Public Comments for: HB1688 - Consumer Data Protection Act; protections for children, definition of verifiable parental consent.
Last Name: Durkin Organization: TechNet Locality: New Cumberland

Attached, please see TechNet's written remarks on HB 1688, children's data privacy. Thank you.

Last Name: Nicholls Locality: Chesapeake

I support HB1688 to protect children.

Last Name: Boender Organization: Computer & Communications Industry Association Locality: Washington

Dear Chair Brewer and Members of the Committee on Communications, Technology and Innovation: On behalf of the Computer & Communications Industry Association (CCIA), I write to respectfully oppose HB 1688. CCIA is an international, not-for-profit trade association representing a broad cross section of communications and technology firms. For over 50 years, CCIA has promoted open markets, open systems, and open networks. The Association supports the enactment of comprehensive federal privacy legislation in order to promote a trustworthy information ecosystem characterized by clear and consistent consumer privacy rights and responsibilities for organizations that collect data. A uniform federal approach to the protection of consumer privacy is necessary to ensure that businesses have regulatory certainty in meeting their compliance obligations and that consumers are able to understand and exercise their rights. We appreciate, however, that in the absence of federal privacy protections, state lawmakers have a continued interest in enacting local legislation to guide businesses and protect consumers. As you know, Virginia is out in front of this effort as one of the five states with a comprehensive consumer data privacy law. CCIA commends lawmakers in their thoughtful approach in enacting legislation that supports meaningful privacy protections while avoiding interference with the ability of businesses to meet their compliance obligations and the opportunity for consumers to benefit from the innovation that supports the modern economy. CCIA strongly believes younger users deserve an enhanced level of security and privacy online. Currently, there are a number of efforts among our members to incorporate protective design features into their websites and platforms. CCIA’s members have been leading the effort in raising the standard for teen safety and privacy across our industry by creating new features, settings, parental tools, and protections that are age-appropriate and tailored to the differing developmental needs of young people. We appreciated the opportunity to discuss the legislation in greater detail with Chair Brewer on January 26. While CCIA understands that certain users may warrant specific treatments, we remain concerned with several provisions included in HB 1688, as further detailed in the attached comments.

Last Name: Bos Organization: NetChoice Locality: Fairfax City, VA

Good Afternoon Chairwoman Brewer, Vice-Chair Edmunds and Members of the Communications, Technology and Innovation Committee. While we support and share the sponsors’ goal to better protect children’s privacy online, we ask you not to advance HB 1688 as it would actually put teenagers at significant risk of identity theft and fraud. As written, the bill would require parental consent for any collection of data from 14 – 17-year-olds which means just about every website would require a parent to consent every time their child visits any website. This would create delays and impediments to routine purchases or internet services used by teens unless a parent is present to verify each time. H.B. 1688 does not, however, say how a business can or should determine the age of potential registrants. Children can easily skirt nonintrusive verification techniques—for example "check the box if you're over 18.” Therefore in order to be in compliance, businesses would have to collect more information from all consumers to determine consumers’ age, running contrary to the sponsors’ stated goal of protecting privacy online. The unfortunate truth is that identifying the end user is nearly impossible. A way to mitigate these problems is to collect multiple identifiers of the end user every time they access a website. This would include SSN, copies of driver’s licenses and passports, activating the user’s camera to validate they are who they say they are, and more. It doesn’t take much imagination to think about the privacy risks associated with this data collection from teenagers, and their parents, and also the honeypot of the most sensitive data ripe for theft and abuse. Simultaneously, this legislation seeks to put Government between parents and their teenagers. Instead of taking this approach, a better approach is already underway in Virginia with HB 1391 which creates a commission to investigate ways to help address challenges faced by teenagers. Or consider HB 1575 which mandates digital citizenship in schools and empowers teenagers with information to keep themselves safe and secure online. And this education curriculum could also be provided to parents who could also use these tools. Finally, it is important to note that the Virginia Consumer Data Privacy Act just took effect just weeks ago. This new comprehensive law includes numerous new rights for all consumers, including for teens to know what personal information is collected about them, and to correct, delete or port their personal data. Under the new law, teens have the ability to opt-out of targeted advertising, and sale of their data. Moreover, HB 1688 is preempted by the federal child privacy law, COPPA, and runs afoul of the First Amendment in its vagueness and overbreadth. California’s similar law, the Age-Appropriate Design Code is currently being challenged in federal court for these reasons. Virginia should avoid California’s mistakes and reject HB 1688. We encourage members of this Committee to let the state’s new privacy law work before amending it. Now is not the right time to change the rules of the game for companies that have just rolled out mechanisms to enable these new rights. At the very least HB 1688 should be referred to the Joint Commission on Technology and Science (JCOTS) which can fully study the impact of this proposal and understand potential unintended consequences.

Last Name: Nicholls Locality: Chesapeake

HB1591 - We need more information from our govt. Not less. We need more oversight, not less. HB1688 - Please protect the children. HB2385 - Please make sure that the state agencies have oversight. Not all have the same competent watchers.

Last Name: Boender Organization: CCIA Locality: Suite 300C

Dear Chair Brewer and Members of the Committee on Communications, Technology and Innovation: On behalf of the Computer & Communications Industry Association (CCIA), I write to respectfully oppose HB 1688. CCIA is an international, not-for-profit trade association representing a broad cross section of communications and technology firms. For over 50 years, CCIA has promoted open markets, open systems, and open networks. The Association supports the enactment of comprehensive federal privacy legislation in order to promote a trustworthy information ecosystem characterized by clear and consistent consumer privacy rights and responsibilities for organizations that collect data. A uniform federal approach to the protection of consumer privacy is necessary to ensure that businesses have regulatory certainty in meeting their compliance obligations and that consumers are able to understand and exercise their rights. We appreciate, however, that in the absence of federal privacy protections, state lawmakers have a continued interest in enacting local legislation to guide businesses and protect consumers. As you know, Virginia is out in front of this effort as one of the five states with a comprehensive consumer data privacy law. CCIA commends lawmakers in their thoughtful approach in enacting legislation that supports meaningful privacy protections while avoiding interference with the ability of businesses to meet their compliance obligations and the opportunity for consumers to benefit from the innovation that supports the modern economy. CCIA strongly believes younger users deserve an enhanced level of security and privacy online. Currently, there are a number of efforts among our members to incorporate protective design features into their websites and platforms. CCIA’s members have been leading the effort in raising the standard for teen safety and privacy across our industry by creating new features, settings, parental tools, and protections that are age-appropriate and tailored to the differing developmental needs of young people. While CCIA understands that certain users may warrant specific treatments, we caution against several provisions included in HB 1688, as further detailed in our attached comments. We appreciate your consideration of these comments and stand ready to provide additional information as the legislature considers proposals related to technology policy. Sincerely, Khara Boender State Policy Director Computer & Communications Industry Association

End of Comments