Published May 9, 2023
Big Tech has designed its social-media platforms to addict our children. It is a predatory industry, hooking kids to maximize “user engagement” for profit. These companies have proven themselves to be disinterested in the welfare of children. Rather, they are in a race to the bottom to capture young users first. Now, Congress is saying “enough.”
Current federal law to date, the Children’s Online Privacy Protection Act (COPPA) of 1998, has rendered parents practically powerless to prevent their children from opening a social-media account.
COPPA says that companies may not collect data on minors under the age of 13, and since this is how social media’s business model operates, the de facto age for creating an account has been 13. But it has not been meaningfully enforced because the knowledge standard for liability is extremely high. For social-media companies to be liable for allowing an underage child on their platforms, they had to have “actual knowledge” that the user was underage (essentially meaning they’d need a user’s birth certificate to know that). The result is that eight- to twelve-year-olds are all over social media.
Individual parents might (and do) try to keep their kids off social media, but if all a kid has to do is enter a birth date to launch an account, they can just go behind their parents’ backs.
It is time for an update to the COPPA regime to truly keep underage children off social-media platforms and to put the power over children’s social-media use back in the hands of parents where it belongs. This is exactly what the new bipartisan Protecting Kids on Social Media Act would do if passed.
The bill, introduced last week by Senator Tom Cotton (R., Ark.), Senator Brian Schatz (D., Hawaii), Senator Chris Murphy (D., Conn.), and Senator Katie Britt (R., Ala.), would ban social media for all children under the age of 13, require companies to do meaningful age-verification, obligate parental consent for any minor under the age of 18 to form an account (consent that can be revoked at any time), and ban the use of algorithms to recommend content to a minor’s account. This bill would be a very strong step in the right direction to give parents final authority on their children’s social-media use.
It would also mitigate some of the design features that make social media particularly harmful and addictive to children to begin with. Prohibiting social-media companies from using algorithms to feed content to users under the age of 18 would lessen their addictive effects and protect children from falling down dangerous rabbit holes of sexual, drug, eating disorder, or other types of inappropriate content, as the Wall Street Journal and other outlets have documented.
Another critical strength of the Schatz–Cotton bill is that it would require social-media companies to conduct age-verification of its users. It would not be enough for a user to type in their birth date — which, as mentioned, is ripe for falsification by underage children — the company would have to actually verify a user’s age. Furthermore, the bill would create a government pilot program to develop a secure method of age verification via a new “digital identification credential,” which will be designed to attest to a user’s age without requiring that he or she provide Big Tech companies with any underlying identifying information or government-issued ID. The bill stipulates that Big Tech’s participation in this program is, however, voluntary.
This provision of using a two-factor method, is an excellent solution to both effectively verifying age and protecting user privacy, and was previously suggested in a National Affairs article by Chris Griswold of American Compass. In that piece, Griswold outlines how the government would serve as a go-between and use government records to verify a user’s age and then give the user an authentication key to prove they meet the age threshold without having to submit personal information to the companies themselves. Supplying a “secure, anonymous way to verify age,” as Griswold called for, is precisely what this pilot program would do.
To best protect user privacy, the age-verification provision of this bill would be strengthened though if it were more prescriptive over the methods Big Tech companies could use to verify age, like prohibiting the use of biometric data, and perhaps even requiring participation in the government-run program after a certain period of time, once it’s up and running.
Lastly, the bill provides several avenues for enforcement, which would make it truly effective in ways COPPA has not been. The bill not only empowers the Federal Trade Commission (FTC) but also state attorneys general to ensure Big Tech’s compliance on behalf of their residents. State attorneys general are often nimbler and can act faster than a large government agency such as the FTC.
It is important to note that this bill is just the latest of several recent legislative efforts — many of which are bipartisan — to better protect kids from social media’s harms.
The Protecting Kids on Social Media Act builds on prior momentum generated by two other bipartisan pieces of legislation: the Kids Online Safety Act (KOSA), and COPPA 2.0. KOSA is led by Senator Richard Blumenthal (D., Conn.) and Senator Marsha Blackburn (R., Tenn.) and was recently reintroduced with 33 co-sponsors, including many progressive Democrats. COPPA 2.0 was reintroduced by Senators Ed Markey (D., Mass.) and Bill Cassidy (R., La.).
KOSA, as one of us has written here, would enable parental controls by default for minor accounts and activate the strongest safeguards available. It would also allow minors to opt out of certain addictive design features such as autoplay, notifications, or recommendation algorithms. COPPA 2.0 would raise the age for Internet companies to collect children’s data (and thus the de facto age for social media) from 13 to 15. And these proposed safeguards are both in addition to the many recent efforts in this area by state lawmakers. So far, six states have enacted laws to protect children online, the most notable being Utah’s Social Media Regulation Act, which was signed into law on March 23.
The Schatz–Cotton bill mirrors several provisions of the Utah law. The key strength of both is their innovative approach drawn from contract law. Creating a social-media account and agreeing to its terms of service, the argument goes, is akin to entering a contract. As a general rule, minors lack the capacity to form contracts, which means parental consent is necessary (and reasonable) to underwrite one.
The Protecting Kids on Social Media Act is a strong bill. It goes even further than KOSA and COPPA 2.0 in empowering parents and meaningfully age-guarding social media, and we commend its four sponsors for their boldness. All three bills would significantly move the ball forward on this pressing issue, and are noteworthy models of bipartisanship. These three federal pieces of legislation, as well as the recent state laws, show that nationwide momentum is growing to take back our children from Big Tech.
Clare Morell is a senior policy analyst at the Ethics and Public Policy Center, where she directs the Technology and Human Flourishing Project. Michael Toscano is the executive director of the Institute for Family Studies.