Nearly 20 House bills seeking to address the harm social media poses to children and teens were discussed during a hearing held by the chamber’s Commerce, Manufacturing and Trade subcommittee on Tuesday.
Legislators and witnesses stressed the urgent need for Congress to solve this issue, calling attention to various pieces of legislation on updated federal protections for children and teens online that have been pending for years.
One of these more prominent bills is COPPA 2.0, an update to the Children’s Online Privacy Protection Act of 1998. As introduced in the House in late November, the bill would prohibit companies from collecting personal information from users who are 16 years or younger and ban targeted advertising to children and teens. COPPA 2.0 would also create data minimization rules that would prohibit excessive collection of minors’ personal data.
Other related House legislation includes the Kids Online Safety Act, or KOSA. CMT Subcommittee Chair Gus Bilirakis, R-Florida, introduced that legislation, adding during his opening statement Tuesday that “this bill has teeth.”
KOSA would prohibit “children from being exposed to or targeted with ads for illegal or inappropriate content like drugs and alcohol,” said Bilirakis. “It takes on addictive design features that keep kids hooked and harm their mental health. And most importantly, it holds Big Tech accountable with mandatory audits and strong enforcement by the FTC and state attorneys general.”
Versions of both COPPA 2.0 and KOSA were approved by the full Senate in 2024. A focal point of debate during Tuesday’s hearing was over the key difference in the House versions, which is that both bills include preemption clauses that could void state policies that have potentially even stronger children’s data privacy protections than federal mandates.
Several lawmakers and witnesses also acknowledged that multiple parents in attendance at the hearing had children who died as a result of using social media.
Some parents whose children died as a result of social media expressed disappointment following Tuesday’s hearing.
Joann Bogard said in a Tuesday statement on behalf of members of ParentsSOS, a coalition of 20 survivor families impacted by online harms, that Tuesday’s hearing “needlessly delayed the House from advancing the wildly popular Senate version of the Kids Online Safety Act, which gives parents the tools they need to keep their children safe.”
Bogard’s son, Mason, died at the age of 15 from accidental asphyxiation in 2019 after participating in a viral social media “choking challenge.”
“We strongly urge the Committee to adopt and advance the Senate version of KOSA that retains the duty of care provision and allows state laws to provide an additional layer of protection,” Bogard said.
Rep. Kathy Castor, D-Florida, said during the hearing that House Republicans are offering “weak, ineffectual versions” of COPPA 2.0 and KOSA. She added that the latest proposals are a “gift” to big tech companies and a “slap in the face” to parents, experts, advocates and bipartisan legislative efforts that have worked for a long time on requiring strong child online protections.
“For example, we should not put a ceiling on kids' protections at the state level, or stifle the good work of the states, or weaken knowledge standards that are critical to holding tech companies accountable,” Castor said.
Enforcement concerns
While witnesses and members of Congress agreed that urgent solutions are needed at the federal level to mitigate the ongoing risks social media poses for children and teens, there was some pause over the way these House bills would be enforced.
Some expressed concern that if the Federal Trade Commission, as it stands, were to enforce the House version of COPPA 2.0, the law would not be enforced fairly. In March, President Donald Trump fired the FTC’s two Democratic commissioners — a move that is being challenged in the courts by one of the fired commissioners, Rebecca Slaughter. The U.S. Supreme Court is set to hear oral arguments on Dec. 8.
Some House Democrats also called for Slaughter's reinstatement during Tuesday’s hearing.
Kate Ruane, director of the free expression project at the Center for Democracy & Technology, told lawmakers that the politicization of an independent federal agency like the FTC could be weaponized when it comes to the enforcement of new children’s data privacy bills.
That could mean either favorable treatment and a lack of enforcement of the laws for tech companies or, on the flip side, use of the laws to target those the administration disagrees with, she said.
Legislators also debated both the need to require age verification and appropriate parental consent for children and teens for the use of certain apps and social media platforms — as well as the challenges of such a process.
House Energy and Commerce Committee Chairman Brett Guthrie, R-Ky., agreed that both age verification tools and parental consent should be required, and that once a user’s age is known, privacy protections under COPPA 2.0 can be easily enforced.
Paul Lekas, executive vice president for global public policy and government affairs at the Software Information Industry Association, said during testimony that a mandate for age verification would require collecting sensitive data, including government IDs, from users of all ages — not just children.
“We should instead incentivize age estimation and parental controls, which protect youth without creating high-value data repositories for cyber criminals,” Lekas said.
Poor data privacy protections can have sweeping impacts on schools, which often partner with a variety of ed tech companies that store sensitive student information.
The slew of legislative proposals to protect children’s and teens’ data comes at a time when ed tech companies like PowerSchool and Illuminate Education have been hit by high-profile data breaches in recent years that exposed millions of students’ personal information.
Earlier this week, the FTC announced that Illuminate reached a settlement with the commission that would require the ed tech company to implement a data security program after the FTC alleged Illuminate failed to protect student data.
