Policy

Who needs Congress? The FTC is already taking on teen privacy.

Senators are due to hear from companies like TikTok and YouTube on Tuesday, but the FTC has already made moves that could radically change how the social media sites think about the privacy of kids and teens.

FTC building exterior

The FTC has already expressed an interest in protecting teens.

Photo: bpperry/Getty Images

Congress is still feeling out the best approaches to making rules for young social media users, but the FTC is already moving forward with plans that could make the internet safer for children and teenagers.

On Tuesday, the same senators who heard from Facebook whistleblower Frances Haugen about mental health concerns for teens on Instagram will follow up by hearing from Snapchat, YouTube and TikTok about similar worries on their platforms.

The hearing, however, comes more than a month after the FTC declared it was making investigations of issues relating to teens a priority for the next 10 years.

It was a quiet announcement — just one of more than a dozen new priority areas where the commission has said it would expedite its ability to compel information from companies. Yet as Congress dithers, the announcement highlights the ways an ambitious and tech-skeptical FTC is trying to respond to changing assumptions about kids and teens online and the policies that social media services built themselves around.

"There are a lot of levers that the FTC can pull," said Phyllis Marcus, now a partner at Hunton Andrews Kurth who as an FTC staffer oversaw the commission's last rewrite of its regulations on online privacy for kids under 13.

For years, the rules Marcus worked on were essentially the last word in the privacy of young Americans online. Congress passed the Children's Online Privacy Protection Act in 1998, which enabled the FTC to write rules requiring sites directed to children under 13 to obtain parental consent to collect kids' information. The latest amendments to the rule were adopted in 2013.

The rules are more or less why the major social media services say they don't allow users 12 and under to sign up or use their platforms. For users 13 and up, data collection, whether for ad-targeting or for-profit edtech, is fair game — though the sites are well aware they have plenty of underage users, and YouTube and TikTok both paid fines over alleged COPPA violations in 2019.

Now, however, new information, such as Haugen's data about Instagram's effects on teenage girls, is leading lawmakers to wonder about how better to protect teens online.

"There may have been a viewpoint in some areas that teens were more like adults and kids were kids," Marcus said. "I think that notion is changing."

The FTC is mulling a full-scale regulation to govern online privacy, although the move would likely generate significant blowback and getting the votes to launch the rulemaking will probably require bringing on board a third Democratic commissioner, who is still awaiting Senate confirmation. Additionally, the FTC is still processing answers to questions it sent in 2020 to Facebook, Snap, TikTok, YouTube, Twitter, Discord and other companies about their data practices, including with regard to children and teens.

Any new rules the FTC adopts under the auspices of COPPA must, by law, focus on children 12 and under. That means the answers the agency receives from the companies could suggest ways that the commission could expand what information the rule covers and how it treats the responsibilities of platforms versus those of creators with regard to children who do use Big Tech services. The FTC could also weigh in on how the regulations should treat technologies that have emerged since 2013.

In 2019, for instance, the FTC asked for comments on how its children's online privacy regulations should approach "interactive gaming, or other similar interactive media" as well as the role of creators. The latter question is particularly important because, as part of YouTube's response to its record settlement, channel owners bear the brunt of flagging their content as being primarily for children within the FTC's definitions. The responsibility — and the resulting loss of data that feeds ad revenue — falls to creators despite the platform's unique access to information on users and armies of lawyers.

Results from the FTC's survey about data practices could also inform any future commission actions and guidance on privacy for teens, although any such rules would not fall under COPPA as it currently stands.

In addition, some children's privacy advocates in Congress are trying to push companies into putting into place in the U.S. protections they already use for teens in a handful of nations with stronger regulation — with consequences from the FTC if the companies fall short.

Since September, companies operating in the U.K. have had to comply with the country's 15-point "Age Appropriate Design Code," which urges the strictest privacy protections for the youngest children, with progressively looser guardrails suggested up to age 17. Three Democratic lawmakers led by Sen. Ed Markey, who as a member of the House was key to the passage of COPPA, have urged companies to offer the protections to kids and teens in the U.S. Some social media sites have even announced they'll bring certain changes they made in response to the UK's rules to the U.S.

In response to the companies' voluntary commitments in the U.S., the lawmakers wrote to FTC chair Lina Khan earlier in October and urged the commission "to use all its authority to ensure that these powerful companies comply with their new policies, to hold them accountable if they fail to do so, and to prioritize the protection of children's and teen's privacy."

The three Democrats cited in particular the FTC's authority to punish companies that violate their public promises — a power that, thanks to the ubiquity of privacy policies but dearth of privacy laws, has made the commission the de facto federal privacy regulator for the U.S. Any potential new probes, meanwhile, would get fast-tracked from the policy the FTC announced of prioritizing matters relating to kids and teens.

The lawmakers, who also included Reps. Kathy Castor and Lori Trahan, seemed to acknowledge that Congress itself has fallen behind public concerns, but in the meantime, the FTC already has power to fill some gaps.

"These policy changes are no substitute for congressional action on children's privacy," the three lawmakers wrote, "but they are important steps towards making the internet safer for young users."

Entertainment

Niantic is building an AR map of the world

The company’s Visual Positioning System will help developers build location-based AR games and experiences; a new social app aims to help with AR content discovery.

VPS will allow developers to build location-based AR experiences for tens of thousands of public spaces.

Image: Niantic

Pokémon Go maker Niantic has quietly been building a 3D AR map of the world. Now, the company is getting ready to share the fruits of its labor with third-party developers: Niantic announced the launch of its Lightship Visual Positioning System at its developer summit in San Francisco on Tuesday. VPS will allow developers to build location-based AR experiences for tens of thousands of public spaces, Niantic said.

Niantic also announced a new service called Campfire that adds a social discovery layer to AR, starting with Niantic’s own games. Both announcements show that Niantic wants to be much more than a game developer with just one or two hit apps (and a couple of flops). Instead, it aims to play a key role in the future of AR — and it’s relying on millions of Ingress and Pokémon Go players to help build that future.

Keep Reading Show less
Janko Roettgers

Janko Roettgers (@jank0) is a senior reporter at Protocol, reporting on the shifting power dynamics between tech, media, and entertainment, including the impact of new technologies. Previously, Janko was Variety's first-ever technology writer in San Francisco, where he covered big tech and emerging technologies. He has reported for Gigaom, Frankfurter Rundschau, Berliner Zeitung, and ORF, among others. He has written three books on consumer cord-cutting and online music and co-edited an anthology on internet subcultures. He lives with his family in Oakland.

Sponsored Content

Why the digital transformation of industries is creating a more sustainable future

Qualcomm’s chief sustainability officer Angela Baker on how companies can view going “digital” as a way not only toward growth, as laid out in a recent report, but also toward establishing and meeting environmental, social and governance goals.

Three letters dominate business practice at present: ESG, or environmental, social and governance goals. The number of mentions of the environment in financial earnings has doubled in the last five years, according to GlobalData: 600,000 companies mentioned the term in their annual or quarterly results last year.

But meeting those ESG goals can be a challenge — one that businesses can’t and shouldn’t take lightly. Ahead of an exclusive fireside chat at Davos, Angela Baker, chief sustainability officer at Qualcomm, sat down with Protocol to speak about how best to achieve those targets and how Qualcomm thinks about its own sustainability strategy, net zero commitment, other ESG targets and more.

Keep Reading Show less
Chris Stokel-Walker

Chris Stokel-Walker is a freelance technology and culture journalist and author of "YouTubers: How YouTube Shook Up TV and Created a New Generation of Stars." His work has been published in The New York Times, The Guardian and Wired.

Workplace

Why it's time to give all your employees executive coaching

In an effort to boost retention and engagement, companies are rolling out access to executive coaching to all of their employees.

Coaching is among personalized and exclusive benefits employers chose to offer their workforce during the pandemic.

Image: Christopher T. Fong/Protocol

Executive coaching has long been a quiet force behind leaders in the tech industry, but that premium benefit, often only offered to the top executives, is changing. A new wave of executive coaching services are hitting the market aimed at workers who would have traditionally been excluded from access.

Tech companies know that in order to stay competitive in today’s still-hot job market, it pays to offer more personalized and exclusive benefits. Chief People Officer Annette Reavis says Envoy, a workplace tech company, offers all employees access to a broad range of opportunities. “We offer everyone an L&D credit that they can spend on outside learning, whether it's executive coaching or learning a new coding language. We do this so that people can have access to and learn skills specific to their job.”

Keep Reading Show less
Amber Burton

Amber Burton (@amberbburton) is a reporter at Protocol. Previously, she covered personal finance and diversity in business at The Wall Street Journal. She earned an M.S. in Strategic Communications from Columbia University and B.A. in English and Journalism from Wake Forest University. She lives in North Carolina.

Enterprise

Microsoft thinks Windows developers are ready for virtual workstations

The new Microsoft Dev Box service, coupled with Azure Deployment Environments, lets developers go from code to the cloud faster than ever.

Microsoft hopes a new cloud service will address one of developers' biggest challenges.

Photo: Grant Hindsley/Bloomberg via Getty Images

Microsoft hopes a new cloud service will address one of the biggest challenges that developers have raised with the technology giant over the last several years: managing developer workstations.

Microsoft Dev Box, now in private preview, creates virtual developer workstations running its Windows operating system in the cloud, allowing development teams to standardize how those fundamental tools are initialized, set up and managed.

Keep Reading Show less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Enterprise

Okta CEO: 'We should have done a better job' with the Lapsus$ breach

In an interview with Protocol, Okta CEO Todd McKinnon said the cybersecurity firm could’ve done a lot of things better after the Lapsus$ breach of a third-party support provider earlier this year.

From talking to hundreds of customers, “I've had a good sense of the sentiment and the frustrations,” McKinnon said.

Photo: David Paul Morris via Getty Images

Okta co-founder and CEO Todd McKinnon agrees with you: Disclosing a breach that impacts customer data should not take months.

“If that happens in January, customers can't be finding out about it in March,” McKinnon said in an interview with Protocol.

Keep Reading Show less
Kyle Alspach

Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at kalspach@procotol.com.

Latest Stories
Bulletins