This morning, the Subcommittee on Innovation, Data and Commerce of the House Energy and Commerce Committee (whew!) held a hearing to consider two bills aimed at amping up federal regulation of Internet speech and privacy.
- Kids Online Safety Act, or “KOSA,” is draft legislation intended to protect minors from alleged online harms.
- American Privacy Rights Act, or “APRA,” is a discussion draft (something less than draft legislation) intended to go beyond protecting minors to create a nationwide privacy standard regarding the way companies handle consumer data and privacy.
There has been a lot of discussion about the need for privacy legislation for years, but we think it was wise for governments to move slowly, if at all. Technology changes rapidly, innovators iterate frequent changes to their products, industries work to develop best practices, and consumers over time learn how to navigate ever-changing technologies.
Moving slowly and only legislating when needs have become clear and when there are demonstrated harms reflects a conservative approach to governing.
Of course, in our federal system, the states also legislate and regulate, and states have begun passing laws and regulations designed to address these same problems. But the states that have acted have passed laws that are in conflict with each other, have different definitions, and create differing compliance burdens for companies. Additionally, we expect many of these laws to be invalided through future Supreme Court decisions, because state legislators have been more concerned about scoring PR points than protecting the First Amendment, which is pretty clear about government regulation of private speech.
Further, and obviously, because the Internet is inTERstate rather than inTRAstate commerce, federal rather than state legislation is appropriate. The Commerce Clause is pretty clear about that as well.
So the APRA effort in particular could be useful in pre-empting conflicting state regulations and creating uniform national standards and definitions.
The problem is, while both KOSA and APRA have noteworthy intentions and useful provisions, neither of these bills is ready for prime time, and both contain significant problems.
KOSA is particularly problematic in that it empowers federal regulators to restrict the First Amendment speech rights of Americans and creates huge new legal liabilities in the process. KOSA would also give significant new powers to the Federal Trade Commission—an agency that is already out-of-control and grasping for more power during the Biden administration.
It’s possible that either or both KOSA and APRA can be refined through committee work to play a positive role in Americans’ privacy and data security, but we aren’t there yet. And, as always, just because the name of a bill sounds attractive and there are problems to address doesn’t mean that the proposed government solution isn’t worse than the problem. The Devil is always in the details, and there are still lots of problematic gremlins lurking in both KOSA and APRA.