Consumer Electronics Daily was a Warren News publication.
‘This Deluge’

43 AGs Endorse FTC’s Proposed Restrictions on Kids’ Push Notifications

Social media companies should obtain parental consent before sending children push notifications that keep them on platforms, a bipartisan group of 43 state attorneys general told the FTC in comments due Monday (see 2312280030). Some tech and telecom groups warned that the FTC's push-notification proposal is likely to be unconstitutional and outside its statutory authority.

AGs in Colorado, California, New York, Mississippi, Alabama, Florida, South Carolina and Utah signed the letter to the FTC. They cited a Common Sense Media study showing teens receive a daily average of 237 notifications. “This deluge threatens to disrupt children’s sleep, distract from their education, and detract from family activities and personal hobbies,” they wrote. “Operators should not be permitted to promote further engagement with their platforms via push notifications absent prior parental consent.”

The FTC solicited public comment on proposed changes to rules under the Children’s Online Privacy Protection Act (COPPA). It issued draft language limiting how companies monetize social media data, banning them from endlessly collecting information and limiting tactics encouraging children's internet and social media use.

The FTC is proposing banning companies from using children’s “persistent identifiers,” or unique online profiling data, to maximize their engagement without “verifiable parental consent.” The agency said this will ensure parents are fully aware of the nudging tactics companies use to entice children to remain on their sites. In addition, the FTC seeks to ban companies from using machine learning techniques to maximize child engagement.

This attempt to regulate children’s engagement through the COPPA rule “goes beyond its statutory authority and is the type of value judgment that is appropriately reserved for Congress,” Google commented. Lawmakers passed COPPA with the goal of enhancing parental involvement to better protect child privacy and shield kids from online harm when interacting with other users, Google said. The company noted FTC Commissioner Alvaro Bedoya in his statement on the NPRM said Congress, when passing COPPA, was most concerned about harms “caused by intrusive data collection or disclosures that could result in physical harm to children.” Yet none of COPPA’s objectives or the harms it addressed has “anything to do with children’s engagement with online content,” Google argued.

NCTA and the Computer & Communications Industry Association filed comments against the agency’s attempt to limit user-engagement tactics. The proposed language is “vague, unenforceable” and outside the scope of COPPA, whose aim is protecting "the privacy of children online,” NCTA commented. Similar efforts at the state level to regulate nudge techniques, dark patterns and addictive tendencies are “actively being challenged on constitutional grounds as impermissible restrictions on speech,” NCTA said. “Restricting children’s screen time or other user engagement functionality is better governed by operators’ parental control offerings.”

In addition, the proposed changes could block companies from providing “timely and helpful notifications” about location tracking and push notifications for promoting educational activity, CCIA commented: “Preventing businesses from improving transparency or parental controls through vague restrictions would result in a worse online environment for children and families.” Similarly, the Center for Democracy & Technology said the FTC should consider excluding beneficial push notifications from its proposed ban, such as filters for directing educational content and features that ensure children communicate only with users they already know.

Meanwhile, consumer advocates argued in favor of push-notification restrictions. Limiting notifications for in-app and commercial purposes is “consistent with the original statutory intent of COPPA,” Common Sense Media commented. The original statute included language blocking marketers from contacting children without parental knowledge or consent, it added. The proposal would also bring the U.S. in line with U.K. legislation, which bans nudging techniques like push notifications based on a child’s personal information for any reason, Common Sense said.

Some degree of personalization based on user data is acceptable, but sometimes personalization “goes too far” and serves only corporate interests, said Consumer Reports. Apps and operators should be able to collect data to do things like “save a child’s progress in a game, preserve user privacy settings, or remember a character’s skin or costume,” said CR. But the agency should target companies’ nudging tactics that are solely designed to maximize user engagement, said CR.

The American Civil Liberties Union questioned FTC's authority to restrict push notifications. The ACLU suggested it might be more prudent for the agency to increase enforcement under the existing statute than amend push-notification rules. It’s possible there are many instances where push notifications don’t adhere to COPPA’s statutory requirements, the ACLU said.