The TAPP Roadmap: Helping U.S. Companies Responsibly Collect and Manage Teenager Data

Apr 19, 2022 by Dona Fraser, Senior Vice President, Privacy Initiatives, BBB National Programs

Punctuated by last month’s 2022 State of the Union address, lawmakers and regulators in Washington, D.C. and state capitals are demonstrating a keen focus on the dynamic data privacy space – the data that companies, advertisers, and app developers collect, use, and share – yet with little to no guidance specific to the teen audience, a complex landscape bridging both “child-directed” and “adult” platforms and content. 

Even as data privacy and safety practices that work for adult consumers provide a firm foundation for teens, they simultaneously run the risk of being insufficient to respond to the unique needs of teens. The teenage stage of cognitive and social development means that the risks and harms implicit in the use of digital products and services may differ in both kind and degree for teen users. That is, privacy and other harms that affect adults may be more impactful to teenagers, while additional harms may be unique to this demographic. 

That’s where the TeenAge Privacy Program (TAPP) Roadmap comes in.

To assist any business that wishes to engage proactively with teen consumers, the TAPP Roadmap offers an operational framework to map the broad spectrum of potential harms impacting teens onto a concrete set of operational considerations. 

The Roadmap, developed in coordination with companies representing consumer goods, children’s marketing, and wireless and media technology companies, was designed around four guiding considerations:

  • Businesses should inform teens about the types of personal data that will be collected or inferred about them and the available tools and choices for managing their information. When appropriate, businesses should also provide parents with educational resources.
  • The potential presence of teen users or consumers should prompt businesses to examine certain privacy practices, including the implementation of default settings, the use of sensitive personal information, the presence and accessibility of robust privacy choices, and the retention of personal information.
  • When systems facilitate interaction or information sharing among individuals, trust and safety should be considered with special regard to the particular needs of teens.
  • When systems deliver content to individuals, especially when content is tailored based on individual interests/behaviors, the unique risks and harms of teens should be considered.


The Roadmap’s use cases are organized into four main areas: general business practices targeting a teen audience, the collection of teen data, the use and retention of teen data, and the sharing of teen data. Some of the identified risks and harms identified in the TAPP Roadmap aligned to those business practices include the normalization of a lack of privacy, self-harm, amplifying insecurities, cyberbullying, algorithmic echo chambers, unsafe/unwanted contact, and more.

The TAPP Roadmap, launched by BBB National Programs’ 501(c)(3) foundation, the Center for Industry Self-Regulation, is one step in the right direction towards a safer digital marketplace for teens. The TAPP Roadmap is an educational tool that businesses can immediately use to create a dedicated process for considering the unique needs of the teenager consumer group. Read the Press Release

Suggested Articles


Industry Self-Regulation: Part of the Solution for Governing Generative AI

The spotlight on generative AI remains bright. The benefits and risks continue to be ever-present in the minds of business and political leaders. No matter the timing or the setting, the creation of transparency, accountability, and collaboration among stakeholders is key to successful industry self-regulation as is the importance of setting standards and best practices.
Read more

The Demise of “Chevron Deference”: Who Will Fill the Regulatory Gaps?

The Supreme Court's 1984 ruling in Chevron v. NRDC held that courts should defer to federal agencies’ interpretations of ambiguous federal laws so long as those interpretations are reasonable. So given the court’s decision to overturn it, where does that leave companies that want a level playing field and perhaps even to raise the bar, instead of racing to the bottom?
Read more

Robust Dispute Resolution: A Quiet Enforcer for Privacy Compliance

ICYMI, a procedural rule change to update the GDPR has been agreed upon by the European Parliament to provide EU citizens with greater legal certainty regarding enforcement of GDPR, improve the dispute resolution process, and streamline the handling of cross-border cases.
Read more

How Will Customers Know They Can Trust Your Business?

When customers trust you, they are more likely to do business with you. It is well past time for business leaders to “galvanize around trust and transparency.” When it comes to enhancing consumer trust, responsible business and nonprofit organizations can – and must – lead the way.
Read more