California lawmakers have passed a bill that seeks to make apps and other online spaces safer for kids in the absence of robust federal standards. The bill, if signed into law, would impose a set of new protections for people under the age of 18 in California, potentially punishing tech companies with thousands in fines for every child affected by any violation.
The bill, the California Age-Appropriate Design Code Act, still needs to be signed by California Governor Gavin Newsom before becoming law. If signed, its provisions would go into effect on July 1, 2024, giving platforms an interval of time to come into compliance.
The new privacy rules would apply to social apps like Instagram, TikTok and YouTube — frequent targets of criticism for their mishandling of young users’ safety and mental health — but also to other businesses that offer “an online service, product, or feature likely to be accessed by children.” That broader definition would also extend the bill’s requirements to gaming and education platforms that kids might use, along with any other websites or services that don’t explicitly limit their use to adults.
The bill defines a child as anyone under the age of 18, pushing apps and other online products that might attract minors to enact more privacy protections for all under-18 users, not just the youngest ones. The federal law that carves out some privacy protections for children online, the Children’s Online Privacy Protection Act (COPPA), only extends its protections to children under age 13.
Among its requirements, the California children’s privacy legislation would prohibit companies from collecting any minor’s user data beyond what is absolutely necessary or leveraging children’s personal information in any way “materially detrimental to the physical health, mental health, or well-being of a child.” It would also require affected companies to default users under 18 to the strongest privacy settings, “including by disabling features that profile children using their previous behavior, browsing history, or assumptions of their similarity to other children, to offer detrimental material.”
The bill would also create a new working group dedicated to implementing its requirements comprised of members appointed by the governor and state agencies. The California Attorney General would be empowered to fine companies that violate its rules $2,500 per child affected for any violations deemed to be “negligent” and $7,500 for intentional violations.
“We are very encouraged by today’s bi-partisan passage of AB 2273, a monumental step toward protecting California kids online,” the children’s advocacy organization Common Sense said in a statement Tuesday. “Today’s action, authored by Assembly members Wicks, Cunningham and Petrie-Norris, sends an important signal about the need to make children’s online health and safety a greater priority for lawmakers and for our tech companies, particularly when it comes to websites that are accessed by young users.”
While there’s plenty of detail to be worked out still, the California bill could force the hand of tech companies that have historically prioritized explosive user growth and monetization above all — and dragging their feet when it comes to the less lucrative work of verifying the age of their users and protecting young people from online threats to safety and mental health. Inspired by the U.K. children’s privacy legislation known as the “Age Appropriate Design Code,” the current legislation could similarly force tech companies to improve their privacy standards for minors across the board rather than creating customized experiences for regionally specific user segments that fall under new legal protections.