Contact Us

Disruptive Competition Project

655 15th St., NW

Suite 410

Washington, D.C. 20005

Phone: (202) 783-0070
Fax: (202) 783-0534

Contact Us

Please fill out this form and we will get in touch with you shortly.

Texas’ New Child Protection Bill: Throwing The Teen Out With The Tech

woman in black long sleeve shirt using macbook

As states pursue the worthy goal of enhanced security and protection for children online, many are constructing legislation that would throw the baby out with the bathwater, or more accurately, throw the teen out with the tech. A new piece of legislation recently introduced in Texas could prove deleterious to children and teenagers’ privacy and the operations of businesses online. If enacted, HB 18, “Relating to the protection of minors from harmful, deceptive, or unfair trade practices in connection with the use of certain digital services”, would exacerbate the very problems it intends to address.

There are two critical concerns with the proposal: 1) the bill’s broad language could extend its applicability to encompass a wide range of services and activities for which no clear definition of harm is given; and 2) the bill’s private right of action, in tandem with it’s excessively broad language, could leave businesses open to innumerable frivolous and costly lawsuits.

Broad definitions and applicability 

As written, HB 18 gives broad definitions for digital service providers, minors, and personally identifiable information (PII). First, the definitions of digital services, meaning a “website, an application, a program, or software that performs collection or processing functions with Internet connectivity” and digital service provider, “a person who owns and operates a digital service” appear to apply to all businesses operating online. This creates a scenario wherein a third party like a cloud service provider operating on behalf of say a social media company, could be treated the same as that social media company when it deals with a minor’s PII, even if it didn’t collect any minor’s data itself.  

Second, the bill’s definition of minor applies to anyone between the ages of 13 to 18. In conjunction with COPPA, the Children’s Online Privacy Protection Act, this proposal would apply to anyone under the age of 18. In this age range, people use the internet in vastly different ways and therefore require different treatment. A senior in high school about to graduate and attend college is expected to be able to come across and learn from a wider array of more mature materials than a 7-year-old on the internet building a house in a video game. 

Third, the definition of PII as drafted is so inclusive that it’s hard to understand what isn’t PII. How can businesses provide valuable data-driven services to minors if everything is PII? While the goal of this proposal is to hold bad actors accountable for their misuse of minors’ PII, the language instead leaves reasonable businesses at extreme risk as “any inferences drawn from personal identifying information that might identify a minor’s traits, characteristics, or trends” encompasses just about anything reasonable. Much of the value of online services to customers is personalization, developed through the sharing and usage of information from customers. HB 18 raises questions about how such an approach would actually benefit younger users as this might prevent digital services from serving content that is more age-appropriate and geared to their interests. 

Finally, the bill’s provisions regarding PII appear to generate potential conflicts throughout the bill. HB 18 attempts to define how to determine a digital service contains subject matter that is tailored toward minors. One provision details ““empirical evidence” of “many” users of the digital service who are minors”. Given the broad definition of PII and the restrictions on its use, it is hard to determine what “empirical evidence” could be used to determine the average user’s age. And, coupled with the bill’s provisions regarding liability (as detailed further below), this would raise questions as to how covered entities would be expected to produce such empirical evidence given the broad definitions and requirements surrounding PII. How can social media services better operate for minors if they aren’t allowed to collect any data on minors that might reveal their age? If this legislation passes, digital services wouldn’t be able to determine who among their customers are minors to then provide an experience tailored for them. If minors stayed on these services, they could be exposed to the same content adults can see such as more explicit material such as ads for alcohol or other content geared to more mature audiences. 

Private right of action

In addition to the bill’s broad definitions and applicability, HB 18 also permits consumers to bring legal action against businesses that have been accused of violating its new regulations. According to the bill, “[a] minor’s parent or guardian may bring an action against a digital service provider for a violation of this chapter.” With this private right of action, parents or guardians are free to bring a suit against any businesses that fall under the bill which, as defined, is quite broad. 

Smaller or medium sized businesses likely couldn’t handle the amount of excessive and frivolous lawsuits that might be brought against them and would have to compensate by either increasing their services’ costs or ceasing operations in Texas entirely.


Providing effective mechanisms to ensure children only receive age-appropriate content online and protect their sensitive information is certainly complicated. However, given the subjectivity that comes along with determining what is “appropriate” for a certain child of a certain age varies widely based on the specific circumstance of a younger user. Two different 16 year olds could have wildly different maturity levels and varied interests in the same way that a 17-year old may have an invested interest in foreign policy, while a 14-year old may be more interested in shows and movies on channels popular among pre-teens. The approach taken in HB 18 ignores these nuances while also taking an extremely broad approach in addressing how to avoid exposure to “harms” online. The bill would not effectively solve a problem but instead the all-encompassing definitions in the bill in combination with its private right of action would only create barriers to operating an online service in Texas. This legislation won’t help the efforts to protect children online, it will only make it harder.


Trust in the integrity and security of the Internet and associated products and services is essential to its success as a platform for digital communication and commerce. For this reason we’re committed to upholding and advocating for policymaking that empowers consumers to make informed choices in the marketplace while not impeding new business models.