The California Age-Appropriate Design Code Bill

Written By Rebecca Lopez

On May 16, 2022, California lawmakers met to discuss ways to further the protection of children related to the California Age Appropriate Design Code Bill (AB 2273), introduced on February 16, 2022, by California State Assembly members Buffy Wicks (D) and Jordan Cunningham (R).

The bill comes at a time of increased popularity and usage of social media among children during the past 2 years. If passed, the bill would require companies to consider the privacy and protection of children in the design of any digital product or service that children in California are likely to access.

Who does the Bill apply to? What data is covered?

The California proposal resembles new rules passed last year in the U.K. governing how tech firms can target children with push notifications, messaging controls, and other features. The bill would apply to all companies.

In particular, the bill would require:

  • Businesses which create goods, services, or product features which can be accessed by children, to comply with specified standards, as well as considering certain practices in the best interests of children when designing, developing, and providing those goods, services, or product features;

  • Businesses to provide privacy policies and community standards clearly, concisely, and prominently, using language suited to the age of any children likely to access goods, services, or product features;

  • Businesses that provide goods, services, or product features which are likely to be accessed by children, to refrain from collecting or using data from consumers who are children; and

  • The creation of the California Children's Data Protection Taskforce to evaluate best practices for the implementation of the bill's provisions and to support businesses in their compliance efforts.

History and other laws.

Currently, children’s privacy rights are governed by the Children’s Online Privacy Protection Act ("COPPA"). Critics argue that COPPA is extremely outdated, being more than 20 years old, and applies only to children younger than 13, which means it provides limited protections to children in the age of social media.

In an effort to strengthen the rights of children, representatives in Washington, DC, and in other states have introduced bills focused on children’s and teens’ privacy which would significantly affect companies that provide online applications to those under 18, including the following:

  • Kids Online Safety Act, which would impose significant new requirements on companies that provide internet services used by children, including a requirement for covered platforms to implement privacy and data controls that allow minors and their parents to manage how their data is collected and shared.

  • A bill has been introduced in Washington state that would require companies to treat minor users differently than adults for privacy compliance purposes.

  • Minnesota lawmakers approved SF 2307, a bill that would limit how long companies are allowed to keep student data on file and prevent them from advertising to families based on the information.

How can businesses prepare to comply?

Providing protections for children will radically change the way digital companies engage with children. This starts with safety by design. AB 2273 is practical, realistic, and has the chance to lead the way in making the digital world safe for American children as other states tend to use California’s privacy laws as a model for their own.

If the bill is passed, it will likely become effective on July 1, 2024, at which point businesses will likely be able to lean on the proposed Data Protection Taskforce to assist with their compliance measures.

Rebecca Lopez
Previous

Action Required: CTA Requires Beneficial Owner Reporting

Next

Kennedy Sutherland Announces New Agreement with Full Skope LLC and PPDocs, Inc.