The Law & Economics of Online Age Verification and Parental Consent: App Store Edition

Cite this Article
Ben Sperry, The Law & Economics of Online Age Verification and Parental Consent: App Store Edition, Truth on the Market (September 26, 2024), https://truthonthemarket.com/2024/09/26/the-law-economics-of-online-age-verification-and-parental-consent-app-store-edition/

Roughly this time last year, I was writing an International Center for Law & Economics (ICLE) issue brief that considered online age-verification and parental-consent laws from a law & economics perspective. The resulting paper, “A Coasean Analysis of Online Age-Verification and Parental-Consent Regimes,” found that the major U.S. Supreme Court cases on age verification and parental consent implicitly followed a Coasean least-cost-avoider analysis, especially with respect to the First Amendment’s “least-restrictive means” test. I noted there that federal district courts appeared to be applying similar analysis in reviewing state-level online age-verification and parental-consent laws, and finding them to be likely unconstitutional. 

Since then, federal courts continue to find state laws that impose age-verification and parental-consent requirements on social-media companies likely violate the First Amendment. Courts (see here, here, and here) have consistently applied some type of heighted First Amendment scrutiny, ultimately concluding that the available technological and practical means of avoiding online harms are less burdensome on speech than the laws in question.

In light of these rulings, then, it is peculiar that federal lawmakers continue to consider laws that would impose age-verification and parental-consent mandates. One such recent proposal from Rep. John James (R-Mich.) would apply both types of mandates to digital app stores. The law would make app stores liable if they fail to verify users’ ages or get verifiable consent from minors’ parents before allowing them to use the app store, download an app, or make any purchases within an app. James argued at a recent markup hearing that his proposal—offered as an amendment to H.R. 7890, the Children and Teens’ Online Privacy Protection Act—would be constitutional, even in light of recent rulings suggesting such mandates at the application layer are not. Despite courts rejecting this exact analogy, he compares the obligation to a convenience store asking for identification before kids can buy alcohol or cigarettes and argues that app stores should similarly be required to “age gate.”

Below, I will consider whether app stores are lower-cost avoiders of online harms to minors when compared either to social-media companies or to minors and their parents. I will then offer a brief analysis of the First Amendment questions at-play.

Who Is the Lowest-Cost Avoider?

From the perspective of  law & economics, the most important question in disputes such as these is to identify the lowest-cost avoider of harms, while bearing in mind relevant transaction costs. It is not necessarily the case that the answer is always the user. It could be that online intermediaries are best-positioned to monitor and control harms to those users. But among the relevant social costs we must consider in this example is the risk of collateral censorship. As we’ve argued before:

[I]n limited circumstances, the law should (and does) place responsibility on intermediaries to monitor and control conduct. It is not always sufficient to aim legal sanctions solely at the parties who commit harms directly—e.g., where harms are committed by many pseudonymous individuals dispersed across large online services. In such cases, social costs may be minimized when legal responsibility is placed upon the least-cost avoider: the party in the best position to limit harm, even if it is not the party directly committing the harm…

From an economic perspective, liability should be imposed on the party or parties best positioned to deter the harms in question, so long as the social costs incurred by, and as a result of, enforcement do not exceed the social gains realized. In other words, there is a delicate balance that must be struck to determine when intermediary liability makes sense in a given case. On the one hand, we want illicit content to be deterred, and on the other, we want to preserve the open nature of the Internet.

Here, one could make a strong argument that, since app stores often already have some form of data on the date of birth that was entered by a device owner, as well as the already existing ability to offer controls to parents, they are able to offer a form of  “age verification” (however imperfect) and parental consent at relatively low cost. In this light, compared to social-media companies and other applications, they do seem better positioned to help monitor and control what minors access.

On the other hand, it is still an open question whether app stores are lower-cost avoiders than users (encompassing both minors and their parents) themselves. One argument already mentioned is that app stores often already have some data on the device user’s age, as well as the capacity to allow parents to give consent. On the other hand, there could still be substantial risk of collateral censorship in requiring parental consent for every single app interaction. The status quo is that device makers already do give parents controls that let them monitor app usage at a granular level. Assuming it somehow passes constitutional review, however, James’s law would switch the defaults and essentially require parental approval for every app interaction on a phone. It would therefore impede parents who would prefer to permit more liberal use of apps and purchases even if they trust their kids and prefer relatively fewer notifications.

Put simply, not every parent wants to go through the hassle of approving every single one of their minor children’s app interactions. While the transaction cost for any one instance of consent may be relatively low—particularly if implemented via some type of push notification requesting approval on one’s phone or other device—the cost isn’t zero. Depending on the volume of consent requests (which would be required even for innocuous child-friendly apps), these costs could be substantial. The result could end up restricting minors’ access to protected First Amendment speech in ways that are paternalistic, rather than parental authority-enhancing. As the Supreme Court put it in Brown v. Entertainment Merchants Ass’n:

California claims that the Act is justified in aid of parental authority: By requiring that the purchase of violent video games can be made only by adults, the Act ensures that parents can decide what games are appropriate… [However,] [n]ot all of the children who are forbidden to purchase violent video games on their own have parents who care whether they purchase violent video games. While some of the legislation’s effect may indeed be in support of what some parents of the restricted children actually want, its entire effect is only in support of what the State thinks parents ought to want. This is not the narrow tailoring to “assisting parents” that restriction of First Amendment rights requires… Such laws do not enforce parental authority over children’s speech and religion; they impose governmental authority, subject only to a parental veto. (emphasis in original)

The default is important where there are transaction costs. Here, the default of no access would likely mean that minors are restricted from some amount of protected speech. Collateral censorship is a social cost that likely outweighs the benefits of enhancing parental control, especially if the control is beyond what parents desire to exercise in many cases.

First Amendment Concerns

When a law unduly restricts access to protected speech—even if that restriction applies only to minors—it violates the First Amendment. Thus, there are still concerns about mandating age verification and parental consent even at the app-store level. While Rep. James asserts that his bill follows the pathway the U.S. District Court laid out in NetChoice v. Griffin, there is nothing in either that case, or in the others finding similar mandates to be likely unconstitutional, that would permit his proposal.

In Griffin, the court does refer to Apple and Google, but it does so when discussing device-level tools available to parents to help monitor and control minors’ access, which it suggests are less-restrictive alternatives to Arkansas’ law. It does not follow that shifting the mandates from apps to app stores would render the law less problematic.

Rep. James argues that app stores are in the same position as convenience stores, who must check a customer’s ID before selling him or her tobacco or alcohol. He could have added that the same is true for pornographic magazines. But app stores are in a different situation, because access to protected lawful speech is at-issue. The Supreme Court was clear in Brown that minors have a right to access speech that is not obscene. 

In other words, Rep. James appears to be unconstitutionally treating an app store as if it were a bar, which is exactly the analogy the district court found unpersuasive in Griffin:

During the hearing, the State advocated for intermediate scrutiny and framed Act 689 as “a restriction on where minors can be,” emphasizing it was “not a speech restriction” but “a location restriction.” The State’s briefing analogized Act 689 to a restriction on minors entering a bar or a casino. But this analogy is weak. After all, minors have no constitutional right to consume alcohol, and the primary purpose of a bar is to serve alcohol. By contrast, the primary purpose of a social media platform is to engage in speech, and the State stipulated that social media platforms contain vast amounts of constitutionally protected speech for both adults and minors. Furthermore, Act 689 imposes much broader “location restrictions” than a bar does. The Court inquired of the State why minors should be barred from accessing entire social media platforms, even though only some of the content was potentially harmful to them, and the following colloquy ensued:

THE COURT: Well, to pick up on Mr. Allen’s analogy of the mall, I haven’t been to the Northwest Arkansas mall in a while, but it used to be that there was a restaurant inside the mall that had a bar. And so certainly minors could not go sit at the bar and order up a drink, but they could go to the Barnes & Noble bookstore or the clothing store or the athletic store. Again, borrowing Mr. Allen’s analogy, the gatekeeping that Act 689 imposes is at the front door of the mall, not the bar inside the mall; yes?

THE STATE: The state’s position is that the whole mall is a bar, if you want to continue to use the analogy.

THE COURT: The whole mall is a bar?

THE STATE: Correct.

Clearly, the State’s analogy is not persuasive.

Moreover, the app-store proposal would not be limited to situations where app stores already have actual knowledge either of users’ ages or of parental desires. It instead would create new age-verification and parental-consent mandates on the belief that “[a]pp stores have the ability to, but too often do not, verify the age of a user” and that “[t]wo app stores, the Apple App Store and the Google Play Store… provide methods for parents to oversee a minor’s use of apps, but those methods are incomplete to appropriately protect minors.” 

This means that app stores would need to verify all users’ ages, rather than merely offering parents the ability to input their own children’s ages, along with tools to help monitor and control children’s use of their devices. Current Supreme Court precedent suggests such age-verification mandates are unconstitutional. 

Moreover, this would mean that minor users would be unable to access any apps, no matter how innocuous, without verifiable parental consent. This makes the situation analogous to Brown, where the law does not actually enforce parental authority, but imposes governmental authority with a parental veto.

A different law might require app stores that have actual knowledge of users’ ages to follow parents’ stated desires with respect to what content is appropriate. Such a law might, indeed, pass constitutional muster. Rep. James’s proposal, on the other hand, directly contravenes established Supreme Court precedent. 

To understand why, it’s important to grasp what this kind of mandate means. This isn’t merely a situation where a legislative enactment gives providers legal room to create tools to help moderate content (as Section 230 did). Legislation like this is enacted with punitive ends in mind: the app stores must perform age verification and enact effective age gating or else. The “or else” in this situation means massive monetary penalties for failing to gain verifiable parental consent.

What’s unclear is what happens when users themselves, including minors and their parents, attempt to avoid the age-gating restrictions. The proposal envisions that app stores could be liable for negligently failing to obtain verifiable parental consent for each download. Thus, app stores could also be liable if parents passively or actively facilitate evasion of age-verification mandates, which is a possible risk if parents don’t want to go through app-by-app approvals. It’s very difficult to see how this sort of obligation could be seen as a least-restrictive means to enable parents to direct kids to age-appropriate content.

Conclusion

While some may claim that app stores are better-positioned than social-media companies to obtain either their users’ ages or verifiable parental consent, it remains the case that minors and parents, working together and using broadly available tools and practical means, are the lowest-cost avoiders of online harms. Under the First Amendment, those tools must be considered less-restrictive means to protect minors online than age-verification and parental-consent mandates like those proposed in recent years at both the state or federal level.