The Attention Economy
How Big Tech firms exploit children and hurt families
By Andrew Ferguson, Chairman of the Federal Trade Commission.
I am a millennial, so I grew up with computers and easy access to the Internet. I chatted on AOL Instant Messenger. I used a “Hotmail” e-mail address. I’m old enough to remember “Tom” from MySpace and when you needed a school email to register for a Facebook account. But obviously, things are a bit different nowadays. We had a desktop computer in the living room; kids today have smartphones in their bedrooms. We were told we couldn’t use Wikipedia as a primary source; kids today are relying on AI to do their homework. Twenty-five years ago, the challenge of protecting kids online was completely different than it is today. Thus, policymakers, advocates, and parents would be foolish to think that the legislative and regulatory solutions of the past are sufficient to overcome the problem of online child safety today.
Today, Americans generate tremendous amounts of personal data online, revealing our browsing histories, political and religious views, hobbies, friends, conversations, medical conditions, credit history, and sexual preferences. Digital platforms and social-media firms collect, aggregate, share, store, and ultimately monetize this data through targeted advertising.
To the platform, this data is pure digital gold, a perennial store of value for that company’s bottom line. For the rest of us, this data is a digital snapshot of our lives, revealing intimate details that we never expected to be exposed to public view, much less to be collated for the sake of targeted advertising. Because this data is often stored indefinitely, ordinary Americans remain at constant risk of fraud, blackmail, or reputational damage if their personal data falls into the hands of unscrupulous actors.
For companies, our data, and more significantly, our children’s data, is a perpetual source of profit; for us and for our children, it is a perpetual source of potential fraud and reputational harm.
Almost 30 years ago, Congress passed the Children’s Online Privacy Protection Act (COPPA), which prohibited the collection of children’s data without parental notice and consent. At the time, few could have anticipated the meteoric rise of social media and just how extensive and lucrative online data collection would become. Nor did anyone anticipate the technological advances, especially in artificial intelligence, that enable depraved actors, and even more depraved developers, to manipulate a person’s online data in humiliating ways through deepfakes. To combat the threat of weaponization and exploitation of our children’s data online by these emerging technologies, we need updated laws, regulations, and enforcement powers that not only protect our nation’s children from fraud and reputational harm, but also assist parents in the exercise of their right to exert meaningful control over their child’s personal data and online activities.
The Take It Down Act, a landmark accomplishment for President Trump, the First Lady, and congressional Republicans, is an exemplary model of legislation that protects kids and empowers parents in the face of the ever-changing technological landscape. The law criminalizes sharing non-consensual intimate images, including AI-generated deepfakes, and requires platforms to remove such content within 48 hours of a victim’s request. This gives families a powerful new tool to help combat online exploitation and cyberbullying. The law empowers the Federal Trade Commission, which I serve as Chairman, to ensure, through litigation and civil penalties, compliance with the law by social media and other online platforms.
The enforcement power bestowed upon the FTC by the Take It Down Act mirrors the enforcement role Congress entrusted to the FTC when it passed COPPA. In passing COPPA, our nation’s elected representatives gave us a clear mandate: to protect children and empower parents in the online sphere. We take that mandate seriously. That’s why I voted for a COPPA final rule, which I’m tasked with implementing as Chairman of the FTC, that imposes an additional parental opt-in consent requirement before an operator can share a child’s personal information. As a result, operators must now notify parents of the “identities and specific categories of any third parties to which the operator discloses personal information and the purposes for such disclosures.” From now on, when an app or website wants to send a child’s personal information to Big Tech, or to a service provider in China, parents will have the right to say no.
We’ve also already secured large settlements for violations of COPPA, including $20 million from Cognosphere, the maker of Genshin Impact, for collecting, using, and disclosing the data of children under the age of thirteen without parental consent. We also banned NGL Labs from targeting children and teenagers with fake, anonymous, and distressing messages specifically designed to make them doubt their social worth, as part of a fraudulent scheme to convince those minors to pay for the ability to see who sent the messages – all without parental knowledge.
Despite all the good work that has been done, existing laws governing online privacy for children needs to be reformed. COPPA forbade website operators from collecting, using, or disclosing the personal data of any user under the age of 13 without the “verifiable parental consent” of the user’s parent. However, operators are not required to obtain parental consent unless they possess “actual knowledge” that the user is under 13 or if the website is specifically directed at children. Many years ago, the FTC took the view that most online services may determine a user’s age by asking the user to provide a date of birth. As is evident to anyone, this method of age verification provides little to no barrier of access for children under the age of 13 to online services. And because it provides little to no barrier of access, the law does not advance the principle of parental consent that Congress had in mind when it passed COPPA.
