My name is emma morris, and im the Global Policy director. I would like to start by thanking congressman cardenas and his staff for securing the room for us for having this important discussion today. Briefly, by way of background for those not familiar with the safety institute, were an International Nonprofit organization looking to make the online world safer for kids and their families. We are pleased to host the panel today to discuss one of the most important issues facing families and kids privacy on the internet. In the united states, the collection and processing of childrens data has primarily been regulated by the childrens Online Privacy protection act for over 20 years. This law long preceded facebook, snapchat, youtube and hello barbie. Weve seen numerous legislative proposals to change the way childrens information is regulated and at the beginning of the summer, the federal trade Commission Published a request for public comment. With all of this activity in mind, it released a white paper entitled revisiting copper which you should have received today and you can download on our website. We believe that limiting the Data Collected from children and preventing Online Marketing to those under 13 absent verifiable parental consent are admiral aames of copper. However, we are cognizant of the need that Small Businesses especially are able to comply with the law and it was creatingcreating engaging content for children. We want to protect the information rather than to ignore their data and the use of their services. With that in mind, i will hand over to steven bolcom who will moderate the panel today. Great. Thank you very much, emma and thank you to the team led by emma morris to put all of this together, fantastic and in such a short period of time in the summer and thank you for that. As it is pretty obvious, cspan is here and when questions come around just be aware that you could well be taken up on broadcast tv. So, yes, founder and ceo with the family Online Safety institute. I will be moderating the panel, and we are hash tagging it fosi briefs the hill. Y know its not a hash tag, but it is a good hash tag, please use it. This video that cspan is doing right now will be archived at cspan and well also provide a link. I will ask this esteemed panel to introduce themselves and starting with you, mark. If you could tell us who you are, where you work and a tweetlength description of your work in this space . Okay. Im mark icorn and assistant director at the Privacy Division in the ftc and ive been in that job for about ten years, and what the ftc does is protect Consumer Privacy and we enforce kappa, and we do policy work around kappa. So like a couple of years ago we held a work shop on Educational Technology issues and we were working a kappa work shop this october. Thank you very much. Hi, everyone. Stephen, thank you for having me. My name is john falzone and i work at the entertainment board where i run the privacy Certified Program which is an ftcapproved capa Safe Harbor Program and i work with companies primarily in the entertainment and toy spaces to ensure that theyre complying with the law and the regulations and generally doing right by their consumers. Joseph wender, Senior Adviser to senator ed markey. Ed markey when he was Congress Person in the late 1990s was the author of capa and we have been active in the last 20 years since then on pushing all sorts of kids privacy and advancement issues and most recently introduced capa 2. 0 bill which i am sure ill be discussing during this panel. And i am jim hal pert, and i cochair the Global Policy and cybersecurity practices at dla piper, and back in 1998 as a senior associate i helped negotiate and draft some of the language that ed markey wound up sponsoring with conrad burns and Richard Brian that became the capa law and was there at the creation and i think filed seven sets of comments in the 2000 rule making, and so i was there at the creation and helped to provide some context over time regarding capa. Thank you all. Its quite a breadth of experience both past and present and no doubt, well into the future because this issue is not going to go away. Mark, what has let the ftc lot capa rule. Before i answer that. Ill say im speak for myself and not for the commission or for the commissioners. Oh, come on, not all five commissioners. I speak for one of them and im not going say who. [ laughter ] so i am we do this regulatory review process of all our rules and guides every ten years typically, and that is on a routine schedule and with capa, we revised the rule in 2013 pretty substantially to add categories of personal information that werent really collected when the rule was first implemented or when the statute was first passed and sort of to expand the rule in other ways to, you know, cover persistent identifiers and third parties that are collecting information from sites when they have actual knowledge that theyre directed to kids. So, you know, we hear about capa a lot and there are a number of statutes that we enforce and theres a lot more just sort of discussion and talk about capa than many of the others and theres also, theres been a lot of changing technologies. For example, i mentioned the ed tech work shop that we held at the time that the statute was passed and there was no mention in the statute whatsoever of schools, and it sort of raised this issue of, well, if somebodys using, you know, an Online Service context can the parent excuse me, can the teacher