Introduction
Close your eyes and picture yourself walking down a busy New York City street. At any given moment on your walk almost every person you encounter is engaged with some form of personal electronic device.1 Talking on the phone, listening to music, checking email, and scrolling through social media has become part of society’s daily routine.2 Cellphones, laptops, iPods, and other personal electronic devices have taken hold as a major part of daily life for adults and teenagers alike; people of all ages are no longer meeting up at parks and coffee shops to converse on the daily.3 Typically, teenagers4 across the United States spend on average between six and nine hours on entertainment media such as the internet, which includes surfing the web and social media use, among other activities.5 Included in their daily entertainment media use, a significant number of teenagers say they use social media every single day,6 with many of them using multiple social platforms on a day-to-day basis.7 Some of the heaviest teen social media users even admit to checking each of their multiple social media sites upwards of one hundred times each day.8
In this ever increasing digital age,9 a large part of a teenager’s social development is occurring while that teenager navigates through the digital world, whether it be online on a computer or through their cell phone.10 With a rise in online use by teenagers, the federal government passed the Children’s Online Privacy Protection Act (COPPA), which took effect in April of 2000.11 COPPA specifically protects the privacy of teenagers and adolescents under the age of thirteen by requesting parental consent for the collection or use of any personal information of those users.12 The Act was passed in response to a growing awareness of Internet marketing techniques directly targeted at those minors13 under thirteen and the collection of their personal information by websites without any parental notification.14 The Act specifically applies to commercial websites and online services that are directed at children.15
Following the federal governments footsteps in September 2013, California’s Governor Jerry Brown signed Senate Bill 568 (SB 568) into law16, which came into effect in 2015.17 The law aims to specifically protect California minors online18 and particularly attacks websites which are directed towards minors or have knowledge that minors are using their site.19 SB 568 contains two main provisions: the first is directed towards online advertisements and the other focuses on a minor’s right to “erase” his or her online posts.20
The first provision of the law prohibits operators of websites from advertising certain products or services to minors, mainly those that minors cannot legally purchase, such as indoor tanning.21 The second provision, the “eraser” provision, requires operators of websites to allow minors to remove content posted on the website unless the content falls within one of the exceptions.22 In line with the state’s objective of protecting minors, California’s legislation expanded the age of protection and the definition of a minor as promulgated under COPPA from under thirteen years old to under eighteen years old; thus broadening the age range of children and the scope of the law’s protection.23 California’s enactment of SB 568 focuses on expanding the online safeguards that the Federal Trade Commission (FTC) put in place for minors and children with COPPA, as well as including an additional element, one which is a topic of heavy debate in Europe—the right to be forgotten.24
This Note argues that due to the inherent failures of COPPA and the ever rising online presence of both teenagers and minors, the FTC should expand COPPA to include eraser and advertisement protection provisions similar to those found in SB 568 in order to further ensure the protection teenagers and minors online. This Note analyzes both the federal law COPPA and California’s law SB 568, and discusses the changes that the FTC should make in order to further increase the protections COPPA provides to minors online.
Part I examines the rise in online presence of and use by teenagers and the response by the federal government through COPPA and California though SB 568. Part II analyzes both criticisms and laudations of COPPA and SB 568, including SB 568’s attempts to reconcile COPPA’s deficits in California. Part III offers a proposal for the federal government to further expand COPPA and its protections by including provisions similar to SB 568. Part III further analyzes how expansion of COPPA would further the FTC’s goal of protecting minors online while additionally decreasing the burden on online providers in the anticipation that multiple states could start enacting their own individual laws similar to California’s SB 568. Thus, this Note stresses the importance of protecting minors and teenagers online through the enactment of amendments to COPPA.
