Closing the Gap: California’s Proposal to Bolster Children’s Privacy

/ blog / By

Introduction 

As children today grow up in an increasingly digital world, their online activities leave behind a trail of data that shapes their digital footprint. Shockingly, by the time a child reaches the age of 13, online advertising firms have already amassed an average of 72 million data points about them. Against this backdrop, the state of California is taking a significant stand to safeguard the privacy and well-being of its youth.

 

At a press conference held on January 29th, California Attorney General Rob Bonta unveiled two groundbreaking bills aimed at addressing the pressing concerns surrounding youth privacy and the adverse effects of social media on minors. These bills, introduced to the California State Legislature for the 2024 legislative session, mark a pivotal moment in the ongoing battle to protect young people in the digital age. 

 

California Attorney General Rob Bonta, Senator Nancy Skinner, and Assembly member Buffy Wicks today introduced the Protecting Youth from Social Media Addiction Act (SB 976), and the California Children’s Data Privacy Act (AB 1949), landmark legislation seeking to protect youth online. The privacy bill, deemed the proposed Children’s Data Privacy Act, aims to amend the California Consumer Privacy Act to tighten youth coverage. The proposed Protecting Youth from Social Media Addiction Act focuses on measures to moderate content and limit luring features or techniques on social media platforms.

 

AB 1949

The proposed AB 1949 bolsters the protection of minors’ data privacy rights under the California Consumer Privacy Act (CCPA). AB 1949 presents a pivotal opportunity to advance protection beyond the groundwork laid by the CCPA, extending safeguards to encompass all individuals under 18. This legislation marks a significant stride in rectifying the deficiencies in privacy regulations, which have enabled tech giants to exploit and profit from the sensitive data of youth without consequence. While the CCPA enhances privacy rights for Californian consumers, including the rights to understand the personal information gathered and traded by businesses and to halt such transactions with third parties, it currently fails to adequately shield 17-year-olds. This gap permits companies like Google and Meta to gather, exploit, and monetize young users’ data on a vast scale. 
 
The envisioned Children’s Data Privacy Act would bar businesses from gathering, utilizing, sharing, or selling personal data of minors under 18 without “affirmative authorization,” with specific requirements for users under 13 mandating informed parental consent.
 
AB 1949 proposes amendments to the CCPA, prohibiting businesses from collecting, utilizing, sharing, or selling personal data of individuals under 18, except with informed consent or when strictly necessary for business purposes. Parental consent is mandated for users under 13. The bill empowers the Office of the Attorney General to enforce these regulations and pursue injunctive relief, damages, or civil penalties up to $5,000 per violation. 
 
Additionally, the California Age Appropriate Design Code (AADCA) incorporates explicit privacy-by-default settings, mandates data protection impact assessments within a 72-hour timeframe upon request from the California attorney general, and establishes criteria for evaluating services likely to be accessed by minors.
 

SB 976

SB 976 introduces measures aimed at safeguarding young individuals from the perils of online addiction. Under this bill, parents would be empowered to decide whether users under 18 receive a chronological feed from their existing follows or continue with the current default, an algorithmic feed. Recognizing the addictive nature of algorithmic feeds and the potential mental health risks associated with excessive social media usage among youth, this legislation offers parents the opportunity to mitigate these concerns. 

 

Moreover, parents and guardians would be granted the option to cease social media notifications and restrict access to platforms for minors during nighttime hours and throughout the school day. These provisions seek to provide families with greater control over their children’s online experiences and promote healthier usage habits.

 

Way Ahead

During the press conference, key points about the bill highlighted that its provisions would not perfectly align with the privacy requirements outlined in the AADCA, which faces a state court injunction due to alleged First Amendment breaches by the technology association NetChoice. 
 
The bill’s objective is to establish consistency among the varied children’s privacy statutes emerging across the United States, acknowledging the diverse language and approaches present in existing aws such as the CCPA and comprehensive privacy legislation enacted in 12 other states. 
 
Connecticut recently updated its children’s privacy provisions in 2023, while states like Colorado and Virginia have proposed bills in 2024 to amend their respective laws. 
 
The introduction of California’s new children’s bills is not expected to hinder the ongoing legal dispute surrounding the AADCA. Rather, these proposals are designed to complement the AADCA assuming its successful resolution in the current legal challenge. Nevertheless, California officials anticipate potential lawsuits if either of these bills is enacted.

Author
Kosha Doshi, Final Year Student at Symbiosis Law School Pune & Legal Intern Data Privacy and Digital Law at EU Digital Partners