provide consent or not. Those kinds of issues. So weve sort of addressed those and the statement of aces and purpose for the rule, but weve never really addressed them more directly in the rule itself and when we held the work shop a couple of years ago on these issues its clear that this industry is really accelerating. There is a huge amount going on there, and we thought about sort of making sure that we address that issue properly and getting public ideas on how to do that, and ill to highlight one more issue or one more change. Obviously uses voice assistance and when the Commission Revised the rule in 2013, we had the coverage of audio collected from a kid so that raises questions about well, if you have a Voice Assistant that, you know, is directed to kids for some reason and youre basically just using it to do voiceactivated search essentially then we realize that would raise issues. So we issued a discretionary enforcement policy that basically says if you use it for something quick like that and you just immediately delete it, were not going to be bringing a case involving that. So thats another issue where you know, get the publics input and how to address that and also are there other issues about Voice Assistant and are there other issues with smart tvs and that kind of thing that we want to address. And talk a little bit about the process. Were coming up to the end of august. What happens next . When are you guys going to actually deliver your thoughts on this . Right, it will aub while because theyre not due until no noef peard and we have the work shop october 7th and well get a lot of input there, as well and once we get those comments well sit down and, you know, go through what we got and review the input and figure out where to go from there and just to make clear what this is and theres a process for a rule making where we put out particular, you know, basically regulatory language that we propose. This is one step before that. Were still sort of at the information gathering phase so one thing that could come out of this is the next step that could end up making a regulatory propepr proposal based on what we hear. Okay. How are you currently working with companies that create content . Just taking a step back from the looking at capa. How are you currently working with everyone from the disneys to the mom and pop shops creating an educational app, for instance . . Well, one of the things we do is we have a capa hotline where companies can reach out to us and sort of pose an issue to us or ask a question about the rule we see this as trying to facilitate compliance with the rule as opposed to catching someone in violation so thats one avenue. We also have consumer and education put out and the faqs on capa where we make the rules as clear as possible and those are some of the ways that we do that. Okay. John, for those of us who are not familiar with safe harbors or the esrb, lets do a little bit of a level set. What is a safe harbor . Sure. So first of all, safe harbors were created as part of the legislation that was passed been the safe harbor regime is intended to be independent provide independent oversight and enforcement of the act, but on a selfregulatory basis. In other words, its not mandatory for any company to be a part of a safe harbor. Companies choose whether or not they want to work with Safe Harbor Programs. The erbs is one of the oldest safe harbors, but there are seven companies that provide Safe Harbor Services and so the companies that work with us have chosen to become parts of our program. They pay depending on the program some sort of fee for our services and then our job is to make sure that those companies are first and foremost, complying with capa and the amended capa rule and the guidance that the ftc puts out. Many of our programs go beyond capa and from the safe harbor standpoint thats the primary objective. So every day, my team is in websites and in apps that our members are putting out and theyre looking through them just as any user would, doing the user experience. Theyre doing back end scans to see whats happening on the back end that the user can see, making sure that one, the practices of that member are in line with what capa requires and two, that the policies that theyve put out, in other words, the disclosures that theyre making are reflecting those practices and accurate to their consumers. Talk a little bit about how you guys promote the creation of content for kids particularly the under 13 market when has bedevilled a lot of creators. Talk about that. Its an incredibly difficult market. To be frank, most of our members dont really get into that market. The majority of their websites. Why is that, john . Because its difficult to monetize and stay compliant with the law. So we are lucky that some of the companies we work with have strategies for monetization that go beyond, you know, advertising and apps or inapp purchases and those are the some of our members especially in the toy industry its not fessly abonec about that for them because theyre looking for brands that keep kids engaged and it is a difficult market to be in and to make money in, but it it is one where it you have the right long term view, you can be very successful in it. So our job is we start working with our members as early as we can in the process. If they have something that is under 13 and in a true sense or is going to be hitting someone in a significant way and maybe directed to an older audience. We start working