Data Privacy Nightmare of Social Media Age-Verification Legislation
While States are Being Sued for Social Media Legislation Requiring Age Verification, New York Plans to Contribute to This Invasion of Family Privacy
Attorney General Leticia James has encouraged the passing of two bills intended to address parents’ concerns about social media’s addictiveness, and the risks all online platforms pose to kids’ data privacy. But like similar legislation, in mostly Red States such as Utah and Arkansas, attempts to address the harms posed by social media on minors, requires proving, well, age. And no matter how those invested in the passage of these bills contort themselves around the issue, the fact remains: there is no way to enforce age-specific legislation without putting children’s’ privacy at further risk.
Specific to New York, the Stop Addictive Feeds Exploitation (SAFE) for Kids Act prohibits kids under 18 being targeted by “addictive feeds” unless parents consent. It also bans social media apps from sending notifications to kids’ phones between 12 a.m. and 6 a.m. (also without parental consent). The attorney general can seek $5,000 in damages from the companies for each violation. And the second act, the Child Data Protection Act, prohibits tech companies from collecting personal data of children under the age of 12 without parental consent and that of kids under 18 without informed consent.
What these and similar bills miss is that the incentive structure within the technology industry has shifted. Because for much of the time that we’ve been happily digging into these platforms, Big Tech has made money from advertising. But now that an entire industry has pivoted toward developing artificial intelligence innovation, data has become the valuable “natural resource” required to train new tools. And make no mistake, age verification is an opportunity for a new industry keen to “solve the problem.”
Trying to put parameters on how this newly acquired data is used may also prove fruitless, with language such as “research” and “product improvement purposes” built into privacy policies. The recent settlement with the College Board only scratches the surface in highlighting how the public sector can’t keep up as it is with loopholes exploited by the private sector. In the case of The College Board, the organization maintained that the laws did not apply to their company as they weren’t a “third-party partner.” So it’s not a stretch to expect that legislation focused on websites “primarily targeted to minors” could be creatively approached as to argue that minors were not their intended audience.
As these bills have barrelled along, concerns expressed by privacy advocates have gone unheeded. And the lawsuits are showing how vulnerable the bills are to legal scrutiny. In fact, the Foundation for Individual Rights and Expression (FIRE) has sued Utah officials over their social media age-verification legislation. And organizations that have fought for years for privacy, such as the Electronic Frontier Foundation, say plainly: “Age verification systems are surveillance systems.”
Compounding it all, according to New York state Comptroller Thomas DiNapoli, New York ranks third in the country for security breaches. So you can forgive families for being worried that any additional data collection would not be safe no matter what promises are made from our government.
So what should be done differently? First do no harm: don't pass legislation that encourages companies to collect even more data. Then, start to restrict the type and amount of data that can be collected. Establish more restrictions on what is collected. As our children spend most of their days tethered to platforms even in schools, we need more controls on what is collected including in governmental organizations - not just how it is used.