US Senators propose “Eraser Button” for children’s data protection

Cybersecurity_childUS Senators Edward Markey (Democrat) and Josh Hawley (Republican) tabled a draft Bill on 12 March to amend the Children’s Online Privacy Protection Act (COPPA). COPPA prohibits the collection of personal data from children under 13 on online platforms without parental consent. The Senators seek to further align it with the EU General Data Protection Regulation (GDPR) and to extend its scope to cover children under 16.

One significant update would be the increased controls the legislation would give parents over their children’s personal data on these platforms. If approved, it would create what the senators called an “Eraser Button” that would remove all of a child’s data from the related service. If a parent or child decides to delete all of their data, no platform would be able to discontinue service to that user.

The bill suggests:

  • introducing a “Digital Marketing Bill of Rights for Minors” restricting the collection of personal information for advertising purposes to children under 13 without parental consent, and 13-15 year olds without the user’s consent;
  • introducing a clause similar to the GDPR to allow users to request the deletion of their personal information;
  • establishing a Youth Privacy and Marketing Division at the Federal Trade Commission (FTC) to address the privacy of under 16s and marketing directed to them.

The Bill would also require manufacturers of connected devices targeted to children and minors to disclose on the packaging how personal data is collected, transmitted, retained, used and protected. The sales of such devices would also be limited to products meeting robust cyber security standards.

The proposal is supported by numerous organisations, and while Senator Markey has unsuccessfully tried numerous times to update COPPA since 2011, recent scandals around the way platforms are using personal data could change the odds in his favour. Just last month, the Federal Trade Commission penalised TikTok’s parent company with a record-setting $5.7 million for violating current COPPA regulations. In a press release, the FTC claimed that TikTok was collecting the personal data of children under 13 without receiving explicit consent from their parents. Under these proposed rules, apps and platforms like TikTok would have to abide by stronger privacy protections for children up to age 15 as well.