This article has been written by Kajal Arora and edited by Shashwat Kaushik.
This article has been published by Sneha Mahawar.
Table of Contents
Introduction
The world is currently witnessing one of the most exhilarating phases of technological evolution ever. With the imminent rise of artificial intelligence, chatbots, voice recognition, robotics and the like, we are progressing into uncharted territories. With no law to regulate these impending developments, the issue of privacy is assuming its long-pending attention.
Even though technological advancements are comparatively new occurrences enthralling nations across the globe, these nations started taking stern action a long time ago in the age-old battle for securing privacy. This article delves into recent technological advancements and laws enacted to protect privacy in the United States.
Children’s Online Privacy Protection Rule (COPPA)
In a recent development, the tech giant Microsoft was fined up to 20 million dollars for violating the provisions of the Children’s Online Privacy Protection Act of 1998 by collecting the children’s data from their Xbox gaming system without the unequivocal consent of their parents. This upshot holds more importance than it seems prima facie, as it establishes the norm that the act preserves the privacy of children, which would also mean including their digital avatars, biometrics, health and other data. As per the act, for children aged below 13 years, any information ought to be collected after obtaining verifiable parental consent.
The Children’s Online Privacy Protection Act (for brevity, ‘COPPA’) is one of the very few legislations across the globe that exclusively aims to safeguard the online privacy of children. The Act defines a child as under 13 years of age. (Section 6501 of COPPA) It interdicts the owners of websites or online services from collecting any personal information about children. The term ‘personal information’ as defined under COPPA refers to the name, address, e-mail, phone number, social security code or any other sort of information that allows a virtual or physical way to contact the child.
As per the provisions of COPPA, every website or service provider is bound to make a comprehensive privacy policy that outlines the kind of information that the site collects, how it collects and store that information, the purpose of gathering this data, if it shares the information with any third parties, etc.
Even though the act has been in place for a long time, it is reported that more than 50% of apps in the USA do not comply with the basic requirements of COPPA. Whereas, 33% of apps do feature a privacy policy but make no disclosures whatsoever about COPPA.
COPPA 2.0
To address the fact that COPPA is still deemed inadequate to confront the intensifying battle over the privacy of children, COPPA 2.0 was recently reintroduced in the US Senate. The act intends to cover vulnerable children in the age group of 13-17 and teens within its ambit. It intends to expand the definitions under the act and covers websites and services that are reasonably likely to be used by minors. It directs them to follow fair information practises principles and it also bans targeted advertising on children and allows the users an extra layer of control over their information. Moreover, the improved version of COPPA gives the AG of the state power to enforce compliance with the act if a resident of that state has been ‘adversely affected’ by the actions of that website.
Kid’s Online Safety Act (KOSA)
Other than COPPA 2.0, the other bill awaiting clearance is the Kids Online Safety Act. The Kid’s Online Safety Act of 2022 (KOSA) is aimed at taking hold of the increasing suicide rates of children across the USA. It directs websites to stop displaying any self-harming content. It obligates users to set the strictest privacy settings for minors and also grants parents the right to control what their child sees and for how long.
California Consumer Privacy Act (CCPA)
California took the lead in this battle to protect privacy by enacting the California Consumer Privacy Act of 2018 (CCPA). The Act has been recently expanded by the enactment of the Consumer Privacy Rights Act (CPRA). The Act is effective from July 1, 2023, and fills a lot of lacunae left by COPPA. It increases the age of data consent to 16 and widens the scope of personal information. It increases privacy protection for ‘sensitive personal data’. It grants users elaborative control over their data.
California Age Appropriate Design Code Act (CAADCA)
Other than this, California recently enacted the California Age Appropriate Design Code Act (CAADCA), which goes into effect on July 1, 2024. It specifically regulates the collection, storage, processing and transfer of the data of children under the age of 18. It requires the websites to provide clear instructions for children to understand how their data is processed and in what manner. It imposes more obligations on the websites covered under the act and mandates them to conduct data protection assessments and estimate the age of their users.
In the discussion on privacy rights in the USA, it would be unfair not to state the possible emergence of the American Data Protection Privacy Act. It is federal legislation that aims to safeguard the privacy of citizens. It requires websites to publish a privacy policy that delves into detail about the collection, storage and transfer of data. It grants a bunch of rights to the users to ensure that they have control over their data. The bill doesn’t specifically deal with children, so the blog doesn’t deal with the legislation in detail but it’s a highly significant bill set to change the privacy regime in the USA for every citizen, major or minor.
