91制片

This blog is cross posted with permission from PIPC, the team with whom we run the 91制片 Student and Child Privacy Center.

As you may recall鈥搕he Senate passed the in July, incorporating two major student and child privacy bills鈥搕he Kids Online Safety Act (KOSA) and the Children and Teen鈥檚 Online Privacy Protection Act (COPPA 2.0). The House Energy & Commerce Committee passed different versions of KOSA and COPPA 2.0 in September, leaving questions about how these bills would proceed. This weekend, Senator Blackburn released a which reconciles several of these differences鈥揳nd may even be able to pass both chambers of Congress before the end of the year.

We鈥檒l be going through this version of KOSPA鈥搘hich was released as an amendment in the nature of a substitute (AINS)鈥搃n detail over the next few days. So far, we鈥檙e happy to see that Title I (KOSA) includes an exception requiring covered platforms to provide certain safeguards and parental tools directly to the school when the platform is acting on behalf of the school under a contract that complies with COPPA and FERPA. This would alleviate our concerns about parents being able to turn off privacy safeguards schools negotiate with edtech vendors or completely delete student鈥檚 accounts on edtech platforms used in school. However, since the exception is within brackets, it is uncertain whether it will be included in the final KOSPA AINS.

We are also glad to see that Title II (COPPA 2.0) has not changed. As a reminder: . COPPA 2.0 would ensure that schools retain the legal authority to consent to data collection and use on behalf of parents in educational contexts if the technology services are solely for the use and benefit of the school and for no other commercial purpose. School districts have consistently relied on the and the to consent to such technology uses. This long-standing administrative authority has not yet been codified into federal statute, and the FTC鈥檚 efforts to codify this authority in regulations (as proposed by the recent NPRM) are uncertain. COPPA 2.0 would solidify this fundamental administrative and educational function for school districts, safeguarding their ability to effectively incorporate privacy-protective edtech into the classroom.

Here are some other key changes to Title I (KOSA) that we鈥檙e seeing in this version of KOSPA:

• The duty of care to prevent harm to minors has been significantly narrowed, now including a standard 鈥渨here a reasonable and prudent person would agree that such harms were reasonably foreseeable by the covered platform and would agree that the design feature is a contributing factor to such harms鈥� and a more tailored list of harms.
• While the prior version of KOSPA called for the FTC to issue guidance about covered platforms conducting market research on minors, disaggregated by the age ranges of 0-5, 6-9, 10-12, and 13-16, the KOSPA AINS prohibits conducting market or product-focused research on users they know are children and requires verifiable parental consent (as defined under COPPA) before conducting such research on minors.

Notably, several of the constitutional concerns in KOSA may be addressed in this version of KOSPA. According to a , 鈥渃hanges were made to further make clear that KOSA would not censor, limit, or remove any content from the internet, and it does not give the FTC or state AGs the power to bring lawsuits over content or speech, no matter who it is from鈥� and 鈥淭he bill passes First Amendment scrutiny because it is content neutral.鈥� We recommend for a refresher on some of the First Amendment issues at play.

Stay tuned for more information as we keep digging into the KOSPA AINS (including how the bill鈥檚 language about transparency may address other First Amendment concerns raised by recent court cases). We鈥檒l keep you updated on our analysis as it develops.