Skip to content
The COPPA Cops
Go to my account

The COPPA Cops

American teens’ declining mental health prompts a bipartisan push to regulate kids’ use of social media.

A Preteen boy concentrates on his smartphone while wearing ear buds. (Photo by: Kurt Wittman/UCG/Universal Images Group/Getty Images)

Teens and young adults in America, and girls in particular, are experiencing record levels of anxiety, depression, and even self-harm and suicide. A growing body of evidence suggests that social media and smartphone use contribute to the crisis.

The main federal statute aimed at protecting children online—the Children’s Online Privacy Protection Act (COPPA)—is more than 20 years old. The internet has changed dramatically since the law was passed in 1998, and bipartisan support for new regulations is growing.

What is Congress considering?

How COPPA works.

COPPA is the reason Americans enter their birthdays when signing up for accounts on platforms like Facebook, Instagram, and Twitter. The law includes a prohibition on companies collecting data from users under 13 years of age without parental consent. (Massachusetts Sen. Ed Markey, who was involved in the bill’s negotiations as a member of the House in the 1990s, has said he thought 13 was too young, but political constraints prevented the minimum age from rising.)

As almost anyone who has used the internet knows, kids under 13 routinely lie about their age to gain access to platforms despite tech companies’ surface-level attempts at COPPA compliance. Some 38 percent of 8- to 12-year-olds use social media, according to a 2021 report from Common Sense Media.

COPPA also sets “actual knowledge” as its liability standard. In practice this means that unless the Federal Trade Commission can prove a company had “specific and certain knowledge that unauthorized, underaged individuals were using its platform,” the company will face little accountability, according to Ethics and Public Policy Center analyst Clare Morell and law professor Adam Candeub.

Potential reforms.

Updated regulations on children’s use of the internet are most likely to come from two bills currently winding their way through the legislative process: the Children and Teens’ Online Privacy Protection Act, often referred to as COPPA 2.0, and the Kids’ Online Safety Act (KOSA).

Both bills were voted out of the Senate Commerce Committee last year and came close to being included in the omnibus bill that passed in December. They are expected to be reintroduced this Congress.

COPPA 2.0—introduced last Congress by Markey and Sen. Bill Cassidy, a Republican—would bring the liability standard down from “actual knowledge” to “constructive knowledge.” That means companies could be held accountable for what they reasonably should know—shifting the burden of responsibility away from the 10-year-old signing up for Instagram and back toward the multibillion dollar company behind the platform.

The bill would ban ads targeted at children—something President Biden called for in his State of the Union address—and prohibit companies from collecting data on kids age 13 to 15 without those users’ consent. It would also add a new, more nimble enforcement mechanism to complement the FTC: state attorneys general.

Sens. Marsha Blackburn and Richard Blumenthal introduced KOSA, the second bill, around this time last year. The bill would place a “duty of care” on social media platforms to “prevent and mitigate harms to minors” such as content that “promotes self-harm, suicide, eating disorders, substance abuse, and sexual exploitation.” It would also require companies to opt kids out of more addictive and algorithmic settings by default. Like COPPA 2.0, the FTC and state attorneys general would be given enforcement powers.

Effective age verification.

Another provision of KOSA requires the National Institute of Standards and Technology to conduct a study on technologically feasible methods of age verification.

“The effectiveness of a lot of these changes really hinges on age verification,” EPPC’s Morell told The Dispatch. Although a consensus federal standard for effective age verification does not exist yet, there are a few possibilities.

Louisiana, for instance, has offered its citizens digital driver’s licenses since 2020, and the state’s LA Wallet app had more than 1.5 million users as of October 2022. Under a new state law banning access to online pornography for minors, the digital LA Wallet ID is one form of identification people can present to prove their age. Other states have also introduced digital IDs in recent years, some of which can be put in Apple Wallet.

Chris Griswold, policy director at the think tank American Compass, has proposed an authentication process run by the Social Security Administration, which already has Americans’ birth dates on file.

“It would not constitute an engineering marvel to create a simple public system that allows Americans to use these data to anonymously prove whether they exceed a given age,” Griswold wrote for National Affairs last year. “One possibility would be for the SSA to offer a service through which an American could type his Social Security number into a secure federal website and receive a temporary, anonymized code via email or text, like the dual-authentication methods already in widespread use. Providing this code to an online platform could allow it to confirm instantly with the SSA whether the user exceeds a certain age without further personal data reaching the platform or the government.”

Such a system is still a ways off—but it could be a natural next step if the pair of reform bills eventually are signed into law. Polarized as Congress is today, Morell expects passage—at least through the Senate—to happen this year: “It certainly seems like there’s a lot of energy behind it.”

Price St. Clair is a former reporter for The Dispatch.