(Patriot Command Center) In the name of protecting the children, everyone must be under scrutiny, turning citizens into criminals. What starts as a well-meaning attempt to shield teenagers from online exploitation can easily become the blueprint for mass surveillance by design. The proposed Children and Teens’ Online Privacy Protection Act (COPPA 2.0) in the U.S. Senate is a case study in how laws intended to protect minors risk exposing everyone.
The bill, S.836, is framed as an update to existing privacy rules, raising the protected age group from under 13 to under 17 and giving teens limited consent rights over their data. Supporters argue it’s overdue. But hidden in the details is a shift in how platforms are expected to recognize underage users.
Old Bill: Under current law, companies only have to act when they have “actual knowledge” that a user is a child.
New Bill: The new bill lowers this threshold to “knowledge fairly implied on the basis of objective circumstances.” In other words, companies are expected to guess who’s underage based on vague indicators, like what websites they visit, what time of day they log in, or what they search for.
Problem #1: This ambiguity doesn’t just mean more caution. It means platforms are incentivized to surveil everyone preemptively, out of fear of being sued or fined. If a company faces allegations of negligence for overlooking a 16-year-old, it would be prudent to confirm everyone’s age upfront. That could mean requiring government-issued ID, facial scans, or biometric checks just to post a comment or browse a forum. And these systems, once in place, don’t stay confined to protecting kids. They create new reservoirs of sensitive data vulnerable to hacks, internal misuse, or sale to marketers.
Problem #2: No reliable, privacy-respecting age verification method exists. Facial analysis is error-prone and invasive. ID uploads expose documents to unknown retention practices. Even offering multiple verification options only shifts the risks around, instead of removing them. However, in the absence of a comprehensive federal privacy law that establishes strict guidelines for the use, storage, and sharing of this data, users lack any assurance.
Result: The unintended effect is that everyone, adults included, will have to trade anonymity and access for the chance to participate online. Public spaces, educational tools, and creative outlets could become locked behind gates that require you to prove who you are. Although the bill doesn’t explicitly require this, it virtually ensures that platforms concerned about potential liability, will prioritize intrusive verification.
Such legislation has a chilling effect. Many people rely on anonymous accounts to protect themselves; think of survivors of abuse, whistleblowers, or LGBTQ+ youth. The more age checks that create friction and exposure, the more these users feel compelled to either compromise their privacy or remain silent.
The core problem is that instead of setting clear standards and protecting personal data, the bill hands the burden of compliance to private companies without defining exactly how to comply. Faced with uncertainty, companies will build broad surveillance systems to cover every possible scenario.
There is no question that children and teens deserve meaningful safeguards against exploitation and manipulation online. However, we must design these protections precisely, underpinned by robust national privacy rules that restrict the collection, retention, and sharing of data. Otherwise, piecemeal reforms like COPPA 2.0 don’t just protect kids; they make everyone a target.
Final Word: In the name of protecting our children, no one is protected. What could go wrong?
