SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
online privacy
'Much-Needed': FTC Bolsters Privacy Rules to Protect Kids Online
"Anyone who believes that children deserve to explore and play online without being tracked and manipulated should support this update."
Dec 20, 2023
To ensure that tech giants will not have "carte blanche with kids' data," as one advocacy group said, the Federal Trade Commission on Wednesday unveiled major proposed changes to the United States' online privacy law for children for the first time in a decade, saying that companies' evolving practices and capabilities require stronger protection for young people.
"Kids must be able to play and learn online without being endlessly tracked by companies looking to hoard and monetize their personal data," said FTC Chair Lina Khan as she announced proposed changes to the Children's Online Privacy Protection Act (COPPA) of 1998.
For more than two decades the law has restricted companies' online tracking of children through social media apps, video games, and advertising networks by requiring firms to obtain parental consent before gathering or using young users' personal information.
Platforms like Instagram and TikTok have sought to comply with COPPA by prohibiting children under age 13 from having accounts and requiring users to provide their birth dates, but regulators have accused several tech companies of failing to adequately protect children, and firms including Amazon, Google, and Epic Games have been hit with multimillion dollar penalties for COPPA violations.
Under the proposed changes, companies would be:
- Required to obtain verifiable parental consent to disclose user information to third parties including advertisers, "unless the disclosure is integral to the nature of the website or online service";
- Prohibited from using personal information to send "push" notifications urging kids to use their services or platforms more;
- Required to establish and implement a written children's personal information security program;
- Required to establish and make public a written retention policy for children's data; and
- Prohibited from using any retained personal user information for any secondary purpose or from retaining the information indefinitely.
Education technology firms would also be permitted to collect and use students' personal information only for school-authorized educational purposes and not for commercial use, and COPPA Safe Harbor programs—industry groups which are permitted to seek FTC approval for self-regulatory guidelines that are the same as or stronger than COPPA's—would be required to publicly disclose their membership lists and report additional information to the FTC.
Haley Hinkle, policy counsel for children's digital advocacy group Fairplay, said the proposed rulemaking builds on the FTC's recent enforcement actions against companies including Epic Games—which charged users, including children, for unwanted purchases—and Meta, which misled parents about controls on its Messenger Kids app and about who could access kids' data.
"With this critical rule update, the FTC has further delineated what companies must do to minimize data collection and retention and ensure they are not profiting off of children's information at the expense of their privacy and well-being," Hinkle said. "Anyone who believes that children deserve to explore and play online without being tracked and manipulated should support this update."
Katharina Kopp, director of policy for the Center for Digital Democracy, said that strengthened online safeguards are "urgently needed" as markets and web companies increasingly pursue children "for their data, attention, and profits."
The rule will "help stem the tidal wave of personal information gathered on kids," Kopp said.
"The commission's plan will limit data uses involving children and help prevent companies from exploiting their information," she added. "These rules will also protect young people from being targeted through the increasing use of AI, which now further fuels data collection efforts. Young people 12 and under deserve a digital environment that is designed to be safer for them and that fosters their health and well-being. With this proposal, we should soon see less online manipulation, purposeful addictive design, and fewer discriminatory marketing practices."
Khan said the updated rules will make clear that safeguarding children's data online is the responsibility of tech firms.
"The proposed changes to COPPA are much-needed, especially in an era where online tools are essential for navigating daily life—and where firms are deploying increasingly sophisticated digital tools to surveil children," she said. "Our proposal places affirmative obligations on service providers and prohibits them from outsourcing their responsibilities to parents."
Zamaan Qureshi, co-chair of the Design It for Us coalition, said the proposed rules, which are subject to a 60-day public comment period before the FTC votes on them, "will make kids and teens much safer online."
"We applaud the FTC's new proposed rules that strengthen COPPA by centering the experience of children online, rather than Big Tech's bottom line," said Qureshi. "The proposed rule directly targets Big Tech's toxic business model by requiring the invasive practice of surveillance advertising to be off by default, limiting harmful nudges that keep young people coming back to the platform even when they don't want to, and including protections against the collection of biometric information."
"The FTC is acting where Congress has failed to, imposing strict rules for Big Tech who have spent years profiting off our personal information and data," Qureshi added. "This proposal should signal to Congress to act quickly in 2024 to advance bipartisan kids' privacy and safety legislation."
Keep ReadingShow Less
To 'Uphold Human Right to Privacy,' Global Coalition Demands Safeguards for Encrypted Services
"The need for privacy has never been more urgent," said one advocate. "Encryption is a shield that protects everyone but most especially the most targeted and vulnerable communities."
May 03, 2023
A global coalition of more than 40 companies and digital rights groups on Wednesday urged governments around the world to publicly vow to "protect encryption and ensure a free and open internet."
The coalition sent its open letter to policymakers in Australia, Canada, the European Union, India, the United Kingdom, and the United States on World Press Freedom Day because digital privacy safeguards are particularly important to journalists and their sources, though advocates stressed they're essential to preserving democracy and human rights at large.
"Encryption is a critical tool for user privacy, data security, safety online, press freedom, self-determination, and free expression," states the letter. "Without encryption, users' data and communications can be accessed by law enforcement and malicious actors."
"Government attacks on encrypted services threaten privacy and put users at risk," the letter continues. "This might seem like a distant problem primarily faced in authoritarian countries but the threat is just as real and knocking at the doors of democratic nations."
"Policymakers understand the importance of privacy when it comes to opening someone else's physical mail, accessing their banking or other private information, but limit such protections online."
As the coalition, organized by Tutanoa, Fight for the Future, and Tor, explained, the value of end-to-end encryption "in defending privacy cannot be overstated, but is also seen as a threat to law enforcement who argue that the ability to freely access individuals' communications is critical for criminal investigations."
Law enforcement's narrative "has spurred worrying initiatives such as the Online Safety Bill in the U.K., the Lawful Access to Encrypted Data Act and EARN IT Act in the U.S., India's Directions 20(3)/2022 – CERT-In, Bill C26 in Canada, the Surveillance Legislation Amendment Act in Australia as well as the proposed rules to prevent and combat child sexual abuse in the E.U.," the coalition noted. "These laws aim to take away the right to privacy online by forcing encrypted services to weaken the security of their users and give law enforcement access to user information upon request."
In a statement, the coalition condemned the aforementioned proposals as "alarming examples of democratic governments following in the path of authoritarian governments like Russia and Iran, who actively limit their citizens' access to encrypted services thereby weakening their human rights."
Pushing back against such measures, the letter calls on "democratic leaders" to "protect encryption and uphold the human right to privacy."
Specifically, signatories implored all governments to:
- Ensure that encryption is not being undermined via overreaching legislative initiatives;
- Ensure that technologies providing secure, encrypted services are not being blocked or throttled; and
- Revisit any bills, laws, and policies that legitimize undermining encryption or blocking access to services offering encrypted communication.
"Encrypted services are at the forefront of the battle for online privacy, freedom of the press, freedom of opinion and expression," says the letter. "Many journalists, whistleblowers, and activists depend on secure, encrypted solutions to protect their data as well as their identity. Access to these tools can be literally life or death for those who rely on them."
The open letter echoes United Nations Secretary-General António Guterres' fresh warning that "in every corner of the world, freedom of the press is under attack."
"Freedom of the press is the foundation of democracy and justice," said Guterres. "It gives all of us the facts we need to shape opinions and speak truth to power."
"Meanwhile, journalists and media workers are directly targeted on and offline as they carry out their vital work. They are routinely harassed, intimidated, detained, and imprisoned," he added. "At least 67 media workers were killed in 2022—an unbelievable 50% increase over the previous year."
"Many policymakers believe they can have a 'magical key' to access encrypted communication—completely ignoring technical facts: Encryption is either securing everyone or it is broken for everyone."
