Contrary to Social Media Claims, Experts Say Trump Campaign Did Not Violate COPPA With Tulsa Signups

Twitter and TikTok users have been spreading misinformation that President Donald Trump’s re-election campaign violated the Children’s Online Privacy Protection Act because it didn’t ask those who responded online for its June 20 rally in Oklahoma if they were 18 or older. 

While legal experts have debunked the idea, stating political campaigns aren’t under the purview of Federal Trade Commission regulations such as COPPA, they warn that the Trump campaign could be crossing ethical lines on children’s privacy if campaign officials inadvertently collected personal information about kids -- especially after teenage TikTok users and K-pop fans reportedly trolled the rally signups last weekend.

“It’s sloppy, but it’s very likely not illegal,” said Jim Halpert, an attorney and partner at DLA Piper who focuses on security and privacy issues.

On Sunday, following the Trump campaign’s rally in Tulsa, the Twitter account Biden_Bridage, which says it supports former Vice President Joe Biden’s bid for president, inaccurately posted that the campaign is in violation of COPPA -- a law enacted in 1998 that provides comprehensive data collection and privacy rights to children under the age of 13 -- because it  “forgot to put the ‘I am over 18’ checkbox on the Tulsa signup screen.”

As of Thursday morning, the post has been retweeted more than 5,900 times and liked at least 15,500 times, with dozens of other tweets echoing those same sentiments. On TikTok, one video sharing the same idea has been viewed more than 433,000 times and liked at least 92,000 times.  

The problem? COPPA only applies to commercial entities that either are geared toward children or have actual knowledge that users are under the age of 13. As a political campaign that typically targets people of voting age, the Trump re-election campaign isn’t actually violating COPPA, according to legal experts and privacy advocates.

However, by not asking those registering for a campaign event if they are at least 18 years old, the campaign could be crossing a few murky ethical lines, Halpert said, especially because it may have accidentally collected data from children. 

Ahead of the Oklahoma rally, a band of teenage TikTok users and K-pop fans said it had enlisted hundreds of thousands of people to RSVP to the event with no intention of actually going, with the goal of ensuring fewer Trump supporters would attend due to a lack of available tickets and seating. Leading up to the rally, Trump campaign manager Brad Parscale said on Twitter that they had received more than 1 million ticket requests, but actual attendance was well below the roughly 19,000-seat capacity of the BOK Center, where the event was held. 

“The application of COPPA here is pretty unlikely, but you just don’t want to collect a lot of information about children under the age of 13,” Halpert said. 

The Trump campaign did not respond to a request for comment, and the FTC declined to comment on whether it has received any complaints about the campaign’s event registrations.

Justin Brookman, director of consumer privacy and technology policy at Consumer Reports, said that while political campaigns operate in a largely unregulated space when it comes to data collection, they probably have little interest in seeking data from children, who cannot legally vote and have no money to donate.

“Maybe they wouldn’t mind it if they got it, but it would be less cost-effective to send out an ad to a bunch of kids who can’t vote,” Brookman said. “Certainly in this case, it sounds like getting kids’ info was not useful to the Trump campaign.” 

Ariel Fox Johnson, senior counsel at Common Sense Media, an advocacy group that supports stronger children’s privacy laws, said the spread of misinformation surrounding COPPA and the Trump campaign represents a larger disconnect between how many privacy protections Americans think they have compared to how many are actually in place.

“One of the biggest misunderstandings about COPPA is that people think teens are protected when they are not,” she said. “Basically, in America, if you're 13, you're 35.” 

The latest confusion about COPPA comes as the FTC continues to review its rules for enforcing the statute amid burgeoning congressional support for updating the 1998 law. 

In January, Rep. Kathy Castor (D-Fla.) introduced the Protecting the Information of our Vulnerable Children and Youth Act (H.R. 5703), which would beef up FTC enforcement of the law to allow for punitive damages and would increase the maximum civil penalty per violation of $18,000 by 50 percent. And last year, Sen. Ed Markey (D-Mass.), one of the original authors of COPPA, introduced a bill (S. 748) with Sen. Josh Hawley (R-Mo.) amending the statute so that companies would have to receive user consent before collecting data from those ages 13-15.