Other developments
The United States Federal Trade Commission, under the leadership of Ms. Lisa Khan, has been actively playing the role of saviour whenever the privacy of people has been attacked. E-commerce giant Amazon was also fined up to $25 million by the US Federal Trade Commission for breaching children’s privacy by keeping their Alexa voice recordings. It was reported that Amazon retained the voice recordings even after repeated requests from the users to delete them.
Amazon’s other gripping device that boasts a smart way of securing the solitude of our homes is its Ring security camera. Recently, the Ring had to face a penalty of $5.8 million for mishandling its customer’s videos. It was reported that Ring gave its employees the unhindered right to access these videos. As part of its agreement with the US FTC, Ring has been commanded to disclose its privacy policy elaborately and inform users about the limits of access the company possesses to their data.
Last year, Epic Games was also fined heavily as its video game ‘Fortnite’ illegally collected the personal information of children and matched them with strangers using manipulative techniques. In the deal that was termed historic in the entire gaming industry, Epic Games agreed to pay $520 million as a fine to settle the accusations levelled by the FTC.
In 2019, in the most notorious breach ever, Google agreed to settle the FTC’s allegations of illegal data harvest from children on YouTube by paying over $170 million as a penalty. In another recent case, the FTC proposed a ban on Meta as it infringed on the privacy of children by misleading parents about the control of the Messenger Kids app.
Even though the blog here focuses on the regime in the USA, it must be noted that the cognizance of children’s privacy isn’t parochial. The Irish data protection commission penalised Instagram because it failed to protect the privacy of children and led to the publication of their personal data. Such developments can be noticed in the UK as well, where the information commissioner’s office imposed a huge penalty on TikTok for breaching GDPR by allowing minors to sign up for the app.
Conclusion
The impact of technological advancements on data protection can’t be abnegated. With the ease and convenience of these devices and technology, people have become accustomed to the succour provided by these tools and apps in their strenuous lives. However, what we fail to realise is that, with the comfort of the services they provide us with, they take hold of our personal data. Our personal information, when in the hands of any company without our explicit consent, grievously impacts our right to privacy. As technology marks its steps in the future, it’s significant that there are laws to regulate these newly found developments. We need to proceed with caution to ensure that, as the world goes forward, no one risks their privacy in the name of technological development.
Though a serious effort has been made via these laws to guard the privacy of children, they end up putting up more restrictions for them. In this socially developing world, we can’t treat children as oblivious kids who seem indifferent to changes taking place around them. The children of today are far more mindful of their rights and responsibilities. In such a situation, shackling their liberty and privacy and offering reins absolutely to the parents seems like another hurdle in their battle for privacy. Every individual, regardless of their age, should be entitled to digital freedom as an inherent right.
References
- https://uscode.house.gov/view.xhtml?req=granuleid%3AUSC-prelim-title15-section6501&edition=prelim
- https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa
- https://www.pixalate.com/blog/q1-2023-coppa-violation-risk-report
- https://www.internationalnewsandviews.com/major-win-for-child-privacy-microsofts-fine-serves-as-a-warning-to-tech-companies/
- https://www.markey.senate.gov/imo/media/doc/coppa_20_in_118th_-_050323pdf.pdf
- https://www.blumenthal.senate.gov/imo/media/doc/kids_online_safety_act_-_bill_text.pdf
- https://oag.ca.gov/privacy/ccpa
- https://legiscan.com/CA/text/AB2273/id/2606836/California-2021-AB2273-Chaptered.html
- https://www.csoonline.com/article/574965/uk-fines-tiktok-158-million-for-gdpr-violation-of-childrens-privacy.html
- https://www.simmonssimmons.com/en/publications/cl7rde00i5agg0a38b9usaub4/instagram-is-fined-405m-for-mishandling-children-s-user-data
- https://www.reuters.com/markets/us/ftc-proposes-tightening-2020-privacy-order-with-meta-2023-05-03/
- https://www.nytimes.com/2019/09/04/technology/google-youtube-fine-ftc.html
- https://economictimes.indiatimes.com/tech/technology/amazon-to-pay-30-million-for-alexa-ring-privacyviolations/articleshow/100684078.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst