My Senate Testimony on the Children’s Online Privacy Protection Act (COPPA)

by on April 29, 2010 · 3 comments

I’m testifying this morning before the Senate Commerce Committee’s Consumer Protection Subcommittee on Examining Children’s Privacy: New Technologies and the Children’s Online Privacy Protection Act at 10 am in 253 Russell. I offered an overview of my testimony in a PFF TechCast interview yesterday.

MP3 file: PFF TechCast #4 – Senate COPPA testimony of Berin Szoka

My pre-scripted oral testimony (PDF) follows below, but you can download my somewhat longer written testimony here, which offers an overview of our past work on this subject at PFF, particularly the paper Adam Thierer and I published last summer COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech.


Mr. Chairman and Committee members, thank you for inviting me here today.  My name is Berin Szoka.[1] I’m a Senior Fellow at The Progress & Freedom Foundation.  I commend this Committee for studying COPPA, and the FTC for its upcoming COPPA Review and Roundtable.[2]

Background on COPPA

For an “Internet Jr.” of sites “directed at” children under 13, COPPA requires sites either to age-verify all users or limit functionality to prevent children from making personal information “publicly available”—including the sharing of user-generated content.  COPPA imposes the same requirement on general audience sites when they have actual knowledge a user is under 13.  Because of this forced separation and the costs of age verification, COPPA may well have unintentionally limited choice and competition by driving increased consolidation in the marketplace for child-oriented sites and services online.  On the other hand, COPPA has been reasonably successful in fulfilling Congress’s original goal of “enhancing parental involvement” to protect children’s online privacy and safety.

Whatever this trade-off, I’m here today to caution against expanding COPPA beyond its original, limited purpose. COPPA’s unique value lies in its flexibility, subtlety, and intentional narrowness.

COPPA is flexible because it potentially applies to the entire Internet regardless of the access device used—including services scarcely imaginable in 1998.

COPPA is subtle because it requires “verifiable parental consent” not only if site and service operators gather personal information from kids for their own use, but also if sites enable children to make personal information “publicly available” online.  Even more subtle is COPPA’s creative solution to the thorny problem of age verification.  Unlike the similarly-named Child Online Protection Act,[3] COPPA only requires age verification of users on sites clearly directed at children, whereas COPA required it for any site offering content deemed “harmful to minors.”

Efforts to Expand COPPA Raise Serious First Amendment Concerns

Back in 1998, Congress wisely chose not to apply COPPA to adolescents.  Unfortunately, recent efforts to expand COPPA have put online privacy, child safety, free speech and anonymity on a collision course.  Several states have proposed what we at PFF have called “COPPA 2.0” laws, extending COPPA to adolescents under 17 or 18.  But once the age threshold rises above 13, it becomes increasingly difficult to distinguish sites “directed at” children below the threshold from general audience sites.  With this seemingly small change, COPPA would essentially converge with COPA:  COPPA would extend beyond a discrete “Internet, Jr.” to require age verification for sites used by many adults—and, indeed, other states have proposed simply extending COPPA to all social networking sites.  But requiring adults and even older teens to prove their age by identifying themselves constitutes a prior restraint on anonymous or pseudonymous communication.  This raises the same First Amendment concerns that caused the courts to strike down COPA.

COPPA Expansion Would Undermine Privacy

Ironically, broad age verification mandates would reduce online privacy by requiring more information to be collected from both adolescents and adults, including credit card information.  While COPPA’s safe harbors play a valuable role in administering self-regulation under COPPA,[4] government shouldn’t put them in the awkward position of becoming repositories for huge troves of personal information in the name of protecting privacy.

COPPA Expansion Would Not Enhance Child Safety

Nor would COPPA expansion make adolescents safer online.  Some have argued that age verification mandates could protect children by allowing sites to create “safe spaces” that exclude predators.  Unfortunately, the reality is that the technology for reliable age verification simply doesn’t exist.  Even the FTC has made clear that it doesn’t consider COPPA’s verifiable parental consent methods, such as use of a credit card,[5] as equivalent to strict age verification.[6]

Fears of Advertising Should Not Drive COPPA Expansion

COPPA expansion could also undermine the viability of many online sites and services.  Some consider marketers the “real predators”—even though advertising is the great “Hidden Benefactor”[7] that funds the overwhelming majority of “free” Internet content and services.  COPPA already applies to the collection of information that could potentially allow the contacting of a child under 13.  The Network Advertising Initiative already requires verifiable parental consent for behavioral advertising to children under 13.  But if COPPA were expanded to require general audience sites funded by tailored advertising to age-verify all users, it would devolve into the unconstitutional approach found in COPA.  Importantly, COPPA expansion would also raise costs for smaller or new sites and services geared toward minors.  This could discourage new innovation, limit choice, and raise prices for consumers.[8]

Ultimately, concerns about tailored advertising may be less about privacy than about what advertising scholar Jack Calfee has dubbed the “Fear of Persuasion”—the idea that advertising is inherently manipulative and only grows more so with increased relevance.  But as Calfee notes, “by the age 10 or so, children develop a full understanding of the purpose of advertising and equally important, an active suspicion of what advertisers say.”[9] If government has a role to play in addressing concerns about tailored marketing, it lies in educating kids about advertising to help them become smarter consumers.  Last week, the FTC launched just such an education campaign with its AdMongo tutorial website ([10] The FTC excels in consumer education, and should be encouraged in these efforts as a less restrictive alternative to regulation.[11]

Opening the Door to COPPA Expansion through FTC Overhaul via Financial Reform

Finally, financial reform legislation recently passed by the House would give the FTC sweeping new rulemaking powers.  H.R. 4173 would allow the FTC to unilaterally change COPPA, including its age range.  Such decisions should be made by Congress, not the FTC.  If Congress wants to help the FTC implement COPPA, it should consider additional funding for education and enforcement.

Thank you again for inviting me here to testify.

[1] The views expressed here are his own, and not necessarily the views of the PFF board, other fellows or staff.

[2] Federal Trade Commission, Request for Public Comment on the FTC’s Implementation of the Children’s Online Privacy Protection Rule, April 5, 2010,; see also COPPA Rule Review Roundtable,

[3] 47 U.S.C. § 231.

[4] See Federal Trade Commission, Safe Harbor Program,

[5] Under the FTC’s “sliding scale” approach to obtaining parental consent, other acceptable methods include print-and-fax forms, follow-up phone calls and e-mails, and using encryption certificates.  16 C.F.R. § 312.5(b)(2).

[6] In a February 2007 report to Congress about the status of the law and its enforcement, the FTC said that no changes to COPPA were then necessary because the law had “been effective in helping to protect the privacy and safety of young children online.”  Federal Trade Commission, Implementing the Children’s Online Privacy Protection Act: A Report to Congress at 1, Feb. 2007,
.  In discussing the effectiveness of the parental consent verification methods authorized in the FTC’s sliding scale approach, however, the agency acknowledged that “none of these mechanisms is foolproof.”  Id. at 13. The FTC attempts to distinguish these parental consent verification methods from other kinds of age verification tools in noting that “age verification technologies have not kept pace with other developments, and are not currently available as a substitute for other screening mechanisms.” Id. at 12.

[7] Adam Thierer & Berin Szoka, The Hidden Benefactor: How Advertising Informs, Educates & Benefits Consumers, Progress on Point 6.5, Feb. 2010,

[8] In 2005, the FTC has cited an estimate of $45/child as the cost of obtaining verifiable parental consent for child-oriented sites to comply with COPPA. See Comments of Parry Aftab, Request for Public Comment on the Implementation of COPPA and COPPA Rule’s Sliding Scale Mechanism for Obtaining Verifiable Parental Consent Before Collecting Personal Information from Children at 2, June 27, 2005,

[9]/a>Jack Calfee Fear of Persuasion: A New Perspective on Advertising and Regulation, 59 (1997).

[10] Federal Trade Commission to Launch Advertising Literacy Campaign National Program Gives ‘Tweens’ Ages 8 to 12 Skills to Recognize, Understand Advertising, April 26, 2010,

[11] See, e.g.,; NetCetera: Chatting With Kids About Being Online,
; You Are Here: Where Kids Learn to be Smarter Consumers,

Previous post:

Next post: