Across the country, at both the state and federal levels, policymakers have been advancing proposals in the name of keeping kids safe online. Policymakers often have the largest Internet companies in mind, but their proposals will impact much broader swaths of the Internet. Their ideas could make life harder — and more expensive — for startups that do (or even might) interact with young users. While the varying goals of protecting young users from things like harmful content, privacy invasions, and addictive technologies are all laudable, these proposals often carry significant tradeoffs, including on privacy, security, and expression, as well as creating costs and compliance burdens that fall disproportionately on startups.
The laws, proposed regulations, and draft legislation policymakers are considering often — either explicitly or in practice — require startups to determine the ages of the users that access their services. Determining user age can be done to varying degrees of certainty and through a range of methods that each carry their own risks, costs, benefits, and drawbacks. For startups, these unique impacts can eat away at limited budgets, increase cybersecurity risks, and diminish user experience, and it is critical that startups and policymakers alike understand the implications of age verification requirements for them and the businesses they represent.
The direct and indirect costs of determining user age are more than just a number — they will make it harder for startups to compete. While so much of the policy conversations about kids’ safety happening at every level of government are driven by concerns about large companies, policymakers need to remember that the rules they write will impact the entire Internet ecosystem, including the startups that want to be good stewards of their users’ data and already have to be responsive to their users’ needs and concerns.
You can read the full report here.