I. Background
A. Minors and the Internet
One of the fundamental characteristics of the modern age is the convergence of technology and the Internet with everyday life.25 Especially prominent in the lives of adolescents are social media platforms such as Twitter, Instagram, Snapchat, and Facebook which are used for everything from communicating with peers to searching for information.26 Teenagers ages thirteen to seventeen are going online increasingly more frequently than ever before.27 A recent study by the Pew Research Center found that ninety-two percent of teenagers report going online daily—including twenty-four percent who say they go online almost constantly.28
The simplicity of accessing the internet and social media on personal electronic devices such as smartphones makes it easier for teenagers to have endless connection.29 Presently, teenagers are far more likely to access social media on their smartphones than through any other device.30 The ease of access to, and constant presence of, smartphones makes posting statuses, pictures, and commenting increasingly more effortless and subsequently increases the chances of teenagers acting in a quick and rash state of mind.31
Many teenagers strive to fit in; a desire which can reduce sound judgment and cause many teenagers to feel a level of anxiety tied to what they do, especially online.32 But, since teenagers are still developing mentally, their ability to make smart decisions using critical thinking and judgment, is not always at its highest level33 and in fact decision-making skills can be further lowered by a teenager’s increased use of the internet and social media.34 The strong desire of teenagers to fit in with their peers, coupled with a certain lack of judgment,35 and unhindered accessibility to social media, can lead teenagers to make decisions they may regret.36
A teenager’s online reputation is a growing concern given the rise of online social networking and profiles.37 Social media is no longer focused solely on connecting to family and friends—other people who want to know about online users, especially employers, are increasingly turning to social media sites as a way of understanding co-workers, job applicants, and other non-friend groups.38 Schools and employers are rejecting young people for school programs, internships, college admissions, and jobs after researching applicants’ online activities and posts.39 Forty percent of college admissions officers say that in addition to an applicant’s grade point average and application essay, they visit applicants’ social media pages to learn about them, their habits, and their overall demeanor as a person.40
In addition to the college admissions officers, sixty percent of employers recently revealed that they use social networking sites to research job candidates.41 Out of all the online searches, though social media or search engines, almost half of hiring managers who screen candidates via social networks said they uncovered information that caused them not to hire a candidate.42 A single Facebook status or poorly thought out tweet can have lasting ramifications on the teenager who made the post and shared it online through their social media profile.43
The increased presence of adolescents and teenagers online has correspondingly raised serious concerns about the safety of Internet and social media use.44 While navigating the online world may be tricky, teenagers’ blame their cavalier attitude towards online risks such as sexting, cyberbullying, and exposure to inappropriate content on difficulty in self-regulation, both by the parents and minors themselves, in addition to the lack of awareness of repercussions and susceptibility to peer pressure.45
But how does one define privacy in this digital age? Can it even be expected? In the modern world of Wi-Fi, mobile devices, and digital media, it is easy to lose sight of where privacy ends and social sharing begins.46 Teenagers are sharing more personal information online than ever before.47 But not all teenagers take information sharing lightly;48 many teenage Facebook users report confidence in managing their profile settings and take proactive steps to keep their profiles private.49 Many teenagers take further preserve their reputation and conceal information that they do not want others to have access to.50 But, when it comes to social media and the Internet, the basic thinking should be that nothing remains private online—odds are someone will see it.51
B. The Federal Way: COPPA
Minors can be victims of their own inexperience with technology.52 Given this danger, many have argued that both parents and the government have a legal basis for protecting children.53 However, it is not always clear which institution, parent or government, should have the most control over protecting minors online.54 During the 1990s, the Internet served as a catalyst for business operations ranging from marketing and sales, to distribution of products and services.55 Congruently, the Internet had a growing segment of online minor users.56 In response to the rapidly growing number of minor online users, the federal government made two major attempts to protect children’s interests on the Internet in the mid-1990s, both of which subsequently failed.57 The failures, the Communication Decency Act (CDA) of 199658 and the Child Online Protection Act (COPA) of 199759, dealt with the protection of children from exposure to obscene materials online.60
