Table Of Content
Lawmakers in California and around the world have prioritized legislation that would establish individual protections, limit the potential harmful consequences of large-scale data collection and processing, and curtail abuses of targeted advertising and automated decision making. California has passed multiple bills designed to regulate online content, and challenges to others — including a suit filed by X, formerly Twitter, over a law governing how sites moderate hate speech — remain ongoing. But courts elsewhere have determined that several state-level laws are probably unconstitutional. In August, a different court blocked a law requiring age verification for online pornography, saying that it would similarly require invasive data collection and limit adults’ access to constitutionally protected speech. It will require companies to assess and assuage the damage that their products could potentially do to children— like exposing them to predators or addicting them with algorithms that lead to eating disorders.
Next Steps for California Businesses
The UK AADC requires online providers to comply with a series of privacy and product design obligations and extends to websites that are likely to be accessed by children. In September 2022, California became the first state to adopt similar protections for children’s online privacy with the adoption of the California Age-Appropriate Design Code Act (CA AADC). The CA AADC largely mirrors the UK AADC’s privacy requirements and builds on its product design and online safety requirements for kids under age 18.
4 Documentation Requirement
The California Kids Code refers to legislation that enhances online privacy and protection for children, particularly regarding personal information. Organizations must clearly indicate to the child when they are being tracked or monitored if the online service, product, or feature has permitted the parent, legal guardian, or any other consumer to keep an eye on the child's online behavior. Organizations must conduct a Data Protection Impact Assessment for every online service, product, or feature that is likely to be used by children before making it available to the public, and keep the documentation of this assessment for as long as the online service, product, or feature is likely to be used by children. In its definitions of covered businesses, the California Age-Appropriate Design Code Act (AB-2273) extends beyond the reach of COPPA.
TikTok, other social media platforms made nearly 100 changes to safeguard kids : Shots - Health News - NPR
TikTok, other social media platforms made nearly 100 changes to safeguard kids : Shots - Health News.
Posted: Fri, 29 Mar 2024 07:00:00 GMT [source]
Upcoming Legal Education Events
Additionally, if a business has foregone conducting applicable DPIAs for whatever reason, then the Act should provide the necessary impetus (and business case) to reassess this position and integrate them into product builds. Continuous customer engagement by companies through branded messaging tends to increase customer trust. The California Age-Appropriate Design Code Act states that children or, if necessary, their parents or guardians should be given accessible and responsive tools which assist them in exercising their right to privacy and report concerns.
How Does the Kids Code Work?
The privacy laws and safety protections impacting children vary from country to country and across industries and data types, making it hard to apply a singular global approach. This comprehensive treatise is intended to provide reliable and substantive background on children’s privacy, data protection, and safety issues. AB 2273 requires businesses with an online presence to complete a Data Protection Impact Assessment before offering new online services, products, or features likely to be accessed by children. The bill mandates that strong privacy protections should be provided by design and default for online services, products, or features that are likely to be used by children. This includes disabling features that use a child's past behavior, browsing history, or assumptions about their similarity to other children to profile them and present harmful content.
However, for businesses in substantial compliance the Attorney General shall provide written notice to the business before initiating an action and allow the business 90 days from such notice to cure any potential violations. In September 2023, the District Court for the Northern District of California granted a preliminary injunction against the Kids Code, preventing the law from going into enforcement. California Attorney General Rob Bonta has appealed and a decision is expected in the Ninth Circuit Court of Appeals in Spring 2024.
Current Legal Analysis
While the litigation presses forward, children’s data privacy remains a pressing issue as state and federal legislators continue to introduce bills. The Act also created a working group to advise government and businesses on best practices for prioritizing children’s best interests (privacy and safety) online. As California is home to some of the world’s biggest technology and social media companies, which have already made changes under the UK code, the CA Kids Code is expected to have global influence.
