A Legislative Push for Privacy: Examining New Laws on Children’s Data and Generative AI

The digital landscape is constantly evolving, and with it, the need for robust legal frameworks to protect user privacy and ensure transparency. Recently, the United States has seen a wave of legislative activity aimed at addressing these concerns, particularly for children and with regards to the burgeoning field of generative AI. This article dives into two federal bills introduced to the House of Representatives and two state-level laws passed in Maryland, exploring their potential impact on online privacy and responsible AI development.

Federal Level: Protecting Children Online

• Children and Teens’ Online Privacy Protection Act (COPPA): This existing act, passed in 1998, has been a cornerstone of online child privacy protection in the US. COPPA regulates the online collection of personal information from children under 13. It requires websites and online services to obtain verifiable parental consent before collecting, using, or disclosing a child’s personal data. These protections are crucial in an age where children are increasingly active online, engaging in social media, gaming platforms, and various educational resources.

However, the digital landscape has undergone significant changes since COPPA’s inception. The rise of social media platforms, mobile apps, and connected devices has introduced new avenues for data collection and potential privacy violations. The proposed revisions to COPPA aim to address these evolving realities. While the specifics of the potential amendments are not yet fully available, some anticipated changes could include:

Expanding the Definition of “Personal Information”: The current definition might not encompass the wide range of data collected online today, including location data, browsing history, and biometric information. Expanding the definition could provide broader protection for children’s online activity.

Strengthening Verification Requirements for Parental Consent: With the rise of social media accounts managed by children, verifying parental consent for data collection could become more complex. Potential changes could involve stricter verification processes to ensure parents are genuinely granting consent.

Increasing Enforcement Mechanisms: The Federal Trade Commission (FTC) is responsible for enforcing COPPA. Strengthening enforcement mechanisms could lead to stricter penalties for violations, deterring companies from engaging in exploitative data collection practices.

Generative AI Right Disclosure Act: Transparency in the Age of AI

The introduction of the Generative AI Right Disclosure Act marks a bold step towards transparency in the use of artificial intelligence (AI). Generative AI refers to algorithms capable of creating entirely new content, such as text, images, or even code. This technology holds immense potential for various applications, from creating marketing materials to generating realistic simulations.

However, the widespread use of generative AI raises concerns about transparency. Users might unknowingly interact with AI-generated content, potentially leading to misinformation or manipulation. The Generative AI Right Disclosure Act proposes that users have the right to know when they are interacting with content created by AI, not a human. This right to disclosure would promote transparency and empower users to make informed decisions about their online interactions.

The specifics of this act, such as the definition of “generative AI content” and the mechanisms for enforcing disclosure, are still under discussion. Nonetheless, the introduction of this bill highlights a growing recognition of the need for ethical considerations when developing and deploying AI technologies.

Maryland Takes Action: Online Privacy and Child Protection

The state of Maryland has also taken significant strides in addressing online privacy concerns. The Maryland legislature recently passed two noteworthy laws:

• Online Data Privacy Act: This act represents Maryland’s attempt to establish comprehensive data privacy rights for its residents. While details are still emerging, the act might follow the footsteps of the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Protection Act (VCDPA). These state-level laws grant individuals the right to access, correct, and delete their personal data held by companies.

The Maryland Online Data Privacy Act could have a significant impact on businesses operating within the state. Companies will need to ensure compliance with the act’s provisions, including procedures for responding to data access and deletion requests from Maryland residents.

• Maryland Kids Code: Similar to COPPA at the federal level, the Maryland Kids Code focuses on protecting children’s online data privacy within the state’s boundaries. This act could mirror COPPA’s requirements regarding parental consent for data collection and restrictions on the use and disclosure of children’s personal information.

The Maryland Kids Code complements the federal COPPA by potentially offering additional protections specific to the state. Businesses operating in Maryland should be aware of both the Maryland Kids Code and any potential revisions to COPPA to ensure compliance with all applicable child privacy laws.