Congress’s first substantial attempt at protecting minors online came in the form of the CDA, adopted as part of the Telecommunications Act of 1996.61 The CDA attempted to implement standards for the Internet similar to those that the Federal Communications Commission (FCC) used for regulating broadcast indecency.62 Similar to the FCC, the CDA’s goal was to criminalize telecommunications contact that was intended to send indecent and obscene materials, such as pornography, to minors.63 The CDA even went as far as to include statutory good faith defenses for Internet Service Providers that sought to limit access to underage individuals.64 But many critics argued the law would not be able to work in accordance with the nature of the Internet and its constant changes.65 The ACLU challenged CDA on First Amendment grounds, arguing that the ban on “indecent” and “patently offensive” speech transmitted online was unconstitutional.66 Ultimately, the Federal District Court for the Eastern District of Pennsylvania found CDA unconstitutional.67
The unconstitutional ruling on CDA prompted Congress to introduce a new law much narrower in focus in order to avoid a fate similar to that of CDA.68 Unlike it’s predecessor, COPA did not focus on sexually-oriented information, but rather prohibited communications made for commercial purposes and restricted material viewed as harmful to minors.69 COPA quickly suffered the same fate as CDA at the hands of the ACLU: both laws mandated governmental control of regulatory issues on the Internet, and both were found unconstitutional.70
By the end of the 1990’s, “almost ten million children across United States had access to the Internet.”71 In response to the failures of CDA and COPA, the federal government enacted COPPA in 1998.72 COPPA, unlike its predecessors CDA and COPA, focuses on children’s online privacy rather than what they are exposed to while browsing on the Internet.73 Aimed to handle privacy issues, COPPA applies to the online collection of personal information from children under thirteen years of age.74 COPPA details extensively what must be included in a website’s privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities are owed to protect children’s privacy and safety online.75
The primary goal of COPPA is to give parents control over what information is collected from their children online76 The Act was designed to protect children under the age of thirteen, while considering the constantly changing nature of the Internet.77 COPPA applies to “operators of commercial websites and online services (including mobile applications) directed to children under thirteen that collect, use, or disclose personal information from children.”78 The law further extends to include compliance from operators of websites directed to general audiences that have actual knowledge that they are collecting, using, or disclosing personal information from children under thirteen that are using their site.79 COPPA additionally extends to further cover websites or online services that collect information from other sites.80
1. COPPA’s Mandates
The five key requirements of COPPA are: (1) notice; (2) parental consent; (3) parental review; (4) limits on the use of games and prizes; and (5) security.81 Under COPPA, operators of websites82 and apps83 directed at children,84 or who knowingly collect personally identifiable information85 from children,86 are required to follow a set of privacy standards.87 Website providers directed at children must post a clear, comprehensive, and accessible online privacy policy describing their practices for collecting information from children.88 Providers must also provide direct notice to parents as well as obtain verifiable parental consent,89 with limited exceptions90, before collecting personal information from children using their site.91 Parents must also be given a choice by providers as to whether or not to consent to the operator’s collection and internal use of their child’s information.92 Parents can prohibit the operator from disclosing information to third parties unless such disclosure is integral to the site or service, which must be made clear to parents.93 Further, parents have the option to make a request to the providers to access to their child’s personal information to review and/or have the information deleted.94
COPPA also requires that operators maintain the “confidentiality, security, and integrity” of any and all information they collect from children, including taking reasonable steps in order to ensure that third parties coming into contact with the information are also capable of maintaining the confidentiality and security of the information.95 Website providers do not have unlimited and unfettered use of the information; they can only retain personal information collected online from a child for only as long as is “necessary to fulfill the purpose for which the information was collected.”96 Once the information collected is no longer necessary, “providers must delete the information using reasonable measures to protect against” its unauthorized access or use.97 Other mandates of COPPA give parents the opportunity to prevent further use or online collection of a child’s personal information.98
There are a number of exceptions to COPPA’s rules.99 Parental consent, for example, is not required when the operator collects personal information, such as the name or contact information of a parent or child in order to secure further parental consent.100 Another immunity exists under the one-time-contact exception.101 The one-time contact exception allows websites to circumvent parental consent when they respond directly, on a one-time basis, to a specific request from the child. However, this exception requires that any information obtained cannot be used to re-contact the child or for any other purpose.102 Instead, promptly after responding to the specific request, the exception requires that the information not be disclosed and must be deleted by the operator from its records.103
C. Privacy for Minors in California: SB 568
In early 2013, during a period when the White House and Congress were criticized for moving at a glacial pace104 regarding Internet regulations, California was moving full steam ahead with a series of online privacy laws.105 The burst of activity was a sign that California – often viewed as the frontrunner when it comes to digital privacy106 – was setting the agenda and raising the bar for Internet regulations.107 Already a technology-forward state, with Silicon Valley at its heart, California’s response to a cultural shift towards more privacy and online protection and the rise in teenager and minor social media use108 was the enactment of Senate Bill 568 (SB 568), entitled Privacy Rights for California Minors in the Digital World.109
Nicknamed “the eraser button law,” the purpose of the new law is to protect the online privacy of children and teenagers who are under eighteen years of age and reside in the state of California.110 California’s new eraser button law contains two key elements: it gives teens the right to delete social-media posts and prohibits certain types of advertising from targeting them.111 The provisions of SB 568, similar to those found in COPPA, are geared towards websites that are directed towards minors.112 Use by both adults and minors alike does not trigger a site to be categorized as directed towards minors under the California law.113 Under the advertising provision of SB 568, it is up to website operators to determine whether their site is directed towards minors.114 California’s enactment of SB 568 was geared towards further expanding the safeguards the FTC put in place for minors115 in COPPA.116 California’s legislature concluded that children and teenagers, as compared to their adult counterparts, were at greater risk online because children lack fully developed self-regulating abilities and easily succumb to online-driven peer pressure.117
1. Minors and Website Advertisements
At their core, the majority of social networks are advertisement based companies with the objective of selling an Internet user’s attention to their business partners or other third parties.118 High social media use can lead minors to being inundated with numerous advertisements and products.119 Simply by logging into a social media site, internet users of all ages are exposed to advertisements on a wide range of services from clothing stores to restaurants to the newest indoor tanning locations.120 Under the first provision of SB 568, § 22580, Internet companies are prohibited from marketing products to minors that are otherwise forbidden to be offered and sold to minors outside the Internet including guns, alcohol, dietary supplements, and cigarettes.121 In passing SB 568, the California legislature held that it was their responsibility to ensure that children and minors “are not bombarded with inappropriate advertisements while they are learning to be responsible consumers” in the online world.122 Minors are viewed as being more susceptible to online marketing, especially the advertisements of harmful products, as they are still developing their critical thinking skills and judgment.123
Section 22580 of the bill contains mandates regulating advertisements on websites directed towards minors.124 First, the section prohibits site operators from collecting, using, and disclosing the personal information of minors with the intent to market goods or services that minors cannot legally consume or engage in as minors in the state of California.125 Section 22580 also further prohibits these operators from knowingly allowing third parties to gather and use the personal information of these minors for the same marketing purposes.126 Generally speaking, the act prohibits digital sites directed to minors from advertising or marketing services or products that minors cannot legally purchase or use under California law.127 Simply put, “if you can’t sell it to a minor in a retail outlet or face to face, you can’t sell it, advertise it, or solicit on the Internet.”128
As per Senator Darrell Steinberg, the author of SB 568, Internet companies will be left to determine the appropriate filters to prevent prohibited advertisements from reaching minors.129
2. Minor’s Erasing Tool: Time to Reflect
The second provision of SB 568, Section 2258, is often referred to as the “eraser button” provision.130 The provision ensures that minors are given not only the option, but moreover the opportunity, to erase personally-posted material online.131 One of the objectives of the bill is to allow minors a second chance when it comes to impetuous decisions they may make online.132 The eraser provision requires that Internet companies provide minors user-friendly tools that aid in deleting a post or a picture before it is transmitted to a third party.133
Under Section 22581, websites have to not only allow minors the ability to erase what they have personally posted, but additionally, must provide notice to the minors that they are allowed to request erasure, along with instructions on how to do so.134 Under this provision, operators of Internet websites that are either directed to minors or whose operators have actual knowledge that a minor is using their site, must permit a registered user minor to remove or to request and further obtain removal of posted material.135 The caveat is that registered minor users of the website may request the removal only of information that they themselves have personally posted.136 Internet operators furthermore must provide notice and clear instructions to minor users on how to request removal as well as guide them through the removal process.137 An important provision to Section 22581 is that additional notice must be provided to minors to inform them that the procedures mandated by SB 568 do not ensure complete, total removal of the content or information posted.138
The eraser law does, however, contain exceptions to content removal.139 Under Section 22581, a website is not required to erase, remove, or enable the removal in a number of cases, some of which could be problematic to teenagers.140 For example, content that was posted to a website by a third-party and not the minor user is not required to be removed under Section 22581.141 Furthermore, content does not have to be removed if the minor does not follow the specific removal request instructions in place by the website.142 Moreover, if the minor registered user received compensation for their post, website providers are not required to take down the content, even if requested.143
II. The Shortcomings of COPPA and California’s Attempt to Take the Lead
COPPA has been both celebrated and criticized144 and unlike the federal government’s other attempts at protecting minors online, COPPA has persisted to this day.145 In response to concern that COPPA was becoming outdated in the age of social media and behavioral advertising,146 the Act was amended in 2013 to address changes in the way children use and access the Internet, including the increased use of mobile devices and social networking.147 COPPA, however, still contains what some critics would argue are obvious structural deficiencies.148 One of the most glaring issues with COPPA is the lack of protection for children over the age of thirteen.149 Teens are still legally defined as minors and cannot legally enter into binding contracts—including privacy policies frequently found on the Internet.150 The statute thus leaves an odd gap for thirteen to seventeen-year-olds, some of the heaviest online users, who are not covered by COPPA.151
COPPA, some scholars argue, has led to a number of unintended consequences, including shutting out younger children to expansive portions of the Internet,152 as many sites have viewed banning users under the age of thirteen as a simple, more cost effective way of attempting to tackle COPPA and its mandates.153 Even then, some websites have found that minors may lie about their age which creates a loop hole to circumvent COPPA.154 Critics further point out that COPPA places unintended economic burdens on website providers, mainly those categorized as small business,155 even impacting a number of small sites enough to put them out of business all together.156 Larger, more economically stable companies such as Disney and Nickelodeon, faced much fewer problems adhering to COPPA regulations and continued to serve children without limiting the ages of the children their sites served.157 Nonetheless, some small businesses survived the burdens of COPPA to become COPPA compliant and new companies continue to emerge that operate within COPPA’s guidelines.158
Other scholars have observed debates over certain statute definitions or requirements. For example, Sara Grimes highlighted debates over “the Act’s definition of what counts as personal information is too narrow,” and arguments over whether “the requirements for parental consent are problematic for being either too stringent or not adequately enforced.”159 The FTC however, continues to enforce COPPA, filing numerous actions against companies for violating the Act, including a number of very popular and large sites such as Sony BMG, Yelp, and Hersey Foods.160 The methods for collection of parental consent have continuously been one of the largest sources of criticism for COPPA.161 Critics have asserted that the methods approved by the FTC for verification—sending/faxing signed printed forms, calling toll-free numbers, or forwarding digital signatures through email—are too costly and cumbersome.162 A ‘‘sliding scale’’ within the FTC’s rules allows websites to vary how they obtain permission, depending on the type of information being gathered and how the website intends to use the information they acquire.163 But cost continues to be a problem.164 Recent amendments were implemented to COPAA to continue combating the issue of obtaining parental consent while further developing with the evolution of the Internet.165
Children’s privacy advocates, however, praise the FTC on the safeguards COPPA continues to provide in order to protect children’s privacy online.166 When COPPA was originally passed, the FTC was praised for executing a very thorough and conscientious job of developing rules that were not only flexible and effective but a good compromise between the Internet industry and the government.167 With the recent amendments, the FTC was praised for continuing to better develop, amend, and improve COPPA in order to stay current with changing times.168 Changes to the type of information website operators cannot collect without parental supervision169 is just one example of the FTC’s continued efforts to keep COPPA up-to-date with the constant evolution of the Internet.170
SB 568 stands as California’s response to the deficiencies it believes COPPA presents.171 “Unlike COPPA, SB 568 is narrowly focused on giving minors the right to [request] the removal of information they post online and preventing online marketers from targeting [minors] with offers for [prohibited] products and services.”172 Similar to its federal counterpart, SB 568 has been met with both applause and criticism.173 Forbes Magazine called the bill “mockable,” “puzzling,” and an “ill-advised” attempt to rewrite history.174 Critics question how the deletion tool is any different than those readily available online to not only minors, but adults as well.175 Further, some critics believe that the third party repost exception to deletion undermines the goal of the eraser provision completely.176 The most common criticisms claim that the law is too ambiguous177 and a constitutional violation of the Dormant Commerce Clause by California.178
