- States Further Attempt to Protect Minors' Privacy Online
- April 15, 2014 | Authors: Kenneth R. Florin; Nerissa Coyle McGinn; James D. Taylor
- Law Firms: Loeb & Loeb LLP - New York Office ; Loeb & Loeb LLP - Chicago Office ; Loeb & Loeb LLP - New York Office
Following the adoption of a California law protecting minors under the age of 18 online, Delaware has now introduced House Bill 261, which would add a new section called the Child Online Protection Act to Title 6 of the Delaware Code. The California bill, which was enacted in September 2013 and takes effect January 1, 2015, was one of the first bills to extend online privacy protections to minors 13 or older, which is the age group not protected by the Children's Online Privacy Protection Act (COPPA), the federal law protecting children's online privacy.
The Delaware bill has three parts. First, it allows a child (defined as anyone under the age of 18) who is a registered user of a website, online service or mobile app that is directed to children, or that has actual knowledge that a child is using its site or service, to remove, or request the removal of, information the registered user posted on the website, online service or mobile app. Such service must notify users of this right and explain how users may remove content. Content is defined as "information of any kind" including "text, images, audio, video or other information."
The site or service must also provide notice that this removal process does not ensure complete or comprehensive removal of the content posted on the site or service. There are some exceptions from providing this removal right, such as when federal or state law requires the operator to maintain the content; when a person other than a registered user posted the content; and when the operator anonymizes content posted by a registered user so that the user cannot be individually identified. This part of the bill applies to registered users who reside in Delaware at the time of registration and at the time the user removes, or requests the removal of, content.
The second part of the bill limits in the following ways how websites, online services and mobile apps can advertise to children:
(a) An operator of a website, online service or mobile app directed to children may not market or advertise certain products or services on its website, online service or mobile app.
(b) An operator of a website, online service or mobile app who has actual knowledge that a child is using its site or service may not market or advertise certain products or services to a child, if the marketing or advertising is specifically directed to the child based upon the child's personally identifiable information.
(c) An operator of a website, online service or mobile app directed to children or an operator of a website, online service or mobile app that has actual knowledge that a child is using its site or service may not knowingly use, disclose or compile, or allow another to use, disclose or compile, the personally identifiable information of a child when the operator has actual knowledge that the use, disclosure or compilation is for the purpose of marketing or advertising certain products or services to that child.
The types of products and services that are subject to this section include alcohol, tobacco, tobacco alternatives, lotteries, firearms, fireworks, tattoos and piercing, tanning salons, and pornography.
The third part of the bill applies to operators of websites, online services and mobile apps that are directed to children, and operators that have actual knowledge that a child is using their site or service, when such sites and services collect personally identifiable information from children under 18. Operators of such sites and services must establish an age verification system "that can be reasonably expected to identify the age of the child who is a prospective or registered user."
The FTC and the California Attorney General recently indicated their support for these types of state laws that protect the privacy rights of teenagers by filing an amicus brief in a recent litigation. Neither the FTC nor the California Attorney General specifically commented on the litigation. However, they both clarified in their briefs that COPPA does not preempt state laws that protect the privacy rights of teenagers - a group which is not covered by COPPA. While the amicus briefs did not directly comment on either the California law or the Delaware bill, this interpretation of COPPA's preemption clause paves the way not only for the enforcement of these types of laws but also the further adoption of such laws by other states.