Congress is moving swiftly ahead on legislation that would require smartphone apps to verify the ages of their users in order to protect children’s safety online. But with full markups on several bills scheduled for the coming weeks, lawmakers face an important choice between competing approaches.
Among the leading bills, H.R. 6333, the bipartisan Parents Over Platforms Act (POPA) introduced by Reps. Jake Auchincloss (D-Mass.) and Erin Houchin (R-Ind.) stands in strong contrast to H.R. 3149, the App Store Accountability Act (ASAA) introduced by Rep. John James (R-Mich.). Though both bills aim to safeguard kids through requirements on app stores, POPA stands out as a more practical, privacy-forward, and parent-aligned approach. Here are four key policy areas where the two bills differ.
Shared Responsibility
Checking an app users’ age is a complex task, and responsibility for it should fit with the actual roles of app developers and stores. While both bills enlist mobile app stores in the age assurance process, ASAA establishes onerous requirements that would require them to collect government IDs from all users — minors and adults alike — regardless of what kind of app they want to download.
While app stores may be well-positioned to use basic age information to limit the apps younger people can download, they have little control or knowledge of what happens once an app is installed. The ASAA would make the point of download the only major check on online safety, with app developers holding minimal responsibility for providing safer experiences after their product is loaded onto a child’s phone. This strategy could inadvertently lead to poorly applied restrictions with content minimally tailored to be age appropriate and little control of how apps are actually used.
By contrast, POPA proposes a shared responsibility across the ecosystem, requiring app stores to conduct age checks at the point of download and developers to do the same when consumers use certain parts of their apps. As PPI wrote last month, parents believe strongly that verification should go beyond a one-time check.
Consent Fatigue
For parental consent to be meaningful, it must be sustainable: Too many requests lead users to accept terms without reading them, much the way most of us now automatically click through the ubiquitous cookie consent banners websites started displaying following enforcement of Europe’s GDPR. This phenomenon, known as consent fatigue, should be carefully considered in the design of an age verification framework.
POPA gives parents tools to manage kids’ access without becoming overly frequent or demanding. For example, parents are able to restrict access by category or age rating, rather than at every app download. Giving parents these tools means they still can still make meaningful decisions about their kids’ activity without being inundated by routine approvals that might cause them to tune out.
Though designed with good intentions, ASAA’s approach is much more likely to overwhelm parents. The bill would require app stores to receive parental consent during each and every download request. Even if parents decide that their kids are ready to download some kinds of apps independently, ASAA does not provide a mechanism to let them do so. And with requirements to receive additional parental consent after “significant changes” are made to any app, requests are likely to be frequent.
Parental Control & Data Sharing
When handling sensitive personal information, privacy and choice should be foundational priorities. The age assurance process should strive to minimize data collection and sharing, obtaining only the information needed for age assurance and nothing beyond. While POPA gives parents the agency to decide when and where their child’s age is shared, ASAA mandates broad sharing without consent.
ASAA requires all new users to undergo age verification, and developers of all apps – even those without age restricted content — to receive information about all users’ ages by default. This approach violates the principle of data minimization and puts all users at risk. Even if a user wishes to download an app that does not include age-restricted content, like a notetaking app or their favorite coffee shop’s app, they will still be required to undergo the age verification process. Parents and other users have no choice over the collection and sharing of their information.
POPA takes a narrower approach, allowing users to declare their age and giving parents the ability to choose to share age information with developers. While the bill encourages app stores to use techniques like age estimation to provide age assurance, it does not require it.
Legal Considerations
Crucially, the concerns over scope and applicability considered in this piece are not purely speculative. Last month, a federal judge temporarily blocked Texas’s state-level age verification law on the grounds that it was “exceedingly overbroad” and “unconstitutionally vague.” If Congress is serious about protecting children and giving parents choice, it should pursue a legally durable approach that can withstand the same first amendment challenges that the Texas law faced. POPA’s measured scope, with a defined set of covered applications and focus on parental consent and choice, appears up to this legal scrutiny. As markup approaches, lawmakers now have an opportunity to advance legally durable and practically designed age assurance legislation. Congress should choose POPA.