Looking Ahead: The Road to Implementation and Impact

The proposed revisions to COPPA and the introduction of the Generative AI Right Disclosure Act signal a growing awareness of the need for legislative frameworks to address online privacy concerns in the ever-evolving digital world.

Challenges and Considerations

While these legislative efforts represent a positive step forward, several challenges remain:

• Balancing Innovation and Protection: Stringent privacy regulations could potentially stifle innovation in the tech sector. Finding the right balance between protecting user privacy and encouraging responsible technological advancements is crucial.

• Enforcement Mechanisms: Effective enforcement of these laws is essential for ensuring their success. The FTC and state regulatory bodies need to have the resources and capabilities to investigate violations and hold companies accountable.

• Global Landscape: The digital world transcends geographical boundaries. International cooperation on data privacy standards will be necessary to ensure comprehensive protection for users across the globe.

The Road to Implementation

The proposed federal bills will need to go through the legislative process, which can be lengthy and complex. Building consensus among lawmakers, industry stakeholders, and privacy advocates will be crucial for their passage.

The Maryland Online Data Privacy Act is expected to be enacted in 2023, but the specific details and timelines for implementation are still being finalized. Businesses operating in Maryland will need to closely monitor the developments and adjust their data practices accordingly.

Potential Impact

If passed and implemented effectively, these laws have the potential to significantly impact online privacy:

• Empowering Users: Stronger privacy protections can empower users to have greater control over their personal data. They can make informed decisions about who has access to their information and how it is used.

• Enhancing Transparency: The Generative AI Right Disclosure Act, if enacted, could promote transparency in the use of AI-generated content. Users will be able to identify AI-created content and make informed choices about their online interactions.

• Leveling the Playing Field: The Maryland Online Data Privacy Act, if aligned with other state-level laws like CCPA and VCDPA, could create a more consistent data privacy landscape across the US. This could benefit both businesses and consumers.

• Shifting the Focus: These legislative efforts highlight a growing focus on responsible AI development. Transparency and accountability will be crucial for building trust in AI technologies.

A Call for Continued Dialogue

The introduction of these new laws is a significant step towards safeguarding online privacy and fostering responsible AI development. However, it is an ongoing conversation. As technology continues to evolve, so too must the legal frameworks governing its use. Continued dialogue and collaboration between policymakers, industry leaders, privacy advocates, and the public are essential to ensure that online privacy is protected and that AI technologies are developed and deployed ethically. By working together, we can create a digital future that empowers users, fosters innovation, and promotes responsible technological advancements.

Reference Links

Children and Teens’ Online Privacy Protection Act (COPPA):

• Federal Trade Commission (FTC) – COPPA https://www.ftc.gov/business-guidance/privacy-security/childrens-privacy

Generative AI Right Disclosure Act:

• (Information on this specific bill is limited as it is a newly introduced bill. However, you can find resources on Generative AI and its potential impact on privacy):Artificial Intelligence Now Institute – Generative AI https://ainowinstitute.org/tag/generative-aiWorld Economic Forum – The Ethics of Generative AI https://intelligence.weforum.org/topics/a1G680000008gwFEAQ

Maryland Online Data Privacy Act:

• Maryland General Assembly – House Bill 983 (2023 Session) – Online Data Privacy Act (Text not yet available): https://mgaleg.maryland.gov/mgawebsite/Legislation/Details/HB0983?ys=2023rs

• National Conference of State Legislatures (NCSL) – State-Level Data Privacy Laws: https://www.ncsl.org/ (This website provides a good overview of existing data privacy laws in various US states)

Maryland Kids Code:

• Maryland General Assembly – Maryand Kids Code (Information limited, but you can find resources on COPPA): https://mgaleg.maryland.gov/mgawebsite/Legislation/Details/HB0983?ys=2023rs (Use the search function for “Maryland Kids Code”)

• Federal Trade Commission (FTC) – COPPA: https://www.ftc.gov/business-guidance/privacy-security/childrens-privacy (Provides a good understanding of child online privacy protections)