California lawmakers have passed a bill that aims to make apps and other online spaces safer for children in the absence of robust federal standards. The bill, if signed into law, would impose a range of new protections on people under the age of 18 in California, potentially punishing tech companies with thousands of fines for each child affected by a violation.
The bill, the California Age-Adequate Design Code Act, has yet to be signed by California Governor Gavin Newsom before becoming law. If signed, the provisions would come into effect on July 1, 2024, giving platforms a time window to comply with the requirements.
The new privacy rules would apply to social apps such as Instagram, TikTok and YouTube — often the target of criticism for their mishandling of the safety and mental health of young users — as well as to other companies that “provide an online service, product or feature.” that are likely to be accessible to children.” That broader definition would also extend the bill’s requirements to gaming and education platforms that children could use, along with other websites or services that don’t explicitly limit their use to adults.
The bill defines a child as anyone under the age of 18 and pushes apps and other online products that may attract minors to provide greater privacy protections to all users under the age of 18, not just the youngest. The federal law that provides certain privacy protections for children online, the Children’s Online Privacy Protection Act (COPPA), extends the protection only to children under the age of 13.
Among the requirements is California’s child privacy law, which prohibits companies from collecting user information from minors beyond what is absolutely necessary or from using children’s personal information in a manner that is “materially harmful to their physical health, mental health or well-being of a child. It would also require affected companies to provide users under the age of 18 with the strictest privacy settings by default, “including by disabling features that profile children based on their past behavior, browsing history or assumptions of their resemblance to other children, in order to harmful material.”
The bill would also create a new working group dedicated to implementing the requirements, made up of members appointed by the governor and government agencies. The California Attorney General would have the power to fine companies that break the rules of $2,500 per affected child for violations deemed “negligent” and $7,500 for willful violations.
“We are very encouraged by the bipartisan passage of AB 2273, a monumental step toward protecting Californian children online,” the children’s advocacy organization Common Sense said in a statement on Tuesday. “Today’s action, written by Assembly members Wicks, Cunningham and Petrie-Norris, sends an important message about the need to make children’s online health and safety a higher priority for lawmakers and for our technology companies, especially when it comes to websites accessible by young users.”
While many details remain to be worked out, California law may force the hand of tech companies that have historically prioritized explosive user growth and monetization — and dragged on when it comes to the less lucrative work of verifying the data. age of their users and protecting young people from online threats to safety and mental health. Inspired by UK child privacy legislation known as the Age Appropriate Design Code, current legislation could similarly force tech companies to improve their privacy standards for minors across the board rather than create customized experiences for regionally specific user segments that fall. under the new legal protections.