States Approach Kids Safety Differently From COPPA, Say Attorneys
Incorporating children's and teen safety into privacy has led to a variety of approaches under state law, said two Latham Watkins attorneys on a panel at the Privacy + Security Forum spring academy Friday. An age-gate is the best way for companies to ensure compliance with all of them, they added.
Sign up for a free preview to unlock the rest of this article
“It's much more than just privacy that the regulators are focused on now,” said Marissa Boynton, one of the lawyers. “It's also really about safety and integrity issues for teens and children online. And so those are getting sort of lumped together, often in the complaints and investigations,” by regulators, along with “the idea that just notice-and-consent and transparency are not going to be alone.”
This is where things get complicated in the state law landscape, she said. Although there's a lot of similarity among comprehensive privacy laws, in “the youth space, states are really taking a wide variety of approaches," said Boynton. "They might be coming at it more from the privacy angle, or maybe more from the age-appropriate design code” angle.
It's a different approach from the federal Children’s Online Privacy Protection Act. “COPPA really is a notice-and-consent type of regime,” she said. “With the parents’ consent, you can do most processing of children's data. But … the [state] regulators have realized that it's very hard for parents to be able to understand what's actually happening online, and ... that there's some [responsibility] to be put on the platforms themselves in trying to protect kids and teens online.”
Although it’s federal law, some state attorneys general bring suits with COPPA claims in state court, said Boynton. But the other Latham lawyer, Jennifer Archie, noted that the FTC has also, in recent years, begun using COPPA as part of its investigations and cases. “They're just looking for a hook,” she said. In recent years, “it was very outcome-oriented. ... They picked topics, and they went through the headlines and whatever else they had in the hopper, and they looked for examples" to make the points they wanted to convey.
For instance, Archie cited the FTC’s $20 million settlement last January with the developer of videogame Genshin Impact (see 2501170068). The FTC wanted to go after loot boxes, or ways to spend virtual currency and, at times, even real money on game characters, tools or experiences, “because it's a huge global issue that children are being subjected to these random chance mechanisms that have an addictive quality,” said Archie: The commission included the COPPA claims to get a settlement and gain attention for the case.
Boynton said this was part of a trend of the FTC going after larger companies. “Historically, I think the FTC was going after more small players,” she said. “Under [former Chair] Lina Khan ... there was this idea that … if we go after the big guys, it's like a trickle-down effect,” where everyone else will “fall in line” and they’ll “be able to set the standard with them.”
Archie agreed. The case is an example of the FTC saying, "'this is a hot topic, and we're going to find a vulnerable actor in the space so that we can tell a big story and make a big thing'" of it, she said.
“Age-gating is probably the way to go,” for companies seeking to stay in compliance, she said. “In choosing to resolve the matter by rolling out an age gate, the company’s just accepting that ‘Okay, these games, no matter how we design them or what we think our audience is going to be, we're going to end up with enough kids that we should … just age-gate.’”
While “worldwide, you feel a huge pull to actual age verification,” Archie said, “that's a lot of data to let companies have about people.”