COPPA 2.0 moves forward, and Congress flirts with an ID checkpoint

I was sitting under the fluorescent hum of a public library, the kind with carpet that has seen three decades of civic disappointment, when the phones started lighting up about kids online. Again. The subject arrives like a familiar manila folder at a midnight committee hearing: good intentions, bad incentives, and a stubborn urge to solve a digital problem with paperwork that looks suspiciously like surveillance.

This week in Washington offered a clean contrast: one real privacy upgrade, and one temptation to build an ID turnstile, one child at a time.

Senate: COPPA 2.0 advances child and teen privacy

On March 5, the Senate cleared COPPA 2.0 by unanimous consent, according to Sen. Ed Markey’s office. It aims to update the 1998 children’s privacy law for a world where data extraction is not a side hustle. It is the business model.

The details matter. COPPA 2.0 defines a teen as age 13 up to under 17. It pushes basic privacy hygiene: limits on retaining kids’ and teens’ data longer than necessary, stronger security practices, and a more meaningful ability to review, correct, and delete personal information. It also requires notice if a child’s or teen’s personal information is stored or transferred outside the United States.

And then there is the sentence worth printing in neon: the bill says it should not be construed to require operators to collect age data they do not already collect, and it should not require age gating or age verification functionality. For once, Congress is admitting you do not fix a privacy leak by demanding more personal information.

House: kids online package, plus app store age verification

Now step into the House Energy and Commerce Committee markup, where the word “kid” can be used like a skeleton key. As Roll Call reported March 6, the committee advanced a broader kids online package after partisan fights over issues including preemption of state laws and what counts as knowing a child is on a platform. In the same orbit, a bill requiring age verification in app stores and parental consent for minors to download apps advanced 26 to 23. The KIDS Act package advanced 28 to 24.

Axios, reporting March 5, captured the dispute: Democrats warning about preemption and House Republicans pushing forward anyway, with guardrails for AI chatbots folded into the package. Everyone says they are protecting kids. Everyone says the other side is helping Big Tech. Washington is a town where even the finger-wagging has a lobbyist.

The Orwell check

Listen to the euphemism machine around age verification: “age assurance,” “age appropriate design,” “parental consent.” It sounds like a seatbelt. But the mechanism often looks like a checkpoint, and checkpoints have a habit of expanding. Temporary powers, permanent infrastructure.

Age verification is not just a policy. It is a data system: IDs, biometrics, third-party verification logs, and the metadata that tags along. Once the pipe exists, it gets repurposed.

The Paine test and the liberty ledger

Run the Paine test. Does app store age verification expand liberty or concentrate power? It concentrates, shifting the internet from open-by-default to permissioned-by-default, with lawful speech and lawful tools mediated by identity checks.

Put it on the liberty ledger. Gains: stronger rights and clearer limits on data harvesting from kids and teens. Losses: adults get logged to prove they are adults; teens who need privacy from unsafe homes get shoved into parental-consent chokepoints; people without easy access to IDs get nudged out; and new databases have a way of leaking at the worst possible moment.

Guardrails: protect minors without building a registry

• Follow COPPA 2.0’s logic: regulate data practices, not identity.
• If any age-related signal is required, make it privacy-preserving: minimal data, strict purpose limits, short retention, real penalties for misuse.
• Do not preempt stronger state protections unless the federal standard is actually strong.
• Enforcement matters: give regulators the tools and resources to penalize companies that profit from tracking kids.

Sunlight and oversight still do the heavy lifting. If lawmakers want to redesign online life, keep hearings public, audit the technical assumptions, measure the privacy impacts, and let courts swat down any “for the children” shortcut that tramples adult speech and due process. If the goal is protecting kids, why are so many proposals built around collecting more information from everyone?