with them as early as we can in the Development Process to start flagging issues that might be coming. Look, the companies that work with us. They know what capa is, right . And theyre trying to do the right thing by working with us, but they dont always necessarily know what that right thing is, and then youve got companies that are just coming to us when theyve when theyve Just Launched or are planning to launch something and those Companies Often think that they know everything and theyre compliant with everything and it can be complicated and so theres a lot of issues that you have to work through. You can work through pem. One the of the complicated issues you have when talking about actual versus constructive knowledge. For the uninitiated what is this, between consensual and the knowledge. Capa is triggered when the Online Service is directed to children under 13 years old or the operator of the Online Service has actual knowledge that the user is under 13 years old. So thats capa in its current state and the way that it works. Actual knowledge is what it sounds like from the legal standpoint and the company has to actually know that that user is under 13 years old. The most typical way that a company would know that is that the user has identified as under 13 years old. A lot of websites or apps con take a registered process and so a user may identify as under 13. Weve all seen those popups that come up, right . A user might identify as under 13 and then automatically at that point capa is triggered, regardless of what the site is. It could be a that could be a site that is intended for parents, but if they collect the users age, then capa would be triggered in that circumstance. Constructive knowledge would be a situation where the operator should have known that the user was under 13 from a legal standpoint, so that could be based off of any number of factors of information that they might have available to them. It sort of broadens the scope, as you can imagine. Thank you. Joseph, what was your reaction and even as important, your boss reaction to the ftcs announcement in july that capa would be reviewed much earlier than had been expected . Sure. Our reaction was cautious optimism. He was very supportive when the rules were reviewed back in 2013, and he clearly sees that the landscape has changed in the six years preceding and things like biometric and things like genetics and Voice Assistant and all of the things that mark discussed. It is clear theyre much more prevalent in the ecosystem today and that the commission should be taking a look at that, so thats good. I say cautious optimism because we dont know what the outcome will be. If in the end the rules are strengthened thats a really good thing, but you always have to be wary of potential bad players or others coming in and attempting to weaken the rules. So until we see what the final product of the process is i dont want to i cant say if were going to be happy or sad, but i dont want to prejudge the process because its good that theyre certainly starting in it. I had the priviledge of testifying to the Senate Judiciary only a month or so ago on the topic of protecting innocents in a Digital World and the hearing the ftc came under a barrage of criticisms and presumably you watched that and do you share that criticism or to put it in a more positive space, what more could the ftc do in this space . I think particularly in the kids privacy space the jury is still out because as Everybody Knows in this room, there is a case pending about or pending about youtube, and whether they violated and what the fine is going to be and what the continuing or new obligations are going to be placed on google and that settlement and agreement has not yet been released and its not yet been announced. So i think what they do in that particular case will be indicative of the position the commission is taking with regards to how serious they are about enforcing capa, so i dont want to i dont want to say yet. Well see what they do. Im sure, you can talk about senator markeys own proposals which politico mentioned three of them this morning. Were busy. Off you go. In sweetlength descriptions. The trifecta of bills if you approximately,y and wanted to what that bill would be able to do, in short, is to be consistent with both california and gdpr, to create and smell out your acronym gdpr. You spell it out. No. The Data Protection information. Thank you, jim. What it would do is create as Everybody Knows kappa is only 12 and under and senator markey like many others believe that 13, 14, 15yearolds need special special protection, necessarily, but it would extend the bill for 13, 14 and 15yearolds and it would change the standard from actual to constructive. It would ban targeted ads for kids and it does create an eraser button consist went the law in california that allows parents and children to erase information that they themselves have posted so as to not violate the first amendment. The other two bills are the camera act which is the children immediate Research Advancement act which is directing nih to do a fiveyear study on the impact of technology on children. I mean, its obvious that things are totally glued to these things now. So what is the socioor the cognitive impact of this incredible increase in technology has been introduce the about. That bill is soaking to, to address the practices by many websites to glo websites to and the other functions to sort of suck kids in and ensure that they stop watching. I have a 3yearold. It works very well on him and he will not stop watching the device unless i rip it out of his hand and that bill which well be introducing some time in september or october will address what we do about that issue. In our experience, parents are equally glued to these. Oh, its a problem. This room is pretty well, its doing pretty well and ive been looking around independent is a testament of how good this panel is. There arent that many people on the phone right now. We do want you to tweet from time to time. Mostly your attention up here, please. Last question at this point. So do you think capa should be modified or are we looking for a total rewrite of the law . Modification. So youre not going to throw capa out . No. We think as was evidenced in the capa 2. 