Privacy Law
Companies should put children's privacy, safety, and well-being ahead of their own interests if there is a conflict between them and what is in their best interests. The California Privacy Protection Agency, formed under the California Consumer Privacy Act (CCPA), will gain extended law enforcement powers to ensure compliance with the California Age-Appropriate Design Code Act. For example, AI-driven activity recommendations can expose children to harmful content and advertising, nudge them into risky behaviors and potentially put them at risk of being contacted and/or located by predators. It should be noted that Wicks (who is a Democrat) introduced a similar bill last year, but it failed to pass. A new event in Brussels for business leaders, tech and privacy pros who work with AI to learn about practical AI governance, accountability, the EU AI Act and more. • Has children constituting a significant amount of its audience (as determined by internal company research).
A covered entity under the bill is defined as a business "that provides an online service, product, or feature likely to be accessed by children shall take all," but application relies on thresholds defined under the California Privacy Rights Act. Specific privacy requirements include privacy-by-default settings, data protection impact assessments within a 72-hour window upon request from the California attorney general, and standards to assess whether services are likely to be accessed by minors. The ADCA would apply to businesses that provide “an online service, product, or feature likely to be accessed by a child.” This casts a wider net than COPPA’s “directed to children” standard. Under COPPA, under-age-13 users’ personal data is not typically afforded higher protection unless the service has actual knowledge that the user is a child or if the service’s offerings are deemed as child-directed through factors such as direct marketing, graphics, or music that appeals to children.
Timeline for California Kids' Online Privacy Law Extended - Bloomberg Law
Timeline for California Kids' Online Privacy Law Extended.
Posted: Mon, 17 Jul 2023 07:00:00 GMT [source]
"I really do these bills selfishly because I know when (my kids) are 7, 8, 10, 15 and they start engaging more in the digital world, I want to make sure we have set up the right tools to make sure they have the guardrails," Wicks said. "We know they are going to be digital natives and we welcome that. It's a modern era where California is home to the tech innovation space and we welcome all it brings. But I also want to make sure our children are safe and right now they are not safe. Our fundamental job is to keep our community safe above anything else." While U.S. Congress is working to devise appropriate regulations for children's online privacy and content moderation, finalization is not on the immediate horizon. The inaction led the California Legislature to take matters into its own hands with final passage of Assembly Bill 2273, the California Age-Appropriate Design Code Act. Attorney General Bonta's brief argues that the Ninth Circuit should overturn the district court’s ruling, which would block enforcement of the California Age-Appropriate Design Code Act, because the Act does not regulate speech or infringe on businesses’ rights.
District Court for the Northern District of California granted NetChoice’s request for preliminary injunction in NetChoice v. Bonta, finding that NetChoice is likely to succeed on its claim that the California Age-Appropriate Design Code (“CA AADC”) violates the First Amendment. Specifically, the Court found that, as a speech restriction, the CA AADC would likely fail both strict scrutiny and a lesser standard of scrutiny. The preliminary injunction blocks the CA AADC from going into effect until the case is resolved. The Data Protection Impact Assessment should be conducted within five business days after receiving a written request by the Attorney General.
Among other things, the ruling takes issue with the requirement that sites estimate visitors’ ages to detect underage users. The provision is ostensibly meant to cut down on the amount of data collected about young users, but Freeman notes that it could involve invasive technology like face scans or analyzing biometric information — ironically requiring users to provide more personal information. Unless the company can prove convincingly that a different option is in children's best interests, all default privacy settings offered to children by the online service, product, or feature should be configured to settings that offer a high level of privacy. The application to users below the age of 18 is significant since the federal Children’s Online Privacy Protection Act of 1998 only applies to users below the age of 13 (and is generally focused on online services directed at children).
House has provisions for minors age 17 and under while attempting to better address the COPPA actual knowledge issues. "This will be difficult for many businesses to operationalize and reduce the quality of online services for adults," Sanchez said. "The exact implications are unclear because the bill leaves many important questions unanswered. It is challenging to verify someone’s age without collecting sensitive personal information."
No comments:
Post a Comment