While legislative and regulatory attempts to undermine encryption are especially hazardous to reporters and dissidents, experts made clear that weakening digital privacy ultimately endangers everyone.
"Encryption is a necessary tool for safeguarding our digital rights and the principles of a free and open society. By upholding encryption within messaging apps, websites, file sharing, and other online services, we empower journalists to report on important issues while protecting their sources without fear of surveillance and retribution," said Isabela Fernandes, executive director of the Tor Project. "The Tor network is underpinned by encryption, and we have partnered with many news outlets and social media sites to launch Onion Sites that bypass censorship and allow people to safely and anonymously access, share, and publish information."
Fight for the Future campaigner Eseohe Ojo argued that "the need for privacy has never been more urgent."
"Encryption is a shield that protects everyone but most especially the most targeted and vulnerable communities," said Ojo. "This ranges from journalists and activists to LGBTQ+ folks, abortion seekers, [and] ethnic and other minorities. Why take away the tools needed to help protect them at a time they need these tools the most?"
"Policymakers understand the importance of privacy when it comes to opening someone else's physical mail, accessing their banking or other private information, but limit such protections online," she added. "Encrypted services protect and empower individuals. It is about time governments recognize and safeguard access to these tools."
Tutanota co-founder Matthias Pfau lamented that "many policymakers believe they can have a 'magical key' to access encrypted communication—completely ignoring technical facts: Encryption is either securing everyone or it is broken for everyone."
"If policymakers want a 'magical key,' they will ultimately destroy the security of all citizens, including journalists and whistleblowers who depend on encryption to expose abuses of power or other grievances in society," Pfau warned. "That's why we at Tutanota will never weaken our encryption. If governments outlaw encryption, they need to block access to our encrypted email service, just like Russia and Iran are already doing."
Keep ReadingShow Less
133 Rights Groups Warn EARN IT Act Threatens Online Privacy and Free Speech
"We support curbing the scourge of child exploitation online. However, EARN IT will instead make it harder for law enforcement to protect children. It will also result in online censorship that will disproportionately impact marginalized communities."
May 02, 2023
As U.S. lawmakers renew efforts to pass a bipartisan bill intended to combat sexual exploitation of children online, 11 dozen advocacy groups argued Tuesday that the federal legislation would actually not only fall short in its mission but also endanger digital privacy and free expression.
U.S. Sens. Lindsey Graham (R-S.C.), Marsha Blackburn (R-Tenn.), and Richard Blumenthal (D-Conn.) along with Reps. Ann Wagner (R-Mo.) and Sylvia Garcia (D-Texas) last week reintroduced the Eliminating Abusive and Rampant Neglect of Interactive Technologies (EARN IT) Act.
The EARN IT Act (S. 1207/H.R. 2732) takes aim at Section 230 of the Communications Decency Act, which states that "no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider."
The controversial bill would remove that blanket liability protection for civil or criminal law violations related to online child sexual abuse material (CSAM) and establish a national commission—filled with members of federal agencies, law enforcement, and survivor groups as well as legal and technical experts—to craft voluntary "best practices" for providers.
"EARN IT will jeopardize access to encrypted services, undermining a critical foundation of security, confidentiality, and safety on the internet."
In their Tuesday letter to the Senate Judiciary Committee, 133 groups led by the Center for Democracy & Technology wrote: "We support curbing the scourge of child exploitation online. However, EARN IT will instead make it harder for law enforcement to protect children. It will also result in online censorship that will disproportionately impact marginalized communities."
"In addition, EARN IT will jeopardize access to encrypted services, undermining a critical foundation of security, confidentiality, and safety on the internet," they continued. "Dozens of organizations and experts have repeatedly warned this committee of these risks when this bill has been previously considered, and those same risks remain. We urge you to oppose this bill."
