New Bill Expands Online Privacy for 13-16 Year Olds, Curbs Targeted Ads

Alright, let's talk about something that hits close to home for anyone with kids, or anyone who just uses the internet, which is pretty much all of us. There's a new bill on the block, the Children and Teens Online Privacy Protection Act, and it's looking to beef up online privacy for a demographic that's often overlooked: teenagers aged 13 to 16.

What's Changing for Your Digital Footprint?

This bill isn't just a tweak; it's an expansion of the existing Children's Online Privacy Protection Act (COPPA). Basically, it's extending the same kind of privacy shield that kids under 13 currently have to those in their early to mid-teens. Think of it like this: if your 10-year-old's data was somewhat protected, now your 14-year-old's data is getting similar treatment. This means operators of websites, online services, and apps – yes, even your favorite social media platforms or gaming apps – will have new rules to play by when it comes to collecting info from this age group.

Now, what kind of 'info' are we talking about? The bill broadens the definition of "personal information" to catch up with how tech works today. This isn't just about names and email addresses anymore. We're talking biometric data like fingerprints or facial scans, precise location data (think GPS coordinates that can pinpoint you to a street), and those persistent identifiers like IP addresses that track you across different sites. So, if your teen is using an app that asks for their location, or logs in with a fingerprint, this bill aims to put some guardrails around that data. The only exception? If an app records your voice just to turn it into text and then immediately deletes the audio, that's generally okay.

Saying Goodbye to Targeted Ads for Teens

One of the biggest shifts here is a direct hit on "individual-specific advertising to children or teens." In plain English, that's those ads that follow you around the internet, tailored specifically to your browsing habits or profile. This bill makes it unlawful for operators to collect, use, or disclose personal information for these types of targeted ads for kids and teens. There are some carve-outs – like ads based on what you're currently looking at on a website, or ads that respond to a direct request – but the general idea is to dial back the personalized ad machine for this younger demographic. For parents, this could mean fewer "I saw an ad for this! Can I have it?" moments from their teens.

Operators are also on the hook for making sure they don't collect personal information unless it's absolutely necessary for the service they're providing, or legally required. And get this: they can't store or transfer your teen's personal information outside the U.S. without giving a direct heads-up to the teen (or parent, for younger kids). Plus, they can't hang onto that data longer than they reasonably need it. For a small business owner running an online store, this means a closer look at data retention policies and where that data lives.

New Rights for Teens and Their Parents

This bill hands more power to parents and teens when it comes to their data. If you're a parent, you can now ask an operator for a description of what information they've collected from your child, how they got it, and why they're using it. You can also ask them to delete it, stop using it, or correct any inaccuracies. For teens aged 13-16, they get these same rights directly. So, if your teen wants to scrub their old embarrassing posts or just wants to know what an app knows about them, this bill gives them a clearer path to do it.

What if a parent or teen asks for data to be deleted? The operator generally can't just cut off service unless that information is absolutely essential to provide it. However, if a parent or teen refuses further use of their data, an operator can terminate the service. It's a bit of a balancing act: you get control over your data, but that might come with limitations on what services you can use.

Special Rules for Schools and Some Gray Areas

The bill also carves out specific rules for educational settings. If a school or educational agency has a written agreement with an online service provider, that provider can collect personal information from students without needing individual parental consent. But, and this is a big but, the data can only be used for educational purposes, and the school has to notify parents and teens about these agreements. This is a practical recognition that online tools are a part of modern education, but it also means schools need to be diligent in their agreements to protect student data.

Now, for a couple of things that might raise an eyebrow. The bill talks about operators having "knowledge fairly implied from objective circumstances" that a user is a child or teen. This is a bit vague. How exactly does an operator know this without directly asking for age, which itself collects personal info? The Federal Trade Commission (FTC) is supposed to issue guidance on this, but until then, it leaves some room for interpretation. Also, the definition of "individual-specific advertising" has some exclusions, like "contextual advertising" or "household advertising." This means some forms of advertising might still slip through the cracks, potentially allowing companies to target households where teens live, even if not directly targeting the teen themselves.

What's Next?

Beyond the immediate changes, the bill also tasks the FTC with a few important jobs. They'll be studying how platforms oversee apps directed at children and teens, and they'll be reporting annually on their enforcement actions, investigations, and complaints related to online privacy for minors. This means more accountability for the tech giants. Plus, the Comptroller General is going to conduct a study on how financial tech products impact teen privacy and mental health, which is a smart move given how many young people are now using apps for banking, investing, or payment services.

Ultimately, this bill is a significant step towards bringing online privacy laws into the 21st century for a crucial age group. It recognizes that teens are navigating a complex digital world and deserve robust protections, even if some of the specifics will need careful implementation and oversight to truly hit the mark.