Table Of Content

Companies should also be mindful about how the CA AADC interacts with COPPA and other children’s privacy laws. For example, general-audience sites generally don’t need to worry about COPPA unless they have actual knowledge that they are collecting information from a child under 13. Provided to the Attorney General, the Data Protection Impact Assessments must identify the purpose of the online service, product, or feature, how it uses children’s personal information, and the risks of material detriment to children that arise from the data management practices. Freeman cites arguments made by legal writer Eric Goldman, who argued that the law would force sites to erect barriers for children and adults alike.
Who Needs to Comply with the Law
The Act ultimately aims to ensure businesses mitigate and eliminate privacy and safety risks for children at the design stage of online services, products, or features – before children can access them. As federal and state policymakers heighten their focus on protecting children’s privacy online, the Future of Privacy Forum (FPF) today released a new policy brief, An Analysis of the California Age-Appropriate Design Code. The new report outlines and analyzes Assembly Bill 2273, the California Age-Appropriate Design Code Act (AADC), a first-of-its-kind privacy-by-design law that represents a significant change in both the regulation of the technology industry and how children will experience online products and services.
Next Steps for California Businesses
Most digital policymaking leaves little middle ground for stakeholder views and AB 2273 is no different. The bill and its new standard for protecting youth online has the complete support of civil society while industry is grappling with potentially over-broad compliance measures that it thinks may ultimately put kids in a different type of risk. Europe’s top experts offer pragmatic insights into the evolving landscape and share knowledge on best practices for your data protection operation. OAKLAND — California Attorney General Rob Bonta today filed a brief in the Ninth Circuit Court of Appeals in defense of California’s law requiring companies to prioritize the online privacy, safety, and well-being of children over commercial interests. In the brief, Attorney General Bonta seeks to overturn a preliminary injunction blocking the California Age-Appropriate Design Code Act from going into effect.
2023 State Children's Privacy Law Tracker - Husch Blackwell
2023 State Children's Privacy Law Tracker.
Posted: Mon, 31 Jul 2023 07:00:00 GMT [source]
A Trial Lawyer’s Trial Lawyer: Paul Callan On Trial
While the size of a covered business is clearly defined, whether or not a company is building a product "likely to be accessed" by children may present the most uncertainty. Age verification and inference for kids online has been an ongoing debate due in large to loopholes with COPPA's "actual knowledge" standard. Future of Privacy Forum Youth and Education Privacy Policy Counsel Bailey Sanchez said the California bill won't help bring a resolution to the verification issue. The ADCA would also require covered entities to undertake a Data Protection Impact Assessment (DPIA) for any product, service, or feature likely to be accessed by a child.
A Better World Online is Possible
The social media transparency bill aims to clarify platforms' terms of services, including privacy notices, with requirements for more specific disclosures and general information. Notably, the CA and UK AADCs reflect an emerging trend in online safety regulation, with an increasing focus on due diligence obligations and risk assessments. The EU’s Digital Services Act (DSA), Australia’s Online Safety Act (OSA), India’s Intermediary Guidelines, and Singapore’s Online Safety Bill, for example, also require certain providers to be proactive in addressing online safety risks, with an emphasis on the protection of minors.
NetChoice’s First Amendment Argument
As countries witness a profound transition in the digital landscape, automating privacy and security processes for quick action is essential. Organizations must become even more privacy-conscious in their operations and diligent custodians of their customer's data. Acknowledging the well-being of children is an important government interest, NetChoice nonetheless argues the CAADCA cannot pass the constitutional muster because it “regulates far beyond privacy,” “is not confined to children,” and “is unnecessary to achieve” the privacy goals.
Stronger Online Safeguards for Kids Advance With California Bill

On September 15, 2022, the California Age-Appropriate Design Code Act (CAADCA) was signed into law. The CAADCA recognizes that “children need special safeguard[s] and care in all aspects of their lives.” Importantly, the CAADCA requires online service providers to offer a high level of privacy by design and by default to children under the age of 18. Data protection impact assessments are a key protective requirement that businesses must conduct and document for any new online service, product, or feature likely to be accessed by children before it is offered to the public.
NetChoice’s Preemption Argument
Enforcement of the Act begins on July 1, 2024, does not include a private right of action, but permits the Attorney General to issue civil penalties up to $2,500 per affected child for each negligent violation and $7,500 for each intentional violation as well as order injunctions.
On the other hand, organizations that supported the preliminary injunction, such as at the Computer & Communications Industry Association, welcomed the preliminary injunction. The current text of the California Age-Appropriate Design Code Act also allows the AG to offer a 90-day cure period for some businesses before pursuing civil penalties. When pursuing civil penalties for violations, the AG will consider whether the violation is negligent (failure to properly meet requirements of the Act) or intentional (conducting prohibited activities and/or deliberate non-compliance with requirements). Enforcement will be directed by the California Attorney General (AG), with the power to pursue injunctions and/or civil penalties against violating businesses. These assessments must also be maintained as long as the online service, product, or feature is available.
The CA AADC’s notable obligations include requiring providers to configure default privacy settings to a “high level” of privacy; assess whether algorithms, data collection, or targeted advertising systems could harm children; and use clear, age-appropriate language for user-facing information and documents. More generally, the CA AADC states in its legislative findings that businesses should consider the “best interests of children” when designing, developing, and providing online services, products, or features likely to be accessed by children. The Act also establishes the California Children’s Data Protection Working Group, which will study and report to the legislature best practices for implementing the Act. The Working Group will consist of experts in children’s data privacy, physical health, mental health and well-being, computer science, and children’s rights. Commencing on July 1, 2024, the ADCA would require businesses whose online products would likely be accessed by children to comply with specified standards, including considering the best interests of children. Businesses that own these online products would be required to protect children’s data and limit children’s online exposure.
Online Safety Bill, and state bills in Maryland, New Jersey, New Mexico, and Utah also seek to make service providers responsible for keeping minors safe online. Companies that fail to implement appropriate privacy and design product changes will continue to risk sizable fines, particularly in the EU and United States. The Kids Code requires companies to consider the privacy and protection of children in the design of any digital product or service that children in California are likely to access. You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's Terms of Use and Privacy Policy before using the National Law Review website. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website.
The Working Group will consist of ten persons having expertise in areas such as, children’s data privacy, mental health, computer science and children’s rights. Strong data minimization standards would be established by the ADCA, making it illegal to collect, sell, share, or keep personal data that is not required to deliver the product or service. Children’s Online Privacy Protection Act (COPPA), which provides protections for children aged 13 or under, the CA Kids Code is designed to protect all children under 18 in California. The result of months of hearings and a congressional investigation into tech companies’ handling of children’s safety, after documents were disclosed last year by Facebook whistleblower Frances Haugen.
California’s new online privacy and safety law for children under the age of 18 is modeled on the UK Age-Appropriate Design Code, which became enforceable on September 2, 2021. "This is absolutely a massive shift in what many — if not most — companies will be required to do," Public Interest Privacy Consulting founder and President Amelia Vance said. "'General audience' companies have largely avoided having any responsibilities under the Children's Online Privacy Protection Act. This is a whole new ballgame, and compliance is likely to be a nightmare for any company that hasn’t already started to bring their products into compliance with the U.K. Children's Code." The bill, which awaits enactment by Gov. Gavin Newsom, D-Calif., after unanimously passing the State Assembly and Senate, is an online safety bill containing unique privacy requirements to protect minors age 17 and under. Although it is not yet clear exactly how these categories will come into play, companies should consider these developmental categories as they start to evaluate the safety of their data practices and, in particular, where there are specific requirements to take the age of the user into account. Countries across the world have drafted or are in the process of drafting their own versions of data protection legislation.
The second one is the “Truth in Elections” bill (aka SB 746) that lets consumers request that a business that collects personal information about them disclose whether or not it is using the personal information for a political purpose. My research into Google’s algorithmic bias during the 2020 California election was cited as part of the motivation behind the bill (see page 6 of the Senate Judiciary Committee analysis here). The third is the ADCA (aka AB 2273) that I will analyze in this blog post that was written and driven by the children advocacy group 5Rights Foundation that was the driving force behind the UK law upon which AB 2273 is based upon. But while companies may find hardships as they digest the bill, the improvements to children's protections are unquestioned. Common Sense Media Policy Counsel Irene Ly said the bill forces companies to re-prioritize, focusing more on kids' health and well-being over profits and engagement. By default, the ADCA would bar a covered company from “collect[ing], sell[ing], or shar[ing] any precise geolocation information of children .
No comments:
Post a Comment