The letter—also signed by Access Now, ACLU, Amnesty International USA, Demand Progress, Electronic Frontier Foundation (EFF), Fight for the Future, Free Press Action, GLAAD, Human Rights Campaign, PEN America, Public Knowledge, Transgender Law Center, Tor Project, Wikimedia Foundation, and more—lays out the groups' critiques in detail.
"Section 230's liability shield applies to smaller and start-up companies that are interactive computer service providers, not just a handful of large companies like Google and Meta," the letter stresses. "By opening providers up to significantly expanded liability, the bill would make it far riskier for platforms to host user-generated content," which could cause providers to stop hosting such content altogether or engage in "overbroad censorship" that removes constitutionally protected material.
\u201cToday, we\u2019re joining 130+ LGBTQ+ & other human rights orgs in a coalition urging Congress to oppose the latest iteration of the flawed #EarnItAct. It strongly threatens encryption & free speech while making it harder to protect children from online abuse. \nhttps://t.co/b3j2n6YcfZ\u201d— Woodhull Freedom Foundation (@Woodhull Freedom Foundation) 1683052950
"These wide-ranging removals of online speech will negatively impact diverse communities in particular, including LGBTQ people, whose posts are disproportionately labeled erroneously as sexually explicit," the rights organizations warned, pointing to lessons learned from the anti-trafficking law widely known as SESTA/FOSTA.
SESTA/FOSTA "has forced sex workers—whether voluntarily engaging in sex work or forced into sex trafficking against their will—offline and into harm's way," the groups noted, citing federal research. The law has also "chilled their online expression," and all of "these burdens have fallen most heavily on smaller platforms that either served as allies and created spaces for the LGBTQ and sex worker communities or simply could not withstand the legal risks and compliance costs."
In addition to putting online free expression at risk, the EARN IT Act would disincentivize end-to-end encryption, which "ensures the privacy and security of sensitive communications by making certain that only the sender and receiver can view them," the groups highlighted. "Billions of people worldwide rely on encryption to secure their daily activities online, from web browsing to online banking to communicating with friends and family."
"Everyone who communicates with others on the internet should be able to do so privately. However, this security is especially relied upon by journalists, Congress, the military, domestic violence survivors, union organizers, immigrants, and anyone who seeks to keep their communications secure from malicious hackers," the letter says, emphasizing that abortion patients also rely on the technology, especially since last year's U.S. Supreme Court decision and subsequent state laws restricting reproductive rights.
Though the EARN IT Act is backed by various groups that work to prevent the exploitation of children, the letter makes the case that the bill "risks undermining child abuse prosecutions by transforming providers into agents of the government for purposes of the Fourth Amendment," explaining:
If a state law has the effect of compelling providers to monitor or filter their users' content so it can be turned over to the government for criminal prosecution, the provider becomes an agent of the government, and any CSAM it finds could become the fruit of an unconstitutional warrantless search. In that case, the CSAM would properly be suppressed as evidence in a prosecution and the purveyor of it could go free. At least two state laws—those of Illinois and South Carolina—would have that effect.
Rather than passing Graham and Wagner's bill, the letter asserts, "Congress should instead consider more tailored approaches to deal with the real harms of CSAM online, and it should commit to conducting a full, independent internet impact assessment to identify potential harm likely to result from any internet-related legislation, such as harms to users' freedom of expression and privacy, before the legislation is voted upon."
The rights groups' alarm over the EARN IT Act comes amid debates over other thematically related proposals such as the Kids Online Safety Act (KOSA), which is supported by some advocates for children's rights, health, and privacy but opposed by some signatories to Tuesday's letter, including the ACLU, EFF, and Fight for the Future.
Advocacy groups critical of KOSA, the EARN IT Act, and the STOP CSAM Act—who say that "unfortunately, all three bills have many of the same problems"—plan to hold a press conference about the legislation on Wednesday afternoon with Sen. Ron Wyden (D-Ore.).
This post has been updated to reflect there are 133 coalition members including the Center for Democracy & Technology.
Keep ReadingShow Less
Most Popular