Our laws governing online privacy for children are not just intended to protect children directly. They are, or ought to be, aimed at assisting parents in the exercise of their right to exert meaningful control over their child’s activities online and the data generated by those activities. Quite apart from parental concerns to protect their children from abuse or fraud at the hands of online actors, parents also have a sacred charge to protect their child’s reputation and “good name,” knowing how important these are for their future success in life. No parent wants their child “cancelled” for some youthful discretion online or exposed to public humiliation through the malicious manipulation of their own personal data. Our privacy laws should enhance the capacity of parents to prevent such online indiscretions as well as to shield their children from downstream harm associated with any personal data generated by their use of the internet or social media. Facing a world full of “abusers” and “accusers,” our privacy laws should empower a child’s greatest advocate: his or her parents.
To do so, we must go beyond the current legal regime, which conditions unfettered access to online services on nothing more than an unverified, self-reported birthdate. Congress should pass privacy legislation requiring that smartphones and operating systems, as well as online services, give parents the tools they need to carry out their preferred approach to supervising and protecting their children online. Parents should be able to decide whether their children can have a personal account on a social media, online gaming, or streaming service platform. Parents should be able to see what messages their children are sending or receiving on a particular service. And most importantly, parents should be able to erase any trace left by their children on these platforms, at all levels of granularity, from individual messages to entire accounts.
The Supreme Court’s recent decision in favor of the constitutionality of state-level age verification laws for pornography access is an encouraging sign. By overwhelming margins, American citizens support these laws, which are designed to protect children from exposure to obscene material online. But advancements in age-verification technology do more than just protect children from obscene material: They also can facilitate parental control over all their child’s online activity, from social media to gaming platforms. And while we must be prudent in the steps we take to protect children online—our tradition of light regulation compared to Europe is a huge part of what makes America the world’s leader in technological innovation, especially in the artificial-intelligence race against China—we must carefully limit regulation and enforcement to the noble goal of protecting children and ensure that we do not squelch the entrepreneurial spirit that makes America great.
Presently, our laws give far more power to Silicon Valley than it does to parents to determine what online content will be accessible to our nation’s children. We can and should do better.
But when there are tradeoffs to be made, the Trump Administration has made it clear that the health and flourishing of our children is not a bargaining chip. After all, the purpose of technological innovation isn’t just progress for progress’s sake. The purpose of innovation in a just society is to promote the flourishing and success of ordinary families in that society. We must keep this purpose in mind as we consider which tradeoffs we are willing to make for technological progress. Nevertheless, I believe we can support both American technological innovation and American families, as the emerging technologies in age verification have shown all too well.
As lawmakers, regulators, parents, and citizens, we need to be bold and aspirational. We don’t have to accept the Internet as a dangerous place for kids. We don’t have to accept that parents lack any meaningful control over their child’s online activities. We don’t have to accept the permanent storage of our child’s online data for the sake of some company’s bottom line. We don’t have to accept the weaponization of our child’s online data by agents of the “cancel culture” or child predators. We can change these things. We can make the Internet a safe place for kids, and we can do so, in the first place, by giving parents effective control over their child’s online activities and the use of their personal data. And we can do so while ensuring that America remains the world’s beacon of innovation, and that we win the AI race against our foreign rivals.
The FTC is fully committed—through enforcement, through rulemaking, through partnerships, through working with Congress and other federal agencies—to do everything we can to turn this aspirational vision into a reality.
This is an essay adapted from remarks delivered at the Federal Trade Commission’s Workshop “The Attention Economy: How Big Tech Firms Exploit Children and Hurt Families” in Washington, DC, on June 4, 2025.
Finally! An effort to address the concerns of parents like me. Coupled with Melania's anti-cyberbullying campaign, we can really put our money where your mouth is! Hopefully you can use this signature legislation and your clout as an administration insider to lead the charge against the founder of the "new" right, Don Trump? His bleats on "Truth" Social are chock full of rot that I don't want my kids to see. I mean, would you allow your kids to talk about your brown neighbors like the leader of the free world does? Here is but a sampling of his language. "invasion, vermin, rapists, eating the pets, poisoning the blood, animals, infestation, shithole countries, bloodthirsty criminals, most violent people on earth, stone cold killers, the worst people". After you cleanse those, we can move on to the Epstein related posts...