After years of navigating through the dense forest of consumer protection laws, we’ve encountered various twists and turns, each bringing its own set of challenges for small businesses and independent developers. Among the towering trees of legislation, an imposing presence has emerged—the Kids Online Safety Act (KOSA). This bill has rapidly advanced through the Senate, leaving a trail of potential complications and concerns for our small business member community. As this bill continues to its path in the House, we’re outlining the thorns and snares of the latest version of KOSA to keep our members informed and to share our concerns with policymakers.

Key Concerns with KOSA

On July 25, 2024, KOSA passed the Senate with an 86 to 1 vote. While this might sound like a positive, united step forward for child safety, it introduces several thorny challenges that could have far-reaching negative impacts, particularly for the small businesses that drive the app economy and their customers.

Quick reminder: KOSA is a consumer protection bill aimed at enhancing online safety for children. It mandates that online services that primarily host user-generated content (UGC) implement specific technological design principles to mitigate potential risks for young users. However, this bill introduces additional data collection requirements and broadens key compliance burdens, potentially imposing significant new costs on app and website developers without necessarily keeping minors any more safe.

KOSA is rooted in imposing a “duty of care” that covered platforms would owe to minors. Inherently difficult to define, the duty of care principally includes a requirement “to prevent and mitigate” certain harms to minors like “online bullying, and harassment,” among other things. By entangling covered online platforms in this manner, KOSA risks creating a tangled thicket of compliance issues, eroding digital privacy, and placing heavy burdens on small developers. This could stifle innovation, undermine consumer trust, and ultimately harm the broader digital ecosystem. Here are some of our key concerns with KOSA for our small business members.

  • Privacy Backsliding: KOSA’s well-intentioned aim to protect children could backfire by mandating extensive data collection and intrusive monitoring. This approach not only risks undermining broader privacy rights but also directly conflicts with our advocacy for a reasonable data minimization framework to enhance privacy and security. Forcing platforms to collect more personal information about children could lead to severe privacy breaches and misuse of sensitive data, making kids more vulnerable instead of safer.
  • Inconsistent Enforcement: The bill’s broad and somewhat vague definitions could lead to inconsistent enforcement across states. This inconsistency creates an unpredictable regulatory environment for small and medium-sized businesses and independent developers, threatening to stifle innovation and increase operational costs.
  • Burden on Small Businesses: KOSA’s sweeping mandates could force small businesses to divert critical resources from innovation and user experience improvements to compliance and legal defense, whether they are squarely within KOSA’s scope or indirectly affected through their relationships with covered platforms. This shift would undermine the competitive edge that smaller players have in the digital marketplace.
  • Over-Censorship Risks: The bill’s focus on restricting content and platform features could inadvertently limit the availability of valuable online resources. Broad definitions of “harmful content” might lead to covered platforms building in a compliance “buffer zone,” aggressively limiting content that may exceed the bounds contemplated by Congress, depriving users of important information and support networks, particularly for marginalized communities.

What to Expect Next

While KOSA progresses in the House of Representatives, its future remains uncertain, and careful consideration and refinement are paramount. To prevent small businesses from becoming lost in a dense forest of overregulation, lawmakers must refine the bill to focus specifically on achievable safety measures without the bill’s thorns and snares shredding broader privacy rights and the operational viability of small business app developers. If you would like to join in our KOSA-related advocacy efforts, email Brad here.