Advocates of the bill, such as Common Sense Media, however, applaud the law, believing it represents an important milestone in the protection of minors online.179 In their view, SB 568 creates an entirely new class of specially-protected minors who are not covered by COPPA, those teenagers older than thirteen, but under the age of eighteen.180 Further, advocates hope that the passage of SB 568 will continue to incentivize and push Congress to continue expanding protection for minors’ privacy online.181 SB 568 has also been applauded for giving minors a second chance when it comes to their activities online,182 especially since, proponents of the law argue, deletion options are not always obvious.183 Growing up is synonymous with learning from one’s mistakes and teenagers deserve the chance to erase their foolish mistakes in private, without the threat of future repercussions from future onlookers.184
III. Proposal: The FTC Should Further Amend COPPA to Include Eraser and Advertisement Provisions In Line with California’s SB 568 To Further Protect Minors Online
Social media takes on a particular importance in society today because of the influence it wields on children and teenagers, who are among the heaviest users of social networking, particularly with regard to their developmental vulnerability.185 There is a necessity to protect children and teenagers, beyond the protections of COPPA, and to extend digital protections to teenagers over the age of thirteen, but under eighteen.186 Although COPPA currently does not apply to teenagers over the age of thirteen but under the age of eighteen, the FTC has made it clear it is concerned about teenage privacy on the Internet and protecting this age group online.187
In proposing COPPA, four goals were addressed:
(1) to enhance parental involvement in a child’s online activities in order to protect the privacy of children in the online environment; (2) to enhance parental involvement to help protect the safety of children in online fora such as chatrooms, home pages, and pen-pal services in which children may make public postings of identifying information; (3) to maintain the security of personally identifiable information of children collected online; and (4) to protect children’s privacy by limiting the collection of personal information from children without parental consent.188
These goals, which continue to remain important today, need to evolve in order to meet the changes in online use by minors, including more frequent and widespread use and ease of accessibility.189
To further these four goals, COPPA was designed to confront two problems: “(1) overmarketing to children and collection of personally identifiable information from children that is shared with advertisers and marketers, and (2) children sharing information with online predators who could use it to find them offline.”190 With an increased accessibility to the Internet, children are interacting online more than ever, leading to an increase in personal information being posted online.191 The potential to over share information, such as personal home addresses or geotagging192 one’s location, combined with how habitually minors and teenagers alike post online, increases the risk of online predators being able to find minors online and use the information shared to their advantages.193
In order to further deal with the concern regarding teenage privacy online as well as further protecting all minor Internet users, the FTC should take the lead from California and further expand COPPA. In expanding COPPA, the FTC should broaden the Act to include provisions similar to both the eraser provisions194 and advertising protections195 found within California’s SB 568. As with the current COPPA provisions, the eraser and advertising provisions would apply to websites directed towards minors or those with knowledge that minors are using their site. While COPPA can continue to leave the original age range of thirteen-and-under for the parental consent and information collecting provisions already enacted,196 in implementing the expanded COPPA, the FTC should increase the age of protection to eighteen-and-under for the eraser provisions and advertising protections in line with SB 568.197 The expansion of COPPA would allow all teenagers under the age of eighteen to request the removal of content they personally post online as well as to be guaranteed the protections of not being inundated by illegal products. By increasing the age of protections, the FTC would ensure that all minors and teenagers on the Internet are afforded the safeguards they require online. An expansion of COPPA would further confront and address the problems COPPA was originally designed to resolve.198
Websites targeted by both COPPA and SB 568 already have deletion options in place, thus furthering the extension of deletion tools available to minors would not be a difficult or costly provision for website providers to comply with.199 However, although many websites that minors use, such as Facebook and Twitter, have obvious delete buttons, deletions tools on other websites and services are not as obvious, and many users are left wondering how to delete their content.200 Snapchat, for example, allows users to delete posts, but they still remain retrievable.201 Thus, content that is deleted by current technology’s delete button is not necessarily completely erased.202 The erasure provision in an expanded COPPA would ensure that Internet providers give minors easy access to the tools that guarantee once something is deleted it stays deleted.203 Putting a minor-specific section into a website provider’s privacy policy, including explanations explaining how minors can delete content or request the erasure of their data together with explanations of what the erasure actually entails, could only be beneficial to minors.204
