In the early days of the internet, the U.S. government passed The Children’s Online Privacy Protection Act (COPPA). Its flaws–the ease with which children can fake their age, and no protection against ads–have only become more glaring over 20 years later, with 98% of U.S. households now owning a mobile device accessible to kids, and 42% of children having their own device.

Jim Steyer, CEO and founder of Common Sense and a children’s advocate, says data on kids, including their activities, hobbies, and social networks, is often for sale from the child’s first years of life. Kids are often early adopters of apps, like Snapchat and TikTok, or even watched over by Internet of Things devices, like baby monitors, which a hacker recently took over to watch a child and threaten the parents. And these days, education is also a battleground in child data privacy, as learning is increasingly done on a school’s devices and networks. Meanwhile, connected toys have exposed the sensitive data of kids and their parents, and 59% of connected devices don’t provide proper information on how they collect, use, and disclose users’ personal information.

Recently, Steyer testified at the U.S. Senate Committee on Consumer Perspectives for Data Privacy, where he argued for updates to COPPA.

In COPPA 2.0, Steyer and Common Sense envision parents with children under 13, and teens being given control and choice over online tracking. They would like to see an “eraser button” and a right to delete content they post about themselves online. But Common Sense doesn’t want to stop with these provisions. They want to prohibit companies from targeting ads at children, and prevent sites from claiming children aren’t on their sites to evade COPPA requirements.

Steyer would also like to see children’s and teens’ connected devices be outfitted with a “privacy dashboard” on the product packaging, which would detail data-collection practices and security provisions. And in COPPA 2.0, sale of insecure connected devices to children and teens would be prohibited. Steyer says a Youth Privacy and Marketing Division should be created at the FTC, which would focus entirely on children’s privacy and marketing.

“Historically, data brokers are very protective about how they go about their services,” Steyer explains. “Data brokers can acquire data in a variety of ways, including when a parent posts information on photo sharing sites and event scheduling apps, if a parent purchases products online, or if a soon-to-be-mom starts a baby registry. Some states post public records online, like in Virginia. Most of the time, a data broker can acquire data by other means that have nothing to do with what people post.”

In early 2018, University of California, Berkeley researchers found that over half of Android’s 6,000 free children’s apps may serve kids ads that violate COPPA. Kids under 8 lack the cognitive ability to understand the persuasive intent of advertisement, and 75% of kids from ages 8 to 11 are unable to distinguish an ad from some other form of content. When most adults are unable to make sense of tech companies’ byzantine privacy policies, it is absurd to assume that kids could even begin to understand them.