Full Report
House lawmakers announced a bipartisan deal on a package for protecting kids online on Monday, months after negotiations on digital and social media regulation fell apart between the two parties. House Energy and Commerce Committee Chair Brett Guthrie (R-Ky.) and Rep. Frank Pallone (D-N.J.) said they “worked across the aisle for many months” and found…
Analysis Summary
# Regulation/Compliance: Kids Online Data Protection and Safety (KIDS Act)
## Overview
The KIDS Act is a bipartisan legislative package designed to overhaul digital and social media regulations specifically for minors. It aims to establish "safety by default" for online platforms, enhance privacy protections for children and teenagers, and introduce transparency requirements for data brokers to mitigate digital harms.
## Key Details
- **Issuing Authority:** United States Congress (House Energy and Commerce Committee)
- **Effective Date:** To be determined (TBD) upon passage and presidential signing
- **Jurisdiction:** United States (Federal)
- **Status:** Proposed (Bipartisan Deal Announced June 2026)
## Requirements
### Mandatory Requirements
1. **Safety by Default:** Platforms must configure services to the highest safety and privacy settings for minor users by default.
2. **Teen Privacy Protections:** Enhanced data collection limits and privacy safeguards specifically for users under the age of 18.
3. **Data Broker Transparency:** Requirements for data brokers to disclose information gathering practices related to minors.
4. **Algorithmic Accountability:** Mandates to address how social media algorithms target or impact children.
5. **Parental Empowerment:** Provision of tools and controls that allow parents to manage their children's online experiences and data.
### Recommended Practices
1. **Impact Assessments:** Regular evaluation of how new features might negatively affect younger demographics.
2. **Privacy-First Design:** Integrating privacy into the initial development phase of digital services (Privacy by Design).
## Affected Organizations
- **Industries:** Social media platforms, digital service providers, "Big Tech" companies, and third-party data brokers.
- **Organization Size:** While primarily targeting large-scale platforms, any entity collecting data on minors may fall under the scope.
- **Geographic Scope:** Any organization providing digital services to users located within the United States.
## Compliance Timeline
- **June 2026:** Bipartisan House deal announced by Committee Chairs.
- **TBD:** Introduction of formal bill text.
- **TBD:** Legislative voting and potential reconciliation with Senate versions (e.g., KOSA).
- **Final deadline:** Usually 6–24 months after enactment for technical implementation.
## Implementation Guidance
### Assessment Phase
- Identify all touchpoints where users under 18 interact with the service.
- Map data flows involving minor California/US residents to prepare for new disclosure rules.
- Audit current default privacy settings for new accounts.
### Implementation Phase
- Deploy "Safety by Default" architectures (e.g., restricted DMs, private profiles by default).
- Implement age-verification or age-estimation mechanisms where necessary.
- Establish a "Parental Dashboard" or similar oversight interface.
### Validation Phase
- Conduct third-party audits of data brokerage relationships.
- Verify that opt-out mechanisms for data collection are functional and conspicuous for minors.
## Technical Requirements
- **Default Privacy Settings:** Technical lockout of public profiles for minors.
- **Data Minimization:** Technical controls to prevent the collection of non-essential metadata from minor users.
- **Broker Feeds:** APIs or reporting portals for transparency in data broker transactions.
## Penalties & Enforcement
- **Fines:** Structured under federal consumer protection or trade commission frameworks (likely FTC oversight).
- **Other Consequences:** Potential for private right of action or state-level attorney general enforcement.
- **Enforcement:** Primarily led by federal regulators to hold "Big Tech" accountable for safety failures.
## Related Standards
- **COPPA (Children’s Online Privacy Protection Act):** The KIDS Act serves as an expansion and modernization of existing COPPA frameworks.
- **NIST Privacy Framework:** Alignment with "Data Processing and Governance" categories.
- **KOSA (Kids Online Safety Act):** The Senate version of similar child protection legislation.
## Resources
- **Official Documentation:** energycommerce.house[.]gov
- **Guidance Documents:** Proposed bill summaries from Rep. Brett Guthrie and Rep. Frank Pallone.
## Practical Recommendations
- **Engage Policy Teams:** Immediate review of the bipartisan deal's text to align internal product roadmaps with "safety by default" principles.
- **Data Mapping:** Specifically label and isolate data associated with teenagers (13-17) who may have previously been outside the strictest COPPA protections but are covered under the KIDS Act.