Skip to main content

AG Nessel, Coalition of 43 States Urge FTC to Strengthen Online Privacy and Safety Protections for Children

LANSING – In a letter to the Federal Trade Commission (FTC), Michigan Attorney General Dana Nessel joined a bipartisan coalition of 43 state attorneys general to urge the federal government to update and strengthen the rules technology companies must follow under the federal Children’s Online Privacy Protection Act (COPPA).

The rules governing online privacy protections for children up to age 13 have not been updated in over a decade. At the same time, the digital world has evolved rapidly — with smartphones, social networks, and connected devices becoming an even greater part of our lives.

Congress enacted COPPA in 1998 for the purpose of giving parents more control over information collected online from their children. The legislation directed the FTC to establish regulations for operators of websites or online services regarding how they collect, use, and share personal information of children under 13 years of age.

The FTC is proposing changes to the COPPA Rule that would place new restrictions on the use and disclosure of children’s personal information and further limit the ability of companies to condition access to services on monetizing children’s data.

Among other things, the attorneys general are urging the FTC to expand the definition of “personal information” to include biometric identifiers such as fingerprints, retina and iris patterns, a DNA sequence, and data derived from voice data, gait data, and facial data, as well as avatars generated from a child’s image and likeness.

The attorneys general also ask the FTC to adopt a comprehensive framework for determining whether services qualify for a proposed parental consent exception and to prohibit operators from abusing the multiple-contact exception in COPPA with engagement-maximizing push notifications.

“I remain committed to doing all we can to protect the online safety and privacy of children,” Nessel said. “We must have more robust rules under the COPPA to ensure that technology companies comply with stringent data protection standards to safeguard the well-being of children. I wholeheartedly join with my colleagues in urging the FTC to take decisive action to enhance COPPA regulations."

By statute, both the FTC and state attorneys general are empowered to enforce COPPA. Since the COPPA Rule became effective, state attorneys general, on their own and in partnership with the FTC, have pursued multiple actions for violations of the COPPA Rule.

Late last year, state attorneys general sued Meta, the parent company of Facebook and Instagram, for violations of state consumer protection laws and COPPA. The complaint alleges Meta knowingly designed and deployed harmful features on Instagram and its other social media platforms that purposefully addict children and teens. All the while, Meta falsely assured the public that these features are safe and suitable for young users. The case is ongoing.

Led by the attorneys general of Oregon, Illinois, Mississippi, and Tennessee, with assistance from Colorado, Connecticut, Massachusetts, New Jersey, and North Carolina, the comment letter to the FTC regarding amendments to COPPA was joined by the attorneys general of Alabama, Alaska, Arizona, Arkansas, California, Delaware, the District of Columbia, Florida, Georgia, Hawaii, Indiana, Kentucky, Maine, Maryland, Minnesota, Nebraska, Nevada, New Hampshire, New Mexico, New York, Ohio, Oklahoma, Pennsylvania, Puerto Rico, Rhode Island, South Carolina, South Dakota, U.S. Virgin Islands, Utah, Vermont, Virginia, Washington, and Wisconsin.


Media Contact: