Senators Turn Attention to Privacy

July 27, the Senate Commerce, Science and Transportation Committee passed two privacy bills aimed at teens and youth. The Children and Teens’ Online Privacy Protection Act (COPPA 2.0), sponsored by Senators Ed Markey (D-MA) and Bill Cassidy (R-LA), and the Kids Online Safety Act (KOSA) sponsored by Senators Richard Blumenthal (D-CT) and Marsha Blackburn (R-TN). Both passed with broad bipartisan support.

COPPA 2.0, would block social media platforms from collecting information from teenagers without their consent, revamping a decades-old law that only applied to children younger than 13. It would also bar websites from targeting children and teens with advertisements.

KOSA would establish a duty of care for social media websites to protect children from online harassment and content that promotes suicide, substance abuse, eating disorders and sexual exploitation. It would also require platforms to provide safeguards to children and controls to parents to manage their kids’ time spent online.

In comments reported by the Washington Post, Senator Maria Cantwell (D-WA), Chair of the Commerce, Science and Transportation Committee, indicated hope the Committee will consider other “big tech” issues in the Fall, including comprehensive data privacy legislation, a proposal to ban children under the age of 13 from accessing social media and addressing concerns about foreign-linked apps, such as TikTok.

In another example of the bipartisan nature of these issues, Senators Elizabeth Warren (D-MA) and Lindsey Graham (R-SC) introduced legislation to create a new Digital Consumer Protection agency to police “the nation’s biggest tech companies—like Meta, Google and Amazon—to prevent online harm, promote free speech and competition, guard Americans’ privacy and protect national security.” The two argued for their bill in a joint op-ed in The New York Times.

AAF supports the enactment of a comprehensive data privacy and security law and will continue to work with our partners in Privacy for America to urge Congress to pass such a law.

FTC Updates Endorsement Guides

The Federal Trade Commission has updated its Guides Concerning the Use of Endorsements and Testimonials in Advertising. The Commission issued the update to “reflect the ways advertisers now reach consumers to promote products and services, including through social media and reviews.”

In other FTC news, President Joe Biden has nominated Virginia Solicitor General Andrew Ferguson and Utah Solicitor General Melissa Holyoak to replace the two Republican FTC Commissioners who recently left the agency. If confirmed, the two nominees would bring the FTC to its full complement of five Commissioners.

State Privacy Update

Oregon Governor Tina Kotek (D) has signed the Oregon Consumer Privacy Act into law. The new law gives state residents the right to opt out of ad targeting based on their online activity. It also allows residents to learn what personal data about them has been collected, and which third parties received that information. The measure’s definition of personal data is broad enough to cover pseudonymous identifiers (such as cookies) that can be linked to consumers. Other provisions require companies to obtain consumers’ opt-in consent before processing precise location data, biometric data and additional potentially sensitive data, including information about race, ethnicity, religion, health condition or diagnosis, sexual orientation and immigration status. AAF provided comments to lawmakers offering suggestions to improve the measure.

At this writing, Delaware House Bill 154, the Delaware Personal Privacy Act is sitting on the desk of Governor John Carney (D). The Governor’s staff has indicated the measure is being reviewed but could not give a timeline for final action. AAF provided comments on the bill to Delaware lawmakers.

Privacy legislation is being considered in the New Jersey Legislature. As drafted, the bill would require opt-in consent for sales of personally identifiable information and would contain certain notice-at-collection requirements. AAF has written to legislators expressing our objections to the current version of the bill.

The Superior Court of California ruled that California Privacy Protection Agency must delay enforcement of new privacy regulations until March 29, 2024. The agency had pushed for enforcement beginning July 1, 2023, but the court ruled businesses were entitled to a 12-month grace period for compliance.

As a resource for AAF members, our partners at Venable and Privacy for America have created a document outlining the major provisions of each of the newly enacted state laws. These new laws are in addition to already existing privacy requirements in many states and add to the increasing complexity and challenges encountered by businesses and other organizations as they navigate the legal environment, and further underscores the need for a single, national privacy law as supported by the AAF.

DAA Launches New Choice Tool For Consumers

The Digital Advertising Alliance (DAA) launched new beta functionality allowing individuals to opt out of interest-based advertising (IBA) via the submission of of “hashed”—or encrypted—phone numbers. In the past, the DAA’s Token-ID-Based Tool was designed to utilize hashed email addresses to exercise those choices. The newly enhanced tool is live and available for use in the United States and Canada.

“This newest privacy tool reflects the responsible advertising industry’s continued commitment to provide nimble self-regulatory consumer controls in the market as soon as possible,” said DAA CEO Lou Mastria. “This tool helps ensure advertisers have ethical ways to engage with consumers, even as changes occur to identifier technologies and while work continues on passage of a federal privacy law.”

AAF is one of the founding associations of the DAA and sits on its governing Board of Directors.