Children’s online safety bills clear Senate hurdle despite strong civil liberties pushback

Critics say the bills will make the internet less safe for kids by increasing digital surveillance and reducing access to encrypted services.
Sens. Richard Blumenthal, D-Conn., and Marsha Blackburn, R-Tenn., left, initially introduced the Kids Online Safety Act last year. (Photo by Samuel Corum/Getty Images)

The Senate Commerce Committee on Thursday advanced a pair of children’s privacy and safety bills that have attracted a storm of criticism from civil liberties groups that say the bills will do more harm than good for kids on the internet.

The Children and Teens’ Online Privacy Protection Act, introduced by Sen. Edward Markey, D-Mass., and Bill Cassidy, R-La., would update the 1998 Children’s Online Privacy Act to raise the age of consent for data collection to 16 and build a new Federal Trade Commission division to enforce it. 

The Kids Online Safety Act, introduced by Sens. Richard Blumenthal, D-Conn., and Marsha Blackburn, R-Tenn., would place a duty of care on platforms to prevent promoting to users under 17 content that includes harmful behaviors such as eating disorders and suicide. The bill carves out explicit protection for support services such as suicide help hotlines, schools and educational software. An amendment to the bill approved Thursday would also require companies to be transparent about if they’re filtering content using an algorithm and give users a chance to opt out.

Critics say the bills could make the internet less safe for children by censoring content that could help them and giving parents tools to surveil children in unsafe home environments.


“The bill just assumes what’s good for some kids is good for all kids,” said Aliya Bhatia, policy analyst for the Center for Democracy and Technology’s Free Expression team.

Both the Children and Teens’ Online Privacy Protection Act 2.0 — known as COPPA 2.0 — and the Kids Online Safety Act also passed out of committee last summer but did not receive a floor vote. Neither bill has a companion in the House, which has yet to reintroduce comprehensive privacy legislation that passed out of committee last year.

“Protecting kids online remains a top priority, and comprehensive privacy legislation with one national standard is the best way to start,” a House Energy and Commerce spokesperson told CyberScoop.

While the odds of the bill making it to the president’s desk are slim, they have his support. President Biden backed the legislation during an address on mental health on Tuesday, urging the Senate to “pass it, pass it, pass it, pass it, pass it.” Biden previously called for legislation protecting children online in his State of the Union address.

The bills have garnered the support of a number of children’s safety groups including FairPlay, Design it For Us and Common Sense Media.


“Taken together, KOSA and COPPA will help create the internet all young people deserve — one that respects their privacy and autonomy and allows them to safely learn, play and connect,” Josh Golin, executive director of Fairplay, said in a statement. “We look forward to working with members of both parties and both chambers in the fall to see this critical legislation to the finish line. Children and families simply can’t wait for Congress any longer.”

They have also attracted heavy criticism from civil liberties and privacy advocacy groups that have concerns the laws may facilitate practices that harm children. Specifically, they say changes made to the bill since the last time it passed out of committee never fully addressed their concerns.

Specifically, critics worry that the Kids Online Safety Act has a very broad duty of care on platforms to moderate content that could harm children. That could incentivize platforms to take a “zero-tolerance policy” and potentially moderate non-harmful content in the process, Bhatia explained. She said that part of the problem is that platforms use content moderation tools that have difficulty parsing precise meaning. So, for instance, platforms may take down content that is educational about eating disorders alongside content promoting them.

“The way people speak is so sophisticated and the way these tools work is not,” said Bhatia.

The other primary concern with KOSA is that it could be politicized by state attorneys general, who the bill gives power to enforce the duty of care, leading to the takedown of LGBTQ and reproductive health content in states where that information is already being censored in schools and in other ways. Some supporters of the bill have embraced the potential. For instance, the Heritage Foundation has expressed support for using the bill to limit kids’ access to “sexual and transgender content.”


​​Critics also say that KOSA’s adoption of a broader standard of knowledge, similar to that in the controversial EARN IT Act, also raises concerns about potentially undermining encryption by making companies more liable for knowing that users may use the technology for illicit behaviors.

The pair of bills have also attracted scrutiny for how they may incentivize the use of age verification technologies, which have become the center of civil liberties concerns amidst a nationwide push for social media and adult content companies to verify user ages.

While the Kids Online Safety Act explicitly says age verification is not required, because the bill requires companies to limit services based on age, advocates worry that the bill will encourage companies to adopt age verification processes that could result in even more collection of data for users. For instance, companies may ask for a government ID or use machine learning systems that come with issues of bias and accuracy.

COPPA 2.0, which raises the age of protection of the law to 16, could also lead to companies needing to more proactively verify how old users are. Current COPPA standards apply to websites directed at children, but including teens implicates a new range of services.

“It’s hard to just raise the age of COPPA because it’s hard to think of a website that is directed to teens that isn’t also directed to adults,” said Bailey Sanchez, senior counsel with the Youth & Education Privacy team at the Future of Privacy Forum. “When there is an affirmative duty to apply protections to teens you need to get into the business of sorting out who is a teen and who is an adult.”


NetChoice, a tech industry group opposing KOSA and COPPA 2.0, urged lawmakers to instead pass a federal comprehensive privacy bill and invest more in law enforcement efforts against child abuse and exploitation.

“If passed, KOSA and COPPA 2.0 will create massive privacy and security problems for American families,” NetChoice vice president and general counsel Carl Szabo said in a statement. “Alternatively, NetChoice strongly recommends these meaningful, constitutional solutions that will empower law enforcement to stop child predators and equip Americans of all ages to develop healthy online habits in the Digital Age.”

During the markup, Committee leadership noted that they would continue to work on the legislation and would consider changes before a floor vote.

“I’ve heard some advocates particularly in the LGBT community about continuing concerns of this legislation. We will continue to work with them on this,” Chairwoman Maria Cantwell, D-Wash, said.  “This bill isn’t the last of privacy issues that we will consider in this committee and we hope that when we return in September we will be considering many more other issues related to this as well.”

Ranking member Sen. Ted Cruz, R-Texas, said he would also consider adding a pre-emption clause.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts