This afternoon, Berin Szoka asked me to participate in a TechFreedom conference on “COPPA: Past, Present & Future of Children’s Privacy & Media.” [CSPAN video is here.] It was a in-depth, 3-hour, 2-panel discussion of the Federal Trade Commission’s recent revisions to the rules issued under the 1998 Children’s Online Privacy Protection Act (COPPA).
While most of the other panelists were focused on the devilish details about how COPPA works in practice (or at least should work in practice), I decided to ask a more provocative question to really shake up the discussion: What are we going to do when COPPA fails?
My notes for the event follow down below. I didn’t have time to put them into a smooth narrative, so please pardon the bullet points.
COPPA will fail in the long-run for two reasons:
(1) With COPPA, the FTC is engaged in a technological arms race that it cannot win.
- COPPA was formulated for a Web 1.0 world of static websites with limited interactivity. In that environment is worked reasonably well, although it certainly imposed costs on site developers and affected market structure.
- As we moved into a Web 2.0 world of interactive social media in the mid to late-2000s, however, the rule has been strained by marketplace new realities. COPPA’s drafters never really envisioned sites like Facebook, Twitter, etc.
- In our current environment—let’s call it the Web 2.5 world—we have added mobile geolocation and social discovery to the mix and that is straining COPPA to the breaking point.
- But we are about to enter the Web 3.0 world of the “Internet of Things;” a sensor-based world in which the communication technology will literally be woven into the clothes we wear and all the devices we use.
- Cisco has estimated that by 2020, 37 billion devices will be linked together and communicating.
- It will be almost impossible for COPPA to keep up with the explosion of these technologies because everything in our lives and our children’s lives will be interconnected, communicating, and collecting data.
- Information will be ubiquitously collected simply by nature of the technology itself.
- The entire Web 3.0 world will be one of comprehensive passive information collection.
- So, notions like “collection”, “directed at children” and “personal information” will be become impossible to enforce absence a flat-out ban on the technologies themselves
(2) COPPA will also fail because of the simple reality that the more complicated and costly this regulatory regime becomes, the more likely it is that that both kids and parents will ignore it or seek to actively evade it.
- The actual monetary cost of any online service may obviously be one thing parents and kids seek to avoid.
- But the bigger cost is the mental hassle associated with delayed gratification.
- When people demand certain services, they want them now. And they will get them even when law gets in the way. And sometimes they value the utility / functionality that those services provide more than they value privacy.
- A 2011 Harvard-Berkeley study pointed out the evasion is already rampant and that many parents are facilitating that result by encouraging their kids to lie about their ages online.
- This problem will only increase in the Internet of Things era as kids and parents come to expect all their devices to be communicating at all times and retaining data for them.
So, what are we going to do about? How do we prepare for the post-COPPA world that’s coming?
- We shouldn’t just throw up our hands in defeat.
- But we must accept the technological and practical challenges associated with regulation and seek out alternative approaches.
- Best solution, therefore, is: Education, media literacy, and digital citizenship
- We need to do a much better job educating both kids and adults about sensible online interactions.
- We need to talk to our kids and each other about being more savvy, sensible, respectful, and resilient media consumers and digital citizens.
- In encouraging our kids and fellow Netizens to be good “digital citizens,” we must stress smarter online hygiene (sensible personal data use) and better “Netiquette” (proper behavior toward others), which can further both online safety and digital privacy goals.
- More generally, as part of these digital literacy and citizenship efforts, we must do more to explain the potential perils of over-sharing information about ourselves and others while simultaneously encouraging consumers to delete unnecessary online information occasionally and cover their digital footprints in other ways.
- These education and literacy efforts are also important because they help us adapt to new technological changes by employing a variety of coping mechanisms or new social norms. These efforts and lessons should start at a young age and continue on well into adulthood through other means, such as awareness campaigns and public service announcements.
- The Unintended Consequences of Well-Intentioned Privacy Regulation
- Thoughts on Latest FTC COPPA Rule Revisions & Online Child Safety / Privacy
- Joint CDT-PFF-EFF Comments on FTC’s COPPA Review & the Dangers of COPPA Expansion
- What We Didn’t Hear at Yesterday’s FTC COPPA Workshop
- COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech, by Berin Szoka & Adam Thierer