On June 13, Governor Greg Abbott signed the Securing Children Online through Parental Empowerment (SCOPE) Act, making Texas the third state to pass legislation aimed at regulating minors' interactions with social media.1
The SCOPE Act will change how covered digital service providers engage with minors by requiring these service providers to (i) take affirmative steps to protect minors' exposure to harmful content or unlawful advertising; (ii) limit use of minors' personal identifying information (PII); and (iii) verify each parent or guardian who is seeking to take action on a digital service on behalf of a minor.2
Who It Covers:
A "digital service provider" is a person or business who (i) owns or operates a digital service; and (ii) makes determinations regarding the purpose of, and means used to, collect and process PII of its users.
In general, a digital service provider is subject to the Act's requirements if the digital service offered:
- Connects users to socially interact with each other;
- Allows users to create profiles that are public or semi-public in order to sign on or use the service; and
- Enables users to post or create content that other users on the platform can see, such as on message boards, chat rooms, video channels or main feed pages.
The Act exempts from its requirements various government agencies, financial institutions, HIPAA covered entities and business associates, as well as digital service providers who primarily function to "provide a user with access to news, sports, commerce" and allow "interactive functionality that is incidental to the digital service." Time will tell if digital service providers will be able to tailor their services in a manner to fit this somewhat broad exemption to avoid the requirements of this Act.
Requirements for Covered Digital Service Providers:
The SCOPE Act details a number of requirements that pertain to "known minors." A known minor is an individual the digital service provider knows is younger than 18 years of age. A digital service provider may not enter into an agreement to provide services to a known minor unless it limits collection and prevents sharing of the known minor's PII, does not collect the known minor's geolocation data, and does not direct targeted advertising to the known minor.
Importantly, digital service providers are charged with an affirmative duty to prevent a minor's exposure to harmful material. Such material includes content that promotes or facilitates self-harm, suicide, eating disorders, substance abuse, stalking, bullying, harassment, trafficking, child pornography, or other sexual exploitation or abuse. Digital service providers meet this duty under the Act by developing and implementing a strategy to reduce exposure through mechanisms such as filtering technologies to block harmful content.
Covered service providers must also grant parents access to important account settings in order to allow them to efficiently supervise their children's accounts. This includes the ability to adjust privacy settings as well as implement time limits on account usage. In addition, the Act allows parents to alter targeted advertising, restrict the ability to enter into financial transactions and make decisions related to the collection of geolocation data.
Violation of the Act's Provisions:
Any violation of the SCOPE Act is considered a deceptive act or trade practice under Texas law, and an enforcement action can be brought by the state's Attorney General. While the Act does not confer a private right of action, parents and guardians of known minors can bring a cause of action seeking an injunction or declaratory judgment. Businesses that are considered digital service providers should implement changes to their platforms as well as internal training, policies and procedures to ensure compliance with the SCOPE Act.
Reid Guerriero, a summer associate in Katten's Dallas office, contributed to this advisory.