The California Age Appropriate Design Code Bill

The California Age Appropriate Design Code Bill

Last week, California lawmakers met to discuss ways to further the protection of children related to the California Age Appropriate Design Code Bill (AB 2273), which was introduced on February 16, 2022, by California State Assembly members Buffy Wicks (D) and Jordan Cunningham (R).

The bill comes at a time of increased popularity and usage of social media among children during COVID. If passed, the bill would require companies to consider the privacy and protection of children in the design of any digital product or service that children in California are likely to access.

Who does the Bill apply to? What data is covered?

The California proposal resembles new rules passed last year in the U.K. that governs how tech firms can target children with push notifications, messaging controls, and other features. The bill would apply to all companies.

In particular, the bill would require:

  • Businesses which create goods, services, or product features which can be accessed by children, to comply with specified standards, as well as considering certain practices in the best interests of children when designing, developing, and providing those goods, services, or product features;
  • Businesses to provide privacy policies and community standards clearly, concisely, and prominently, using language suited to the age of any children likely to access goods, services, or product features;
  • Businesses that provide goods, services, or product features which are likely to be accessed by children, refrain from collecting or using data from consumers who are children; and
  • The creation of the California Children’s Data Protection Taskforce to evaluate best practices for the implementation of the bill’s provisions and to support businesses in their compliance efforts.

History and other laws.

Currently, children’s privacy rights are governed by the Children’s Online Privacy Protection Act (COPPA). Critics of COPPA argue that the law is extremely outdated, being more than 20 years old, and applies only to children younger than 13, which means it provides limited protections to children in the age of social media.

In an effort to strengthen the rights of children, representatives in Washington, DC, and in some other states have introduced bills focused on children’s and teens’ privacy which would significantly affect companies that provide online applications to those under 18.

  • Kids Online Safety Act, which would impose significant new requirements on companies that provide internet services used by children, including a requirement for covered platforms to implement privacy and data controls that allow minors and their parents to manage how their data is collected and shared.
  • A bill has been introduced in Washington state that would require companies to treat minor users differently than adults for privacy compliance purposes.
  • Minnesota lawmakers approved SF 2307, a bill that would limit how long companies are allowed to keep student data on file and prevent them from advertising to families based on the information.


How can businesses prepare to comply?

Providing protections for children will radically change the way digital companies engage with children. This starts with safety by design. AB 2273 is practical, realistic, and has the chance to lead the way in making the digital world safe for American children as other states tend to use California’s privacy laws as a model for their own.

If the bill is passed, it will likely become effective on July 1, 2024, at which point businesses will likely be able to lean on the proposed Data Protection Taskforce to assist with their compliance measures.


* * * * * * *


To read our coverage on Alvaro Bedoya, the new Commissioner of the Federal Trade Commission, click here.

For ADCG’s Breach Report and more news updates discussing: the National Association of Attorneys General announcement of a new initiative focused on cybersecurity; the Federal Trade Commission releases a policy statement last week outlining its new regulations for education technology companies; the Security and Exchange Commission laid out its regulatory agenda last week at the Securities Enforcement Forum West 2022; Privacy Expert Jeff Jockish’s discussion at last week’s Data Summit 2022 in Boston where he spoke on a range of topics relevant to data privacy, click here.

Jeff Jockish also joins us this week on our Podcast to discuss the Data Collaboration Alliance. Podcasts are released every Thursday, here. They can also be enjoyed on Spotify and Apple Podcasts.

To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.

Leave a Reply

Back To Top