point of download," said U.S. Rep. Erin Houchin, R-Ind. Parents "want measures that continuously keep minors safe while they use an app … (This bill) closes the loophole that empowers kids to bypass safeguards and leaves parents without any avenues to protect their own children."
However, Houchin's Republican colleague, U.S. Rep. Jay Obernolte, R-Calif., said he was opposed to imposing age assurance requirements on app developers when a user's app store could serve as a single source of truth for identifying their age. Otherwise, he said requiring individual apps to do their own form of age assurance would risk "creating a bunch of different repositories of personal information on minors" within each and every app listed in a marketplace.
"In most cases an app store is going to do a better job than the application in determining the age category of the users," Obernolte said. "I think there is a lot more opportunity for error if you require each application to do (age assurance) separately."
Absence of federal privacy law looms large
As Bilirakis noted, the new versions of COPPA 2.0 and KOSA are intended to work alongside the wide range of children's safety bills advanced to the full Energy and Commerce committee. Those bills address other major children's online safety concerns, including protecting adolescents from exploitative chatbots powered by generative artificial intelligence, limiting the sale of minors' personal data by data brokers and preventing the trafficking of fentanyl through social media platforms.
Though the other bills beyond COPPA 2.0 and KOSA met less friction in the discussions among members of the rival political parties, there was an underlying recognition the lack of a federal comprehensive data privacy law was further complicating their work on the pieces of legislation they presented during their hearing.
"The best solution to protect our kids online is a federal data privacy standard that we can build off and include additional protections for children and teens," said U.S. Rep. Yvette Clarke, D-N.Y. "I implore my colleagues on both sides of the aisle to take the time … to put the partisan back and forth to rest and get serious about a federal privacy standard. Until then, no one is safe online."
Alex LaCasse is a staff writer for the IAPP.