A further benefit of expanding COPPA to include the provisions found in SB 568 is that a reduction in advertisement of products minors cannot legally purchase face-to-face could lead to an actual reduction of the illegal sale of these products.205 When amending COPPA in 2013 to improve privacy protections and increase parental control over what information website operators collect from children, FTC Chairman Jon Leibowitz observed website operators collecting children’s personal information to create user profiles curated for future targeting with different marketed advertisements.206 Legislatures have observed that minors and teenagers are more susceptible to online marketing of harmful products as they are still developing their ability to use sound judgment, both in the real world and online as well.207 These developmental growths make them increasingly vulnerable to targeted advertising campaigns.208 Due to minors’ and teenagers’ vulnerability to advertising, proponents of SB 568 assert that the government should make sure that both minors and teenagers alike are not overwhelmed by inappropriate advertisements while they navigate the Internet.209 By prohibiting operators from marketing certain products and collecting information for the purpose of marketing directly to minors and teenagers, SB 568,210 and a further amended COPPA, can further preserve minors’ safety online. Since COPPA was designed to deal with over-marketing to children and collection of personally identifiable information from children that is shared with advertisers and marketers, by adding the advertising provisions found in SB 568 to COPPA, the FTC would continue to further its goals of protecting minors and teenagers from the marketing tactics used to attack their still developing judgment.211
Critics of SB 568 do not want to see California become the nation’s laboratory for online privacy laws.212 Instead, these critics argue that Congress is better suited to legislate on these issues.213 Legislation that affects interstate commerce, including Internet legislation, belongs to Congress, and when states like California attempt to take control of the wheel, it sets a dangerous precedent of differing regulations state to state.214 Opponents of laws such as SB 568 argue for uniform regulation of the Internet and oppose fragmented regulation stemming from the states.215 California has a great interest in protecting its minors and teenagers online, but that makes it no different than any other state.216 If other states pass similar laws, companies would be forced to devise multiple policies for the underage residents of different states—confusing both website providers as well as consumers and “creating unwieldy requirements for Web businesses that are essentially stateless.”217 To avoid confusion and burden, website providers might just stop allowing all minors to use their sites until they are of age.218 By passing a more expansive national law to children’s online privacy, the FTC would be lessening the burdens and confusion upon Internet providers that would have to comply with multiple state laws, as well as reducing the risk of Internet providers violating one of these laws.219 The expansion of COPPA to include an eraser provision and advertising protection on a national scheme would require all websites hosted in the United States the protections available in SB 568, thus easing websites from the responsibility of having to distinguish between minor users from different states.220 Consequently, websites would be free from geographic location burdens typically found in state laws and their burdens would further be minimized.221
Accordingly, implementing the eraser button and advertising protections of SB 568 on a national level could protect minors on the Internet, without facing constitutional challenges.222 SB 568 has been criticized for potentially violating the Dormant Commerce Clause,223 a threat other states could potentially face with similar laws their legislatures may wish to enact.224For state laws that are nondiscriminatory on their face but still influence interstate commerce, such as SB 568, the Supreme Court applies the Pike balancing test. Pike v. Bruce Church, Inc., 397 U.S. 137 (1970). Under this test, a court will uphold a state statute if “the statute regulates evenhandedly to effectuate a legitimate local public interest, and its effects on interstate commerce are only incidental . . . unless the burden imposed on such commerce is clearly excessive in relation to the putative local benefits.” Id. at 142. For example225, assume a New York-based child-directed website blocks advertisements from a New Jersey advertising service of items restricted under SB 568 because a portion of the website’s user population comes from California.226 Consequently, the advertising restriction would impact all users of the New York-based website, regardless of the user’s state—even if the minor user could legally purchase the item outside California.227 Thus, the California law unconstitutionally regulates communications between two non-California parties through its restriction of interactions between, in this example, a New York and New Jersey party.228 Proponents of SB 568 and scholars argue, however, that the benefits given to minors in California in a situation similar to the above example outweighs the burden that out-of-state regulators would face, thus surviving the constitutionality challenge though the Pike balancing test.229 Nevertheless, website providers outside the state of California would be burdened, especially when dealing with geographically distinguishing between its users to ensure compliance; a burden that could tip the balancing test towards a constitutional violation.230
The threat of SB 568 being held unconstitutional could reduce the protection minors and teenagers have online; laws that other states could enact face the threat of being repealed. Other states may become disincentivized from even passing similar laws in the first place. An expansion of COPPA would ensure that even if other states attempt to make their own laws regarding online privacy, minors’ privacy rights would continue.
