SCOPE Act: Securing Children Online

The SCOPE Act (Securing Children Online through Parental Empowerment), effective September 1, 2024, is Texas’s comprehensive statute for protecting minors under 18 from harmful online content and inappropriate data practices. It imposes significant responsibilities on digital service providers and educational institutions, stipulates parental controls, and sets forth strong enforcement mechanisms. Implementation requires dedicated compliance programs, education, and technical safeguards.

Overview of the SCOPE Act

Enacted as House Bill 18, the SCOPE Act addresses the online safety and privacy of minors, aiming to prevent exposure to dangerous content and deceptive or unfair trade practices via websites, apps, and software. It is notable for expanding protections beyond the federal COPPA standard (applies to under-13) to all children under 18 in Texas.

Key Provisions

Digital service providers (DSPs) subject to the law must:

• Register a user’s age on account creation, prevent alteration without review, and allow parental disputes of the registered age.
• Obtain and verify parental consent for accounts or actions by minors.
• Provide parental controls: Parents can monitor activity, restrict time online, modify privacy and transaction settings, and access/download/delete the minor’s personal data.
• Limit collection of personal information from minors to what is necessary for service delivery, and prohibit sharing, disclosing, or selling such information.
• Prohibit geolocation tracking, financial transactions, and targeted advertising toward minors, unless a parent allows it.
• Block or filter harmful material: DSPs must prevent minors from accessing content that promotes suicide, self-harm, exploitation, substance abuse, bullying, or harassment.
• Implement direct communication and transparency about data practices, privacy risks, and parental rights.

Scope of Application and Exemptions

Covered DSPs include any non-small business operating interactive online platforms with user-generated content. Exemptions include:

• Small businesses (as per SBA definition)
• Financial institutions under Gramm-Leach-Bliley
• HIPAA entities
• Higher education institutions
• Digital services solely providing incidental comment/chat functionality or email/social features not central to the platform.

Enforcement and Litigation

• Enforcement by Texas Attorney General: The AG has authority to seek civil penalties up to $10,000 per violation, injunctions, and attorney’s fees.
• Parents’ Rights: Parents may file for declaratory judgment—but class actions are not permitted.
• Recent Litigation: Key provisions, such as the content filtering mandate and age verification/advertising restrictions, have been subject to federal injunctions due to First Amendment concerns. Other parts of the law remain in effect, especially requirements around parental controls and data privacy.

Texas v. TikTok
On October 3, 2024, Texas sued TikTok, alleging unauthorized data sharing, inadequate parental controls, and failure to prevent minors’ access to harmful content. The case highlights the risk of non-compliance for mainstream platforms. More examples :

Texas Attorney General’s Crackdown: $1.4 Billion Meta Settlement

SCOPE Act vs. Federal Law (COPPA)

• Age Coverage: COPPA covers children under 13; SCOPE Act covers all minors under 18.
• Scope: SCOPE imposes stricter data minimization, parental controls, and covers broader content filtering.
• Enforcement: COPPA is enforced federally, SCOPE is state-level with direct AG oversight.

Best Practices for Compliance

For Digital Service Providers

1. Implement Robust Age Verification
   Use commercial methods to verify both user and parent identity on account creation. Maintain clear procedures for age dispute resolution.
2. Parental Consent Workflow
   Develop a seamless process for obtaining, recording, and verifying parental consent before a minor can access, transact, or adjust settings.
3. Data Minimization and Safeguards
   Limit collection, processing, and retention of minors’ data to only what is operationally necessary. Encrypt sensitive information and regularly audit data access logs.
4. Targeted Content Controls
   Deploy content filtering systems using recognized hashes/databases to block or flag suicidal, exploitative, and similarly harmful material. Ensure administration and regular updates of filter protocols.
5. Parental Controls and Transparency
   Provide comprehensive parental dashboards for monitoring, managing account privacy, restricting content, downloading/deleting minors’ data, and managing transaction permissions.
6. Review Terms of Service and Agreements
   Update privacy policies and user agreements to reflect the expanded obligations and the parental rights stipulated by SCOPE.
7. Incident Reporting and Communication
   Enable systems for parental dispute of registration, direct complaints, and escalation to relevant authorities as required by statute.

For Schools and Educational Institutions

1. Comply with State Guidelines
   Ensure all devices and apps transferred to students meet Texas Education Agency standards for security and inactivity periods.
2. Obtain Parental Consent for Student Software Use
   Prioritize written/affirmative parental consent before enabling software services for students. Track consent status and update annually.
3. Filter Content and Safeguard Devices
   Install and update internet filters and monitoring tools that block access to prohibited sites and harmful content on all student devices.
4. Communicate Policies to Parents and Staff
   Educate stakeholders on rules, their options for intervention, privacy risks, and the steps available for dispute or data review. Offer accessible support lines.
5. Review Vendor Compliance
   Work with edtech vendors to confirm contracts—especially those providing classroom, homework, or chat platforms—are SCOPE-compliant.

Legal Challenges and Future Directions

The SCOPE Act faces ongoing legal scrutiny, mainly around free speech and vague requirements for monitoring/filtering content and verifying age. Platforms should anticipate further guidance, statutory amendments, and continued federal and state-level actions. For now, DSPs and schools must adhere to the remaining effective provisions and be prepared for evolving legal standards.

Step-by-Step Checklist for SCOPE Compliance

The SCOPE Act is a landmark piece of youth online safety legislation, setting new standards for privacy protection, parental empowerment, and content management in Texas. While some requirements remain subject to judicial review, service providers and educational institutions must act quickly to align with effective provisions, invest in compliance technologies, and proactively communicate with parents.