For years, California has led the way in setting the standard for privacy and data protection regulation in the United States. Recently — and as calls for greater control over the addictive nature of social media grow louder — lawmakers in the Golden State moved closer to passing a new, first-of-its-kind privacy law that would prohibit the development and use of “addictive” devices. ” on social media platforms. At the same time, state lawmakers also introduced a second bill that would provide strict protections for the privacy of minors online.
Businesses should closely monitor the development of these bills, as their passage—combined with increased attention to children’s privacy by both federal lawmakers and the Federal Trade Commission (“FTC”)—could have a ripple effect in other states and municipalities with legislators. look to enact similar laws on children’s online privacy.
The Law on Social Media Platform Responsibilities to Children
Earlier this year, California lawmakers introduced the Social Media Platform Duty to Children Act, AB 2408 (“SMPDCA”), a targeted privacy bill aimed at curbing social media addiction and its increasingly negative impact on children. In late June, the California Senate Judiciary Committee passed an amended version of the bill, which now goes to the Senate Appropriations Committee. While the original version of the SMPDCA included a private right of action that allowed parents to sue tech companies for violating the law, the amended bill eliminates the ability to file a class action lawsuit, leaving enforcement solely in the hands of the California Attorney General and the state’s district attorneys, district attorneys, and city prosecutors.
According to the SMPDCA, social media platforms are prohibited from using “a design, feature or feature that the platform knew or, if it exercised reasonable care, should have known would cause children to become addicted to the platform.”
Importantly, however, the bill would allow platforms to protect themselves from liability under the bill’s safe harbor provision, which requires platforms to meet two conditions: (1) implement and maintain a program for regular auditing to identify practices or features that could potentially cause or facilitate the addition of child users; and (2) within 30 days after the completion of any audit, correct any practices or features identified during the audit that represent more than de minimis the risk of breaking the law.
Violations of the SMPDCA will subject social media platforms to civil penalties of up to $2,500 for negligent violations and $7,500 for willful violations. In addition, any platform that knowingly and willfully violates the law will be subject to an additional civil penalty of up to $250,000 per violation, as well as attorneys’ fees and court costs.
California Age Appropriate Design Law
Also this year, state lawmakers introduced a second piece of proposed legislation, California’s Age-Friendly Design Act, AB 2273 (“AADC”), which would impose a number of requirements and restrictions on online businesses that offer accessible services, products or features access children In late June, the California State Senate Judiciary Committee advanced an amended version of the AADC, and it is now scheduled for a Senate Appropriations Committee hearing in early August. If passed, the AADC would take effect on January 1, 2024.
Modeled after the UK’s Age-Friendly Design Code, the AADC, which aims to “enhance child-centred design in online products and services that children can access”, requires companies to consider the best interests of children when designing, developing and provide services, products or features that children can access, while requiring companies to “prioritize the privacy, safety and well-being of children” when there is a conflict between the company’s commercial interests and the best interests of children.
However, the AADC also prohibits: (1) using any child’s personal information in a manner that is likely to cause or contribute to “more than de minimis” the risk of harming the child’s physical health, mental health or well-being; (2) child profiling by default; (3) collecting precise geolocation information from children by default or without providing obvious indications to children that such information is being collected; and (4) use dark patterns to induce or encourage children to provide personal information beyond what is reasonably expected to provide a service, product, or feature.
Violations of the AADC will subject companies to civil penalties on the injured child up to $2,500 for negligent violations and up to $7,500 for willful violations.
Analysis and conclusions
Both bills in California come amid growing calls from privacy advocates for greater protections for children online. In addition, both President Biden and federal lawmakers have voiced the growing need for stronger regulation of companies that cater to children’s online activities. Meanwhile, this May, the FTC adopted a policy statement to increase scrutiny of violations of the Children’s Online Privacy Protection Act (“COPPA”), which President Biden noted during recent remarks demonstrates that the FTC will focus on “hacking companies that persistently exploiting our children to make money,” for the foreseeable future.
Collectively, companies that offer services or products to children online should closely monitor the progress of California’s children’s online privacy bills while reevaluating their own privacy practices and compliance programs to mitigate the increased control they are likely to face. from all levels of government moving forward.
© Copyright 2022 Squire Patton Boggs (US) LLPNational Law Review, Volume XII, Number 200