0 bill, were seeking changes and mod if i cautions to the, and we are not looking for a complete rerite of capa. As evidence the starting with my boss bill it could be improved upon because the bill looks differently than it did when it was passed in 1988. This is a perfect segue to you. When we were all much younger, 20 years ago, how has the world changed, would you say . Well, 20 years ago i had a 1yearold child who is now just driving up this afternoon to enter his senior year of college. So its a really a good, long period of time and weve seen really what was a nascent internet age where, in particular, forms of parental verified parental content were very limited to a world where people aulthent kate all of the time on their devices for a variety of Different Things and that i think offers some opportunities to one of the barriers is weve heard from joe before is with capa is that its so difficult verifiable parental consent that the idea of creating, of getting into a coppacompliant framework, its a real terrier and discourages investment in the content of activities for kids. It could be very positive. On the other hand one can imagine in a world where a syndication is much easier and straightforward that may be less of a if you will a garden were not much can grow practically. So i think this potential rulemaking represents an opportunity to make coppa realistic, realistically reflect that people are not going to give away their credit card for verification in todays day and age with all this information about data but to allow a much easier authentication with a lower barrier for parents to agree for their younger children to have learning opportunities at the same time to take the ftq and to put them in the rule on issues targeted to children. Including issues like what is content that is harder for children. The commission has done a lot of good thinking about that. Including looking at the sort of advertising of an honest start site. This can reflect whether the site really is targeted to children or not. So the rulemaking offers i think opportunities to address and to raise the profile of some of these issues. At the same time, i have questions and we will get to this about some of the other elements of the kids act, and of some questions in the actual rulemaking about how some other ideas would work in practice. I wouldnt describe them as concerns but they are questions. I think those are worth exploring as well but i do think that essentially putting in the rule of much of the verifications in the faqs, including also about educational Online Platforms that make absolutely clear that the school acts in loco apprentice where barbara is applying the federal Education Rights and privacy rights. These are to break them down some of the barriers in ways that i think coppa often discourages layout of new forms of learning for kids for example online. At the same time, take the guidance in the faqs, which is designed to for example, look quite broadly at what sites are actually targeted to children. The fdc does a lot of enforcement of, an area where the Senate Hearing overlooked that this is an area where they are very active. That in Public Education and changes to the rule. This can sensitize a lot of sites to the fact that they may be doing some certain portions of their site may actually be targeted to children. This is an opportunity in this new world where theres been a lot of evolution and a lot of guidance from the commission over the past ten years that could go into the role. Jim, about ten years ago we did a panel in london, we agreed that coppa had become this kind of global standard that the europeans pretty much adopted similarly and asians. Now we are seeing with dvr, it is kind of coming back to us. There are new regulatory regimes which are particularly in europe which we are now going to have to Pay Attention to. What other International Trends positively and negatively that will impact us here. In general, this is an area, speaking as somebody who coeds a global privacy practice of lawyers in 40 countries who follow it, this is an area where Different Countries look at this slightly differently. We have a first amendment, many other countries dont. There are key issues for example, about 15yearolds ability to communicate that really in europe, its a concern but not the same order of concern. Europe has not taken a uniform approach to this. They let each state to establish the age where parental consent is not required and consent by the individual is substituted. It can vary between 14 and 16. Weve diversions there, weve seen different approach in japan. Countries that are updating the privacy laws do not adopt uniform on view in the us, we have california that has been Going Forward with its own privacy law. The take the view that kids between ages 13 and 15, should affirmatively consent to sale, this is somewhat particular definition of sale, which means more than sale. Essentially, monetization or thirdparty advertising in exchange for something of value, essentially use of teenagerss information in thirdparty advertising. If the website or Online Service or any business offline, has actual knowledge that they are dealing with a child. So the result is now something that the kids act goes way beyond the requirements of california law. The broad idea of optin consent for teenagers, is now something that a lot of companies are working very hard in the u. S. To roll out. Expectations when the ccpa for california residents, california is 1 7 of us economy and has a huge number of people. When the law takes effect on january 1st, 2020. We are seeing changes, that are again a little different. An opt out of sale, or an opt in to sell but we are seeing changes in the us just as we are seeing them around the world. Im going to come back and ask you about the c word. Concerns about whats going on with the coppa review and also the proposals that are coming from senator markey and others. Tonight really have questions or than anything else. What are your questions . I think theres really an issue for example with constructive knowledge. What does that really mean in practice and how is that operationalize . Does it mean that a website or Online Service needs to really gate very heavily and potentially drive a whole lot of people through because they might be deemed to have constructive knowledge to prove that they are not teenagers. If thats the result, this will be a rather frustrating online experience for everybody sitting in this room. There really are issues around that. With the ftc, i think there are questions about what the ftc will do on the streamlining coppa consent side to balance further clarifications of the reach of coppa. Thats a very important issue to making the law really work well. I also think that the question of the issuing the kids act with regards to coppa 2. 0. Sorry. Thank you for correcting me. There is a question really about what does it mean if you have a site that is not targeted to children but happens to have a lot of children or teenage users. And, if the basis for it is simply having an audience figures where it turns out, an example would be the office is a tv show that my friend created a character after me. It turns out that the target audience was not preteenagers but was very popular with a lot of 12 and 13 and 14 and 15 yearolds. We want to see that. Im not as tall or as goodlooking as john krasinski, sorry. The results of this is if you simply look at an audience and lets let the audience, that can fluctuate. It is not a great metric for what targeting to children is. The word targeting doesnt really square with what may be the effect of a particular site. I think that scenario is really a lot of questions and the result i think is of a rule the city coppa consent model would apply. It would be the size would need to collect more information in order to figure out who the kids were and then to authenticate them. That would result probably in more Information Collection in order to for sites to be compliant. I dont think theres an easy answer here. Joseph may have some ideas. Her response to that. I really have, difficult issues here, it is complicated. The overall goal of protecting kids privacy as vitally important. Figuring out how to do this in the smart way that doesnt incentivize more Information Collection that facilitates parental involvement in a way that allows kids to obtain information in the crack down on scrupulous monetization of kids information. Where there is some targeting of kids. I think its really the trick. We are really eager to see how this rulemaking if it happens with the ftc as a essentially Congress Legislation would think about these issues. In the first instance, the fcc is actually done an excellent job. I think we all should look forward to its work. We should be patient because this is such a delicate balance. Having an Expert Agency do with us in the first and since before Congress Goes and legislates again is probably a good idea. Thank you lets use those questions to thrown open to the panel. We got the constructive knowledge question, the reach of coppa, and the unintended consequences of collecting more information with coppa 2. 0. I will start by saying these are all good questions that jim is asking. I am not going to get up here and say that our bill is perfect in that we have all of the answers. This is part of the legislative process and this is the same way that it is part of a rulemaking process at a federal agency. Rulemaking process, you have some comment. The legislative process you have lots of number members that will offer amendments and go through marketing through a committee and then go to the floor and then left reconcile with the house. Thats how it should work. In theory. I will say on constructive knowledge, two things, one i want to address the question that was raised before about how do you, we think its a false choice that you either protect children or you have creativity and new apps or new offerings for children online. I think ed markey firmly believes as weve seen over the last 20 years there is a way to do both. A lot of companies have mastered both. A lot of companies obviously have been deterred from doing it but a lot have not. We should be entering this process as we are thinking about rewriting or revising the law at the agency or doing so in congress with both goals in mind. You want good, safe, educational content. For children at the same time, it protects them and their privacy. On the constructive knowledge point. But i would say is, there is clearly a problem right now with channels, sites, especially channels because of youtube. Size overall though that have an unbelievable number of children users or children users that dont fall in to the two categories that were mentioned earlier. Which is actual knowledge, because there is age gauge, or intended for children. So one of those examples is there is a specific website about toy reviews for children, for kids. Its highly popular for children. Arguably right now, and the operator of the site knows it. Everybody knows it. In the sense that they have constructive knowledge that kids are being directed to the site to see what our popular toys right now. But it falls outside of the two categories that were mentioned before. So doesnt trick trigger a coppa. So we need to find a way to address these types of websites that are clearly being used by children but also at the same time not fall into the trap of the unintended consequences that jim described earlier. There may be a way to take that particular example, one might argue that this content was of overwhelming significance and interest to kids. It wasnt that different than a cartoon site for example. That may or may not, it could be the way the reviews are done too. Are they really done for parents and talk about other criteria that the parents would talk about. Resident unboxing site that a child would like. This is really cole, within the ftcs market speak to this, some ways get this question for a site like this or perhaps tweak the role. Rather than adopting a constructive knowledge and standard for this sort of site because a particular example, you may well have others that are important but this one i think can fit probably the existing framework. I think this is one of the pressing issues of coppa, when the rule was passed, there was the sort of idea that the super bowl being the tv analogy where people are pretty sure that there are kids watching the super bowl, but it wasnt directed at them yet all told, theyre possibly been millions of kids watching the super bowl. I think when the distinction you need to make between a site and a site where sort of like yeah, due to the nature my site, i pretty much know i have inordinate appeal to the kids and maybe its not only intended not intended for them at all but i know that i have a large following among the kid population. I think thats a challenging situation where i think the constructive knowledge approach is may be designed for that kind of situation. Under the current rule, you have your actual knowledge bucket and you have your directed to kids bucket and theres sort of is another category out there. I think we do will avoid the super bowl side though because if you think about it and this would be true of many different ways that people get online and communicate as well as particular content, we do have huge populations of adults and older teenagers who are also part of this mix. The only way to distinguish and to figure out who are the younger minors, is to collect information about the users. That is the catch22 or paradox of this. It may be about thinking a little bit more broadly about sites and services that are actually directed to children that actually should have knowledge that they are collecting information about a lot of children. But without adopting a constructive knowledge standard across the board, because i think thats where the super bowl is a great example. Can you imagine americans logging in to watch the super bowl and when its being streamed and having to wait for 45 minutes while all of these people are screened to make sure they are actually able to watch it. That is not a great experience. This is the balance. Its hard. You are describing, well take it into the online space, espn. As a general audience site. Adults go on, every day. I went on it this morning. The kids go on it as well. Teenagers go on it as well. How does that compare. What side of the line is that versus the example i gave before, i would toy reviews for kids site. Theres clearly a difference between those two sites. Theres clearly a difference in audience between those two sites. I think we all agree with espn. Com side that it wouldnt trigger coppa, but its the toy reviews site, now it becomes a lot harder. Im just going to say the trick of course. First of all let me say, my job is much easier. I just apply with the law is. You know what youre told right. Of course in the context of this discussion, the trick is to write the law and to interpret the law regulations and guidance in a way that doesnt sweep into espn. My son is 12 so i am right in that sweet spot. Espn is the first thing, 630 in the morning, he is downstairs and he is in on a espn app. He is already done probably three football mock drafts by this time of the day. They are on the sites. We have to ask ourselves, first, do we want those sites to be swept in. If we agree that we dont, and at the sites we are targeting our those unwrapping toy type of situations, how do we our line drawn. How does make it possible for me to be able to save my members, this one is triggering and this one isnt triggering. Thats already frankly difficult even in the current regime, its a difficult issue to take on people two really smart people can look at it from two different angles at the same type from two different angles and come up with different conclusions on that. She met with the current fcc guidance and roles address the question of mixed audience sites. Very specifically. It might be good mark, to eliminate this a little bit more for the folks in the room about what the current approaches. Since we are talking about the problems. Youre the lead for the agency so we completely different to you about the fcc you of that. The audience conception was created in the 2013, role and basically, it applies to a service that is already directed to children. If i am in a situation where i kinda feel like kids are sort of like a secondary part of my audience but my main audience is over the age of 12, then i can train a sort of coppa compliant experience with younger kids. And have an age gate where personal information is collected from the older kids. I think that is one way to approach the problem that you are talking about sites that sort of have heaven in order an ordinate appeal area think you still have this issue of if people dont avail themselves to the box and they dont consider themselves directed to kids in the first place, you still have this situation where they may be collecting information personal information from a lot of kids. It wouldnt be in that exception. This whole discussion is making me think of the ico, the uk authority on privacy, recently put out something on how to approach kids. They havent finished their process yet. I believe theyre going to finish this fall. Their document kind of suggested that they would create a setting where its almost like, for one thing theyre protecting kids under 18 as i recall. There also setting up a system where it seemed like they were going to be lots of the internet which was safe for kids under the age of 18 and more information wasnt collected. Then there would be some kind of age gating process for adults. Kind of a different approach. Is a verification. With the ico wants is a verification. But we think of as traditional age gate, a self identification of somebody that is over or under 13 years old. The ico has that does not work. That doesnt work for at least in its draft forum of the age appropriate design, does not work. Well see between now and november i think 23rd is the deadline for the final to come out with not they stick with us or not because they frankly, came under a lot of scrutiny for essentially requiring the collection of a lot more personal information to verify. Ones identity or ones age so we will have to skype to see how that ends up coming out. Or how brexit turns out. Let me make sure any questions in the crowd here. Questions concerns about cuppa. If not, do we have a microphone or, to speak loudly and say who you are. s argument is to in order to ensure ask parents about intervention. Collect all source of information about these people who they dont have to be identified they can tell from the information collected, are they kids. They are already collecting information. I dont understand. This is the question. There is so much Information Collection online. These sites should know already that if they are collecting information from a child. I think that can be true in some situations but in many situations, it is not. So the typical website and bear in mind that coppa applies to any online site or service will not have that information. They will have the ip address, some information about that site usage. They are not in a position to be a gatekeeper. Same thing for an isp. If you sign up for an Internet Access service in your home, there is a lot of activity, its very difficult to distinguish everybody logs on with the same ip address as they go out from that internet. Its very hard to tell who is me and who is my now 22yearold son, its hard to tell. Even with those surfing, that parents will do, i did it to show my sons online math problem sites. Things like that. They would actually use the site and sometimes i was surfing looking at appropriate sites for them trying to curate their Internet Access experience. I actually looked at a fair number of sites that were absolutely quality sites but they were targeting to children. It becomes a little bit harder, if you have a mobile device they have sneak to the individual but then again most kids under 12 dont have these, i hope. Then you are in a position to be able there may be more information to be able to track the foremost home situations, it is very difficult. I think we have time for one more question. I didnt hearexamples of certain abuse into certain things on sites. That can have an effect on all of this. Go ahead. Let me repeat the question. So the question is are there examples or recent actions that will push legislation one way or another to be passed or not. I think there has been no host of alleged violations of, in particular the youtube allegation during earlier during the panel. But there is also a number of, new technologies that are out there. I think voices system is a terrific example. Not just alexa in your home this design for adults, now there is an echo. Kids version for amazon. It is designed specifically for kids. So it is designed to listen to everything a child says and then respond when a command is mentioned. At the same time, ill mention another product that was not even brought to market but was proposed