Table Of Content
- California Age-Appropriate Design Code Compliance Requirements
- Two New Apple and Google Platform Privacy Requirements Kicking In Now
- Covered Entities
- Big Tech’s Attempts to Undermine the California Kids Code
- Alan Raul, Founder of Sidley Austin’s Privacy and Cybersecurity Law Practice Elected FPF’s New Board President
The UK AADC requires online providers to comply with a series of privacy and product design obligations and extends to websites that are likely to be accessed by children. In September 2022, California became the first state to adopt similar protections for children’s online privacy with the adoption of the California Age-Appropriate Design Code Act (CA AADC). The CA AADC largely mirrors the UK AADC’s privacy requirements and builds on its product design and online safety requirements for kids under age 18.
California Age-Appropriate Design Code Compliance Requirements
District Court for the Northern District of California granted NetChoice’s request for preliminary injunction in NetChoice v. Bonta, finding that NetChoice is likely to succeed on its claim that the California Age-Appropriate Design Code (“CA AADC”) violates the First Amendment. Specifically, the Court found that, as a speech restriction, the CA AADC would likely fail both strict scrutiny and a lesser standard of scrutiny. The preliminary injunction blocks the CA AADC from going into effect until the case is resolved. The Data Protection Impact Assessment should be conducted within five business days after receiving a written request by the Attorney General.
Two New Apple and Google Platform Privacy Requirements Kicking In Now
Section 230 shields online service providers from liability for hosting and moderating user content. NetChoice contends that its members, who fall within the scope of “interactive computer services,” are protected by Section 230 and can review, moderate or promote third-party content, to decide whether there is violation of its content-moderation policies, and to enforce those policies based on its own discretion. COPPA focuses on operators of online services that are directed to children or have actual knowledge they are collecting information from children. California continues to lead the way in the U.S. with laws designed to protect children’s privacy and safety rights by introducing the California Age-Appropriate Design Code Act (the CA Kids Code). State Assemblywoman Buffy Wicks, D-Calif., a co-sponsor of the bill, said during a press conference touting the bill's passage, that it was inspired by the U.K. Wicks noted Google, TikTok and YouTube were among the companies that made changes responding to the U.K.
Judge blocks California law meant to protect children's online safety - Reuters.com
Judge blocks California law meant to protect children's online safety.
Posted: Mon, 18 Sep 2023 07:00:00 GMT [source]
Covered Entities
Companies should put children's privacy, safety, and well-being ahead of their own interests if there is a conflict between them and what is in their best interests. The California Privacy Protection Agency, formed under the California Consumer Privacy Act (CCPA), will gain extended law enforcement powers to ensure compliance with the California Age-Appropriate Design Code Act. For example, AI-driven activity recommendations can expose children to harmful content and advertising, nudge them into risky behaviors and potentially put them at risk of being contacted and/or located by predators. It should be noted that Wicks (who is a Democrat) introduced a similar bill last year, but it failed to pass. A new event in Brussels for business leaders, tech and privacy pros who work with AI to learn about practical AI governance, accountability, the EU AI Act and more. • Has children constituting a significant amount of its audience (as determined by internal company research).
Big Tech’s Attempts to Undermine the California Kids Code
The privacy laws and safety protections impacting children vary from country to country and across industries and data types, making it hard to apply a singular global approach. This comprehensive treatise is intended to provide reliable and substantive background on children’s privacy, data protection, and safety issues. AB 2273 requires businesses with an online presence to complete a Data Protection Impact Assessment before offering new online services, products, or features likely to be accessed by children. The bill mandates that strong privacy protections should be provided by design and default for online services, products, or features that are likely to be used by children. This includes disabling features that use a child's past behavior, browsing history, or assumptions about their similarity to other children to profile them and present harmful content.
How an Organization Can Operationalize the Law
The CA AADC requires companies to use Data Protection Impact Assessments (DPIAs) to evaluate their compliance with its principles. On September 15, 2022 California Governor Gavin Newsom signed into law the California Age-Appropriate Design Code Act (CAADCA) AB 2273, which takes effect July 1, 2024 and intends to protect the wellbeing, data, and privacy of children using online platforms. The Act does not have a lookback period, though businesses must complete an impact assessment of its services before the law takes effect. While many companies may unexpectedly be swept into the scope of the CAADCA, social media companies and gaming companies, along with companies that are already subject to COPPA, are the largest organizations likely to be impacted. On May 26, 2022, AB-2273, the California Age-Appropriate Design Code Act (ADCA) unanimously passed the California Assembly and moved to the Senate for consideration. California Assembly Members Buffy Wicks (D-Oakland) and Jordan Cunningham (R-Templeton) proposed AB-2273, earlier this year.
"I really do these bills selfishly because I know when (my kids) are 7, 8, 10, 15 and they start engaging more in the digital world, I want to make sure we have set up the right tools to make sure they have the guardrails," Wicks said. "We know they are going to be digital natives and we welcome that. It's a modern era where California is home to the tech innovation space and we welcome all it brings. But I also want to make sure our children are safe and right now they are not safe. Our fundamental job is to keep our community safe above anything else." While U.S. Congress is working to devise appropriate regulations for children's online privacy and content moderation, finalization is not on the immediate horizon. The inaction led the California Legislature to take matters into its own hands with final passage of Assembly Bill 2273, the California Age-Appropriate Design Code Act. Attorney General Bonta's brief argues that the Ninth Circuit should overturn the district court’s ruling, which would block enforcement of the California Age-Appropriate Design Code Act, because the Act does not regulate speech or infringe on businesses’ rights.
A federal judge has granted a request to block the California Age-Appropriate Design Code Act (CAADCA), a law that requires special data safeguards for underage users online. In a ruling issued today, Judge Beth Freeman granted a preliminary injunction for tech industry group NetChoice, saying the law likely violates the First Amendment. It’s the latest of several state-level internet regulations to be blocked while a lawsuit against them proceeds, including some that are likely bound for the Supreme Court. A systematic survey to assess and mitigate risks arising from the business's data management practices to children who are reasonably likely to access the online service, product, or feature at issue arising from the provision of that online service, product, or feature. Since 1998, the Children’s Online Protection Act (COPPA) has governed how websites directed to children in the United States must approach data privacy for individuals under age 13. COPPA focuses mostly on the collection, use, and disclosure of personal information and the concept of parental notice and control.
Without additional guidance, the ADCA standard may be difficult to interpret or implement for covered entities that target a general audience and traditionally do not host content directed to minors. This uncertainty would likely be exacerbated by ADCA’s applicability to teens; some organizations could struggle to distinguish between services likely to be accessed by 17-year-olds and services likely to be accessed only by those 18 and older. The “likely to be accessed by children” standard is much broader than COPPA, which applies to operators of websites or online services that (1) are either directed to children or (2) have actual knowledge are collecting personal information from children online. The Act also defines “child” more broadly; COPPA defines “child” as an individual under the age of 13, while the Act defines “child” as a consumer who is under the age of 18. Additionally, the Act imposes a number of requirements on covered businesses that are not included under COPPA. The California AADC is notable for extending far beyond the scope of the primary federal children’s online privacy law, the Children’s Online Privacy Protection Act (COPPA), in several key ways.
Like the UK code, it is designed to ensure technology companies proactively take a design-by-default approach to protect children’s privacy and safety when creating or updating online services, products, or features that children will likely access. When a child accesses digital services, the ADCA will mandate covered businesses to set "all default privacy settings offered by the online service, product, or feature to the settings that offer a high level of privacy protection offered by the business." California’s new Act legislates that businesses should “prioritize the privacy, safety, and wellbeing of children over commercial interests” when designing, developing, and providing online services, products, or features “likely to be accessed by children” under 18. I appreciate that AB 2273 takes CPRA’s online safeguards for children even further, by requiring additional obligations from businesses to protect kids online. I also think having a focused task force dedicated to children’s data protection that is established under the umbrella of the PPA is an excellent idea. Furthermore, the ability to adopt regulations in this area will allow the PPA to stay current with rapid changes in technology.
District Court for the Northern District of California on September 18, 2023, and Attorney General Bonta filed a notice of appeal on October 18, 2023. California lawmakers have passed the first law in the United States requiring tech companies to install guardrails for child users. The California Age-Appropriate Design Code Act passed on Monday July 29th with a vote of 33 to 0.
No comments:
Post a Comment