Privacy Protections For Children In California – The National Law Review
California is leading the way on privacy regulation — again. The California State Assembly has passed AB 2273, which, if approved by the California Governor, would require businesses that provide online services, products, or features likely to be accessed by children or teens under the age of 18 to increase their privacy and safety protections. Although California AB 2273, also known as the California Age-Appropriate Design Code Act, aims to protect children and teens, the bill’s requirements could impact a broad range of online businesses and goes beyond the federal Children’s Online Privacy Protection Act, known as COPPA..
Among other provisions, the bill would require the following:
Any business that provides an online service, product, or feature likely to be accessed by children must conduct a “Data Protection Impact Assessment,” which must include (if applicable) an assessment of:
whether the design of the product, service, or feature could lead to children experiencing or being targeted by harmful contacts,
whether algorithms used could harm children,
whether targeted advertising could harm children, and
whether and how the products, services, or features use systems designed to increase, sustain, or extend usage, including but not limited to automatic playing of media, rewards for time spent, and user notifications.
Within five days following an Attorney General request, a business must deliver any requested Data Protection Impact Assessment.
Any business that provides an online service, product, or feature likely to be accessed by children must configure all default privacy settings provided to a child, to settings that offer a high level of privacy, unless the business can demonstrate a compelling reason that a different setting is in the best interests of the child.
Any business that provides an online service, product, or feature likely to be accessed by children must refrain from using personal information of a child, which the business knows, or has reason to know, is materially detrimental to the physical health, mental health, or well-being of a child.
Any business that provides an online service, product, or feature likely to be accessed by children must not collect, sell, or share any precise geolocation information of a child by default unless strictly necessary for the business to provide the service, product, or feature requested and if collected, only for the limited time that the collection of geolocation information is necessary to provide the service, product or feature.
The California Age-Appropriate Design Code Act would authorize the California Attorney General to seek injunctive penalties or civil penalties of not more than $2,500 for each affected child in connection with a negligent violation and not more than $7,500 for each affected child in the event of an intentional violation.
If the California Governor signs the bill into law, it would come into effect on July 1, 2024; however, businesses would be wise to consider immediate assessments so they can determine the extent of child and teen usage, the design and systems employed that could leave children and teens exposed, and to ensure all Data Protection Impact Assessments are completed on or before the effective date.
About this Author
Kevin represents clients in acquisition and financing transactions and general corporate matters. He has experience negotiating merger and acquisition (M&A) transactions and debt and equity financings as well as licensing and technology transactions. His practice also includes a focus on start-ups, including company formation and structuring.
Prior to joining Mintz, Kevin was a corporate associate with a Bay Area law firm focusing on start-up companies and their investors. Kevin focused on M&A transactions, including mergers, asset purchases, and stock purchases. He also…
Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-…
Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is www.NatLawReview.com intended to be a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional. NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us.
Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.
The National Law Review – National Law Forum LLC 3 Grant Square #141 Hinsdale, IL 60521 Telephone (708) 357-3317 or toll free (877) 357-3317. If you would ike to contact us via email please click here.