and since pulled. A product by mattel called aristotle. My boss had written the company about before it was debuted. It was intended to be a Voice Assistant specifically placed in babies rooms. The device was going to respond to the needs of the baby based upon whether they were crying or what else. Play soothing music or give other safe things to the child, the whole device was designed to listen to the baby. And respond to the baby. Certainly as a father of a threeyearold, are pretty eyeopening and starting examples. I think in this larger context, of privacy compromises on a large scale, facebook and obviously data breaches which are so many that i can even name and all. This doesnt really have that much to do with the outreach. All of those things are pushing congress to act on privacy and we think that coppa or kids in particular and teens in particular must be its own special part of that larger comprehensive package. If it were to come to be. We are quickly running out of time. I want to go up and down the panel and say by the way, there is something we much bigger city on top of this discussion and thats the idea of a federal privacy bill. What happens to coppa and, 2. 0 and all of that stuff if that starts to move. I dont want to make predictions about what congress will do, ive worked on the hill for ten years and i know not make predictions about what will do that being said, congress at some point will tackle privacy in a comprehensive way. Maybe this congress or next congress of the following congress, i dont know. What is expected to happen, is that bill will not eviscerate coppa. Just in the way it wont for about all privacy laws or hepa or all of the other privacy laws that are out there. We live in a in this country, vulcanized privacy world where there are individual privacy statutes that apply to different agencies or different context or different types of information. What will happen i think, obviously our goal, i think the most realistic and the most realistic results of a comprehensibility that we will motivate coppa in some way and it wont get rid of it. It likely would consist with europe and california bump up the age of some way, create new protections for 13 and 14 and 15. Mark your personal thoughts question or. I can adopt the i can just i just work here role too. laughs if Congress Passes something legislation that says here is the new law of the land and we are no longer having specific perceptions and this is the framework then, we would abide by that. If they pass something that says hey, we are keeping coppa and maybe tweaking this or that and this is all part of the sort of overall privacy landscape, we would adjust to that too. There the bosses. John, you want to step out on limb question mark. I dont have any insight obviously. He knows where hes talking about as far as where things stand. My own personal view is, has been around for a long time and a lot of work has gone into companies complying with it. It sure makes sense to me that if its going to be changed and supplemented, not wiped out and started from scratch. I would say never bet against ed markey, getting a privacy law through congress. He has been the sponsor of more federal privacy legislations than any person who has ever served in anybody yet. He also has excellent relations with speaker and leadership in the house. I am sitting here looking at this, i think it would probably help federal privacy legislation if ed got more involved in that process because hes very good at cutting deals. I would assume that something is likely to happen on teen privacy. Also because this ecpa, has already established a new set of requirements for teen privacy. I would bet that federal privacy legislation if it preempts state law, and its past while democrats are controlling one house of congress, it will at least capture the general requirements of this ccpa in it. Looking ahead, at that level, knowing the sponsor, i think will likely see something happen with regard to older teenage privacy and again the fcc has done great work so i hope that the fcc continues to have its supporting under coppa for under 13. Without disrupting that too much. Theyre totally are some issues here that week can and probably will be addressed when federal privacy legislation comes in. Whatever happens, we will be back up here on the hill. We will be taking to this to the conference november 21st in washington dc called 2020 vision. The future of Online Safety. Were going to be talking about artificial and intelligence. Screens and keyboards possibly go away which makes the privacy question even more interesting to say the least. Help me in thanking this wonderful panel. applause well, thank you very much. My fellow americans, i greet you this morning from the white house to announce a major breakthrough toward achieving a Better Future for syria and for the middle east. Its been a long time. Over the last five days you have seen that a ceasefire that we established along syrias border has held and has held very well. Beyond most expectations. Early this morning, the government of turkey informed my administration that they would be stopping combat and their offensive in syria and making the ceasefire permanent and it will indeed be permanent. However, you would also define the word permanent in that part of the world as somewhat questionable. We all understand that, but i do believe it will be permanent. Ive, therefore, instructed the secretary of the treasury to lift all sanctions imposed