In January, state lawmakers in Utah introduced a bill (now amended) that would ban users under 16 from using social media platforms, and only allow those under 18 to access platforms with parental consent. The bill (SB 152 and companion HB 311) would also ban teens from using social media between 10:30 pm and 6:30 am, give parents full control of under 18’s accounts, and establish a private right of action for individuals to sue platforms.
We are concerned about the potentially detrimental implications that the passage of this bill could have on children, teens, and adults. Prioritizing online safety is FOSI’s main objective, but this must be achieved in ways that will not cause unintentional harms. Our concerns are detailed below.
To achieve its objectives, the bill requires social media platforms to verify the age of every single user through the collection of hard identifiers. For adults, this would include a copy of a driver's license, passport, or other official identification, and for minors this would include a statement from a parent or guardian consenting to the minor having an account, the minor’s name and birth date, a valid form of ID for the parent, and both an email address and physical address for the parent or guardian.
Age assurance is a complicated issue, and while verifying age has the potential to increase online safety, the approach of requiring platforms to use hard identifiers for both parent and child is overly complex and not a fail-safe solution. Recent research by our organization shows that there is no singular method of age assurance that is both effective and trusted by users enough to make it standard.
Mandating the collection and storage of sensitive, personally identifiable information on every user also raises serious privacy concerns. These new data collection requirements are the opposite of data minimization, which is widely agreed upon as an industry standard goal. Forcing platforms to collect more data on every user, including minors, increases the potential for the new information to be mishandled, misused, or stolen.
Another flaw is that the bill does not consider children’s and teens’ rights, or their need for agency and independence. As adolescents grow, there is a corresponding increase in their capabilities and need for autonomy. It is important that they develop digital skills and literacy, and are able to take ownership of their online experiences as they approach adulthood.
Additionally, we worry that restricting access will mean restricting education. Teens can access important information, connect with peers, and find community online that may improve physical and mental health. For example, information about sexuality, identity, religion, health, and more can be vital, especially in an unsupportive household. Limiting access to information and education could have a detrimental effect on young people who need it to thrive, especially in a highly connected world.
As a baseline approach, instead of requiring hard identifiers to verify every user’s age, this bill should acknowledge the nuance of age assurance methods and adopt a risk-based, proportional approach that allows platforms to offer users options to determine their age. Incentivizing thoughtful parental controls that allow families to discuss what limits and filters are best for them are more effective than prescriptive solutions and broad bans. Finally, this bill highlights the need for a comprehensive data privacy law at the federal level, as portions of this bill appear to be in direct conflict with other states’ privacy laws.