The Washington PostDemocracy Dies in Darkness

The Technology 202: The U.K. is taking big steps to protect kids' privacy. Advocates hope the U.S. will be next.

with Tonya Riley

Ctrl + N

The sweeping new protections the United Kingdom just proposed for children online stand in stark contrast to the narrow, decades-old American law protecting minors' digital privacy. 

The new standards unveiled Tuesday by a British data watchdog would require companies ranging from social networks to gaming apps to provide children a built-in baseline of data protection. Platforms such as YouTube, TikTok and Instagram will have to ensure children have the highest privacy settings by default, and targeted advertising and location tracking for children must be turned off by default. 

These proposed rules, known as the Age-Appropriate Design Code, also require companies to consider the “best interests” of children when designing new services, making sure they collecting data in a manner that protects children from exploitation and supports their psychological development. 

“There are laws to protect children in the real world — film ratings, car seats, age restrictions on drinking and smoking,” Elizabeth Denham, the United Kingdom's information commissioner, said in a news release. “We need our laws to protect children in the digital world too.”

She added: “In a generation from now, we will look back and find it astonishing that online services weren’t always designed with children in mind.” 

The rules, which are now awaiting approval from Parliament, are just the latest sign that Europe is a step ahead of the United States on regulating privacy. And some American advocates are hopeful the privacy push across the pond could put pressure on Congress and U.S. regulators to take action. 

They argue the U.S. children's privacy law is overdue for an update: It was written more than 20 years ago, before the advent of smartphones and many of the services that the U.K. regulations address. 

James P. Steyer, the chief executive and founder of the families advocacy nonprofit group Common Sense, told The Technology 202 that he's thrilled to see Britain taking steps to protect children online. 

“Young people should be able to learn, grow and benefit from technology without being subject to harms and this code establishes standards for companies to follow and prioritize children's best interests,” he told me in an email. “Parents, teachers and families everywhere deserve such safeguards, and we hope the U.S. soon follows suit.”

There are signs that the appetite to address children's privacy is growing on this side of the Atlantic. The Federal Trade Commission has been stepping up its efforts to address children's privacy in recent months, hitting YouTube with a record $170 million fine for allegedly violating the children's privacy law. YouTube had to make changes to how it addresses children's content on its service per its settlement with the agency. The agency has also launched a review of the Children’s Online Privacy Protection Act (COPPA) that could result in updates. 

But Congress has been slow to act. Children's digital privacy appeared to be one of the rare issues of bipartisan consensus in Washington last year, but lawmakers have yet to gain serious traction for proposals that would update COPPA, which was written in 1998 and only applies to children under the age of 13.

Edward J. Markey (D-Mass.) and Sen. Josh Hawley (R-Mo.) introduced legislation in March that would update the law to include privacy provisions to protect teens under 16. It would also introduce a “Digital Marketing Bill of Rights for Minors” that would limit the collection of children's personal information, and create a new division at the FTC dedicated to children's privacy. Some lawmakers have said elements of it could be included in a broad federal privacy bill. Reps. Tim Walberg (R-Mich.) and Bobby L. Rush (D-Ill.) introduced similar legislation in the House earlier this month, The Hill reports

However, it's unlikely that any children's privacy policies in the U.S. would be as aggressive as the U.K. code. The new rules are rooted in Europe's broad data privacy law, the General Data Protection Regulation. Like GDPR, companies that fail to comply would face steep fines of up to 4 percent of global revenue. By contrast, the U.S. currently does not have a general federal online privacy law. 

British industry groups and companies have also challenged the rules, warning that it could place a burden on start-ups and give an advantage to large tech companies that have more resources for compliance. 

“The UK has been pioneering in relation to its protection of children on the Internet, particularly its move toward protecting children’s data online, which is very fresh,” Victoria Nash, deputy director of the Oxford Internet Institute and an expert on children’s use of digital services, told The Financial Times. “However, my two concerns are that this wide-ranging regulation tends to increase monopoly power of big tech firms, rather than decrease it. The second is a slight residual concern that it focuses on specific features or tools [like geolocation], which aren’t in themselves always problematic.”

If the code is approved by Parliament, companies would have a 12-month period to update their practices, and it would come into full effect by autumn 2021, the British data regulator predicts. 


BITS: Sen. Ron Wyden (D-Ore.) wants Amazon chief executive Jeff Bezos to provide Congress with details on the hacking of his phone, according to a letter he sent the tech titan yesterday. The missive followed the release of a U.N. report that concluded with medium to high confidence that an account belonging to Saudi Crown Prince Mohammed bin Salman was responsible for the hack, as my Washington Post colleague Marc Fisher reported. (Bezos also owns The Post.)

Wyden's letter requests the IP addresses of any servers contacted by the malware as well as any evidence as to whether the Saudi government used commercially available software for the hack. Wyden says the technical details of the hack could help the United States protect Americans from similar attacks. Some researchers have speculated the tools may have come from the Israeli surveillance company NSO Group because of similarities in their effects, but NSO flatly denied supplying the tools in a statement on its website. 

The United Nations, which launched a probe of Bezos's hacked phone as a part of a larger investigation into the crown prince's actions toward perceived opponents, called for the United States and “other relevant authorities” to investigate the hack.

NIBBLES: Lawmakers are scrutinizing facial recognition start-up Clearview AI after the New York Times's Kashmir Hill revealed the company was scraping the photos of billions of social media users, in some cases in violation of those websites’ terms of service. The company’s technology is used by more than 600 law enforcement agencies, the Times found. 

“Widespread use of your technology could facilitate dangerous behavior and could effectively destroy individuals’ ability to go about their daily lives anonymously,” Sen. Edward J. Markey (D-Mass.) wrote to Clearview AI chief executive Hoan Ton-That yesterday. Markey is demanding the company provide a full list of its law enforcement partners and its policies for protecting data for children under 13 by Feb. 12.

Wyden also expressed concerns:

Ton-That will meet with Wyden in Washington, Keith Chu, Wyden's spokesman, told Kashmir.

Tech companies whose data Clearview collected have also begun investigating.

Twitter sent a letter asking Clearview to stop scraping user data and to delete previously collected data. Facebook told the Times it had no updates to share at this time.

BYTES: TikTok owner ByteDance is seeking a new chief executive in the United States who would oversee the app's growing ad business, Bloomberg News's Kurt Wagner and Sarah Frier report. Lawmakers and regulators are increasingly scrutinizing the company's Chinese ownership, amid heightened concerns over Beijing directing surveillance and censorship. 

Beijing-based chief executive Alex Zhu would continue to oversee product and engineering in China, one person told Bloomberg. TikTok continues to grow its U.S.-based operations. The company now has more than 400 U.S. employees, according to a blog published yesterday. A U.S.-based chief executive may assuage security concerns raised by members of Congress that the app is beholden to the interests of the Chinese government.

The company is currently under investigation by The Committee on Foreign Investment in the United States that reviews acquisitions of U.S. companies by foreign owners. TikTok has repeatedly denied influence by any foreign government, including the Chinese government.


— News from the public sector:

Seattle-Area Election Puts Mobile Voting to a Test (The Wall Street Journal)

U.S. Senate committee tackles shortage of 5G tower climbers (Venture Beat)

Microsoft ordered to turn over records for historic IRS audit (The Hill)


— News from the private sector:

Tech Companies Volunteer to Beef Up Presidential Campaigns’ Cybersecurity (Wall Street Journal)

TripAdvisor Cuts Hundreds of Jobs After Google Competition Bites (Bloomberg)


— News about tech workforce and culture:

Mozilla Wants Young People to Consider ‘Ethical Issues’ Before Taking Jobs in Tech (Vice)

San Francisco Pride members voted to ban Google and YouTube from their parade (Vox)


—  Tech news generating buzz around the Web:

Tinder is working on a panic button for dangerous situations (Engadget)

Millennials Love Zillow Because They’ll Never Own A Home (OneZero)

A Better Body Is Possible. These Anarchist Biohackers Want to Build It (Motherboard)


— Coming Up:

  • The House Energy and Commerce communications and technology subcommittee will hold a hearing on “Empowering and Connecting Communities through Digital Equity and Internet Adoption” on Wednesday at 10:30 a.m.
  • New America’s Open Technology Institute will host an event titled “Privacy’s Best Friend: How Encryption Protects Consumers, Companies, and Governments Worldwide” on Feb. 4 at 12 p.m.
  • U.S. Federal Trade Commissioners Noah Joshua Phillips and Rebecca Kelly Slaughter will address current technology policy issues during a panel conversation hosted by the Technology Policy Institute on Feb. 5 at 10 a.m.
  • Silicon Flatirons will host its “Technology Optimism and Pessimism” conference Feb. 9 and 10 at the University of Colorado Law School in Boulder. Speakers include Federal Communications Commissioner Michael O’Rielly and Federal Trade Commissioner Rohit Chopra.
  • Mobile World Congress takes place Feb. 24 to 27 in Barcelona.




Trump talks about Tesla CEO Elon Musk on CNBC: