Tech reps tell Pa. House members to refine language, details in online protection bill for minors
Mar. 27—HARRISBURG — Tech industry representatives told Pennsylvania lawmakers Wednesday that a pending bill designed to protect children's online data and privacy has vague definitions, a tight window for adherence and could potentially violate free speech rights.
The industry representatives who testified before the House Children & Youth Committee encouraged continued work and communication to further develop House Bill 1879 — the Online Safety Protection Act introduced by the committee's chair, Rep. Donna Bullock, D-Philadelphia.
Amy Bos, director of state and federal affairs for NetChoice, an online trade association, said the Pennsylvania proposal mirrors a law adopted in California. That law is under court challenge by NetChoice and has been put on hold concerning First Amendment questions. She said similar laws in Ohio and Arkansas are also on hold.
She urged avoiding strict adherence to age verification, warning that compliance could trigger free speech violations and privacy concerns in the potential sharing of government identification or facial scans.
"The internet does not have borders so it would be preferable for the federal government to act here," Bos said.
"And not just preferable but that it would be required by the United States Constitution," said Rep. Charity Grimm Krupa, R-Fayette, a constitutional law attorney.
"Correct," Bos replied.
"There are many spaces in which the states have acted and in which we think the feds should act, this could be one," Bullock said.
According to bill language and a cosponsorship memo, House Bill 1879 seeks to legislate that companies prioritize the well-being of children over corporate interest concerning any products, services and features likely to be accessed by minors under 18.
The bill captures a broader group of minors compared to the federal Children's Online Privacy Protection Act passed in 1998 which applies to kids under age 13.
Bullock's legislation attempts to require companies to conduct a defined assessment of the potential risks their products and services pose, with information available on request of the Pennsylvania Office of Attorney General but barred from public open records disclosure.
It would prohibit companies from using children's personal information counter to the results of the risk assessment. Also, it would prevent the collection, sale or disclosure of a child's geolocation, ban default profiling of child users, and prohibit leading or encouraging children to provide personal information beyond reasonable necessary disclosure.
Kate Charlet, Google's director of global privacy, safety and security, told committee members that the proposal is among the best approaches in the country and expressed support for the initiative. However, she said the 60-day implementation should be extended, if the bill passes into law, suggesting one to two years when considering the need for project management and engineering.
Margaret Durkin, executive director of the Pennsylvania and Mid-Atlantic of TechNet, an advocacy group for technology economy and policy, warned that specific definitions within the bill are difficult to uniformly interpret and put into operation.
She encouraged a focus on consumer education in schools and the right for minors to have greater control of the use of their online data including for targeted advertising and correcting, copying and deleting consumer data.
"A lot of states across the board have passed bills related to media literacy and we would encourage this committee and the General Assembly to follow suit there," Durkin said.
Khara Boender, state policy director for the Computer & Communications Industry Association, also urged legislation implementing "digital citizenship curriculum" in schools and education about proper online use for both minors and their parents.