California Protected Kids Online In A Way Every State Should Follow

By Marie Holmes, HuffPost

On Sept. 15, California Gov. Gavin Newsom (D) signed into law the Age-Appropriate Design Code Act, which unanimously passed in the state senate at the end of August despite protest from the tech industry.

Modeled after the U.K. Children’s Code that went into effect last year, the California law protects children’s privacy and well-being online by requiring companies to assess the impact of any product or service either designed for children or “likely to be accessed by children.”

The law will go into effect on July 1, 2024, after which time companies found in violation of the law may have to pay penalties of up to $7,500 per affected child. While that might sound like a small sum, similar legislation in the European Union has allowed Ireland’s Data Protection Commission to fine Meta $400 million for the way Instagram treated children’s data. (In the case of the new law, the California attorney general would impose fines.)


California’s Age-Appropriate Design Code Act defines a child as any person under the age of 18, in comparison to 1998′s Children’s Online Privacy Protection Act (COPPA), for which 13 is the cutoff age.

COPPA codified protections for children’s data, prohibiting “unfair or deceptive acts or practices in connection with the collection, use, and/or disclosure of personal information from and about children on the Internet.”


The new California law goes further. It requires that the highest privacy settings be the default for young users, and that companies “provide an obvious signal” to let children know when their location is being tracked.

Jim Steyer, founder and CEO of Common Sense Media, one of the bill’s lead sponsors, told HuffPost, “this is a very significant victory for kids and families.”

The law comes down firmly on the side of children’s safety over profit, stating: “If a conflict arises between commercial interests and the best interests of children, companies should prioritize the privacy, safety, and well-being of children over commercial interests.”

In a 2019 interview with The New York Times, Baroness Beeban Kidron, chief architect of the U.K. Children’s Code, elaborated on her meetings with tech executives.

“The main thing they are asking me is: ‘Are you really expecting companies to give up profits by restricting the data they collect on children?’ Her response? ‘Of course I am! Of course, everyone should.’”


How will the Age-Appropriate Design Code Act protect kids online?

The dangers of the internet for kids go beyond children being contacted by strangers online (though by making high privacy settings the default, the California act does try to prevent such interactions).

Increasingly, parents worry about the excessive time that children spend online, the lure of platforms with autoplay and other addictive features, and kids’ exposure to content that promotes dangerous behaviors like self-harm and eating disorders.

The Age-Appropriate Design Code Act requires companies to write a “Data Protection Impact Assessment” for every new product or service, detailing how children’s data may be used and whether any harm could result from this use.

“Basically, [companies] have to look at whether their product design exposed children and teens to harmful content, or allows harmful contact by others, or uses harmful algorithms,” said Steyer.

Under the law, Steyer explained, YouTube, for example, would still be able to make video recommendations. The difference is that they would have less data to pull from when making these recommendations. Companies would also be responsible for assessing whether their algorithms are amplifying harmful content, and taking action if this is the case.

Haley Hinkle, Policy Counsel at Fairplay, an organization “dedicated to ending marketing to children,” told HuffPost that by mandating an impact assessment, “big tech companies will be responsible for assessing the impact their algorithms will have on kids before they offer a product or new design feature to the public.”

Hinkle continued, “This is critical in shifting responsibility for the safety of digital platforms onto the platforms themselves, and away from families who do not have the time or resources to decode endless pages of privacy policies and settings options.”

Under the law, a company may not “collect, sell, share or retain” a young person’s information unless it is necessary to do so in order for the app or platform to provide its service. The law instructs businesses to “estimate the age of child users with a reasonable level of certainty,” or simply to grant data protections to all users.

“You cannot profile a child or a teenager by default, unless the business has appropriate safeguards in place,” Steyer said. “And you cannot collect precise geolocation information by default.”

Hinkle explained the motivation for companies to collect such data. “Online platforms are designed to capture as much of kids’ time and attention as possible. The more data a platform collects on a child or teen, the more effectively it can target them with content and design features to keep them online.”

While the law’s scope is limited to California, there is hope that it could instigate further-reaching reform, as some companies changed their practices worldwide before the enactment of the Children’s Code in the U.K. Instagram, for example, made teens’ accounts private by default, disabling direct messages between children and adults they do not follow. However, how they define “adult” varies by country ― it’s 18 in the U.K. and “certain countries,” but 16 elsewhere in the world, according to their statement announcing the changes.

While it’s uncertain if Instagram will raise this age cutoff to 18 in California now, the Age-Appropriate Design Code Act does require companies to take into account “the unique needs of different age ranges” and developmental stages, defined by the law as follows: “0 to 5 years of age or ‘preliterate and early literacy,’ 6 to 9 years of age or ‘core primary school years,’ 10 to 12 years of age or ‘transition years,’ 13 to 15 years of age or ‘early teens,’ and 16 to 17 years of age or ‘approaching adulthood.’”

Related Posts

We’ll Keep You Informed
sgs logo square

Our expert staff and research team are always on the pulse of what is happening in the digital world. We will keep you abreast of the latest news, trends and laws that relate to staying smart, safe and private in our ever changing digital society.

Let’s Socialize

Popular Post