President Joe Biden’s State of the Union address covered a broad range of topics, but the one that likely caught big tech’s attention was a call for bipartisan support on antitrust enforcement and stronger protections for personal data. The president also called for targeted advertising to children to be banned, a rare issue on which there is also strong support on the other side of the political aisle.
A similar call for personal data protections was made in the 2022 address, but little has happened yet save the introduction of numerous bills that end up stalling out. Most cyber reform under the administration thus far has taken place via executive order and has focused on shoring up the defenses of critical infrastructure companies and government agencies.
Big tech facing ban on targeted advertising to children?
Biden focused primarily on two elements of big tech criticism: antitrust measures that prevent platforms from favoring their own products, an issue Apple and Amazon (among others) have grappled with recently, and an end to targeted advertising aimed at children and teenagers. The president also made a more general appeal to “stricter limits” on the personal data that big tech firms gather on the entire population.
Child safety became a focus of the administration’s cyber platform in 2021, when Facebook whistleblower Frances Haugen leaked internal company reports that indicate it is aware that products such as Instagram are having a negative effect on children even as it makes onboarding younger users a core focus of its growth strategy. Haugen was present at the address as a guest of First Lady Jill Biden.
One specific subject that the child safety topic overlaps with, but that did not come up in the address, was the possibility of a ban on TikTok. Biden did not mention the embattled video platform even though he spent significant time on moves the US is making to end reliance on foreign manufacture of semiconductors and compete economically against China. TikTok has faced an increasing (and increasingly bipartisan) number of calls for a ban after a series of missteps has revealed that it is not keeping US user data out of the hands of employees in China and that it has kept tabs on journalists that might have been in contact with whistleblowers. While most of the focus on TikTok has been the potential for the Chinese government to use it for espionage and propaganda purposes, the platform’s first wave of legal troubles involved failure to protect underage users.
Biden’s broader invective against “surveillance advertising” noted that big tech companies collect a troubling amount of personal data, and claimed that social media algorithms had the potential to deepen extremism and polarization in the country’s political and social views. The president reiterated a call to reform Section 230 of The Communications Decency Act, the law that shields online platforms from legal liability for the user-generated content that they publish, but did not get into specifics about what that change should look like.
Protection of children’s personal data may be prioritized
Though federal legislation involving personal data has been tough to get over the finish line thus far, the Children and Teens’ Online Privacy Protection Act may be reintroduced by Sen. Ed Markey (D-MA) in the current session of Congress. The bill would essentially be an update to the Children’s Online Privacy Protection Act, which Markey was an author of in the late 1990s.
As the name change suggests, the new bill would expand special protections from age 13 to 16. It would also ban targeted advertising to those 16 or under, and would provide the FTC with a new Youth Privacy and Marketing division to focus specifically on big tech and how it is using the personal data of minors. This bill has less bipartisan support than some efforts, with Republicans rejecting it in 2022 due to the expansion of FTC power and desire to see the protections expanded to other age groups.
Big tech is, unsurprisingly, against any further regulation involving personal data. Assorted industry groups that count big tech’s biggest companies as members published statements in response to the address, taking the stance that greater regulation hampers ability to compete globally and that companies are already implementing targeted advertising protections for children. The Biden administration has consistently put the onus of responsibility for restraint with personal data and targeted advertising on big tech firms, but clearly believes that efforts thus far are not adequate and require more government intervention.
Shawn Riegsecker, CEO and Founder of Basis Technologies, thinks that the targeted advertising industry has painted itself into this inevitable corner with its refusal to seriously self-regulate: “In a perfect world, the industry would have already created a strong self-regulatory body with the capability to identify, penalize, and ban bad actors from participating in the industry. Industry self-regulation, without meaningful consumer, publisher, and marketer data privacy guardrails, and governing authority to mete out punishments, wouldn’t fit the definition of “regulation”. Given the adtech industry’s past 25 years of not protecting consumer, publisher, and brand data, I don’t foresee any chance the industry won’t be FTC regulated. The industry can engage in an unwinnable war with Congress, with the best possible outcome being the delaying of the inevitable. Or it can work in collaboration with Congress as it looks to draft meaningful data privacy regulations that won’t gut or harm the industry-but that will require the industry to agree on strict privacy standards. Given the size, scale, and number of companies operating in the industry, getting industry consensus will be difficult, if not impossible.”
Mathieu Roche, CEO of Co-Founder of ID5, sees the EU’s General Data Protection Regulation as a quick way to adopt at least partial models to quickly address targeted advertising to kids: “We can also be supportive of regulation or best practices relating to the protection of “sensitive data” (religious, sexual, geo and health-related information in particular) and “sensitive data subjects” (kids / at-risk populations) – already part of GDPR, but should be implemented in the US as well.”