A national regulation utilizing California’s framework within COPPA could act as a U.S. equivalent to the European Union’s “right to be forgotten”, although on a more limited level due to fact that online eraser provisions only apply to minors and content they personally posted.231 More extensive than the provisions found in SB 568 and COPPA, ‘the right to be forgotten” not only protects minors and adults alike but also allows for both personally posted content and third-party posted content to be requested for deletion.232 Such legislation would be viewed as unconstitutionally broad,233 however, a similar but more limited “right to be forgotten” in the United States —one that only applied to minors and only affected content personally posted—could be received with approval234 and be deemed constitutional.235 Thus, the “right to be forgotten” found in the expanded COPPA would not lead to the same fate as CDA and COPA.236
Some scholars argue however, that parents, not the government, should be the ones monitoring minors, citing research that shows “that there is a positive correlation between parents’ level of privacy concern and that of their children.”237 Thus, these scholars argue, parents wield influence over their children’s attitudes and behavior online because of correlation with parent’s own concerns and attitudes.238 However, these scholars caution against parental monitoring as teenagers might practice deception tactics as a defense against parental insurgence into their private space, thus nullifying any parental attempts at aiding their child’s online safety.239 Parental supervision is not always practical given children’s easy access to the Internet.240 To further the goal of protecting minors online in COPPA, the FTC could continue to further release materials241 to help educate and guide both parents on how to further protect their minor children, and minors on how to further protect themselves from the harms of the Internet.242 While no system is one hundred percent foolproof, by extending education to parents and minors, the FTC can further help ensure that the newly expanded COPPA does its job properly.
Recently, bipartisan Senators and Representatives from Massachusetts, Texas, and Illinois have introduced comprehensive children’s online privacy legislation in both the Senate and the House.243 Similar to SB 568, the bill, named the Do Not Track Kids Act, would amend COPPA by extending the protection to teenagers ages thirteen to fifteen and by creating an eraser button that allows children to delete personal information online—all while continuing to require consent for the collection of personal information.244 The Do Not Track Kids Act, however, has been unsuccessful in the legislature.245 Critics of the Do Not Track Kids Act fault its expansion of protection to the age of fifteen as being too confusing, arguing that the distinction between sites aimed at teenagers and children is much more clear than those aimed at various subsets of teenagers.246 The proposal in this Note is better equipped to handle a minor’s privacy protection online than the Do Not Track Kids Act. The proposal in this Note extends eraser and advertising protections to all minors under the age of eighteen, making it easier to distinguish between sites aimed at different age groups, ensuring protection for minors online continues while reducing confusion among web providers who are required to figure out which age group they are tailored towards. Further updates to COPPA similar to those presented to the Senate and House have been presented in recent years before the Senate Commerce Committee, but have also failed.247 Clearly there is a desire to see an expansion made to COPPA that not only broadens the ages the Act protects, but also one that allows minors the ability to be able to take control of what they post.
Research reveals that today’s teenagers desire more privacy than ever before.248 By amending COPPA with a more comprehensive approach to minor’s privacy online—though the implementation of the eraser provisions and advertisement protections—the FTC would also be giving all minors, not just those in California, an increased level of privacy online. Minors everywhere would be given a chance to erase their hasty posts,249 reducing the effect that social media posts have on any future college and job prospects.250 A revised COPPA could allow the saying—once it is out there, you cannot get it back—to become a thing of the past.251
Conclusion
The nation as a whole has a legitimate interest in protecting minors from harm on the Internet.252 With constant technological advances, more and more threats253 may present themselves to minors online.254 Young children and teenagers are still developing their critical thinking skills and judgment and much of this development is now taking place online through interactions on social media.255 Overall, COPPA has helped establish a general understanding that the collection and use of information on young children should be treated with care and avoided if possible.256 This general understanding is a sensible approach that recognizes both the unique vulnerabilities of young children as well as the limitation of a self-regulatory approach, which would place the burden on minors to interpret privacy policies and make informed decisions about the disclosure and use of their personal information.257
California’s privacy and data security framework, as seen in SB 568, is similar to what the Federal Government wants to see implemented on a nationwide scale.258 Indeed, the FTC and the White House call for “greater protections” for personal data obtained from minors.259 By further amending COPPA to cover a larger age group and include both erasure and advertising protection provisions found in SB 568,260 the FTC and the federal government will ensure that privacy protection for minors online does not fall to the wayside and stays current with the changing times.