FOSI Response to the App Store Accountability Act

By Stephen Balkam, CEO and Founder, Family Online Safety Institute

The holy grail of a privacy-preserving, effective age assurance solution has eluded the technology industry for decades. As I’ve written recently, we may now be closer than ever to meaningful progress thanks to emerging technologies and a growing commitment across sectors to protecting young users online without compromising their rights or personal data. However, a recently introduced federal bill contains significant shortcomings that we believe merit a constructive and transparent discussion.

The App Store Accountability Act (H.R.3149), introduced on May 1st by Senator Mike Lee and Representative John James, reflects a commendable intention: to ensure children are better protected in digital spaces. But while the goals are admirable, the bill’s proposed framework places too much responsibility on app stores alone, creating an incomplete and ultimately unworkable solution to a complex, industry-wide challenge.

Several structural limitations of the proposed bill deserve further attention:

• The proposal doesn’t account for non-app-based access to the internet. App stores only govern downloaded applications, but children can—and often do—access content through pre-installed software like web browsers, bypassing any app store-level protections entirely.
• Data sharing requirements raise significant privacy concerns. The legislation would require app stores to share users’ age categories with every app developer, regardless of whether the developer needs that information. This raises serious issues around data minimization, user privacy, and security.
  
• Shared device use complicates enforcement. In many households, especially those with lower incomes, devices are shared across family members. An app store-based solution cannot adequately distinguish between users on the same tablet or smartphone.
  
• Parents should have choices for how they manage their family’s relationship with technology. The bill would overburden parents with new consent obligations without offering customization choices and meaningful controls beyond permission to download an app.
  
• Over-reliance on parental consent risks excluding vulnerable youth. Some children—such as those in foster care or living in unsupportive households—may be effectively shut out of the online world if parental approval becomes the only pathway to access.

At FOSI, we’ve spent the past several years researching age assurance and convening a cross-sector Age Assurance Working Group that includes app stores, developers, and other key stakeholders to explore practical solutions that protect children while upholding user privacy and rights.

As part of that effort, we’ve developed a set of principles that reflect what an effective and responsible solution should look like. We believe any approach to age assurance should:

• Be proportional to the risk, privacy-preserving, secure, interoperable, easy to use, high-confidence, and content neutral
  
• Adhere to local, national, and international laws and regulations
  
• Respect the free expression rights of all users, including minors
  
• Be effective without being overly intrusive
  
• Be tested or validated by a national or international standards body
  
• Anticipate the concerns of future lawmakers and regulators

The App Store Accountability Act, in its current form, fails to meet many of these standards. That doesn’t mean we should abandon legislative efforts. But it does mean we need a more nuanced and collaborative approach.

An effective age assurance framework must be an industry-wide effort, not a burden shouldered by any single player. App stores, developers, device manufacturers, and parents all have a role to play. We’re encouraged by the discussions taking place through FOSI’s Age Assurance Working Group and look forward to sharing more about our draft proposal soon.