Last month, California Governor Gavin Newsom signed the Age-Appropriate Design Code Act into law, which also passed in the state senate unanimously at the end of August, despite the tech industry’s protests. This California law protects children’s well-being and privacy by requiring companies to evaluate the impact of any service or product designed for children or available for their access. This law was modeled after the U.K. Children’s Code.
The law won’t go into effect until July 1, 2024. After that date, companies violating the law might have to pay penalties of up to $7,500 per affected child. It may sound like a small amount of money, but comparable legislation in the European Union granted Ireland’s Data Protection Commission to fine Meta $400 million for how Instagram treated children’s data. With this new California law, the California attorney general would enforce fines.
California’s Age Appropriate Design Code Act defines a child as anyone under 18. For the 1998 Children’s Online Privacy Act or COPPA, 13 was the cutoff age. COPPA collected protections for children’s information, disallowing “unfair or deceptive acts or practices in connection with the collection, use, and/or disclosure of personal information from and about children on the Internet.”
However, the new California law goes a step further. It demands the highest privacy settings be the default for young consumers and that companies give an unmistakable signal to tell children someone is tracking their location. Jim Steyer, CEO and founder of Common Sense Media and one of the bill’s lead sponsors, called the bill a significant victory for families and children.
The law firmly stands for children’s safety over profit, claiming, “If a conflict arises between commercial interests and the best interests of children, companies should prioritize the privacy, safety, and well-being of children over commercial interests.” In 2019, Baroness Beenban Kidron, chief architect of the U.K. Children’s Code, shared details with The New York Times on her meetings with tech executives. Kidron said, “The main thing they are asking me is: ‘Are you really expecting companies to give up profits by restricting the data they collect on children?’ Her response? ‘Of course, I am! Of course, everyone should.’”
The hazards of the internet for children go beyond being contacted by strangers online. Although the highest privacy settings will be the default, the new California law does attempt to stop these interactions. More and more, parents worry about the disproportionate time kids spend online, the attraction of apps with autoplay and additional features, and the exposure to content that encourages dangerous behaviors like eating disorders and self-harm.
The Age-Appropriate Design Code Act demands that companies write a “Data Protection Impact Assessment” for all new services and products, sharing how children’s data could be used and if harm could be a result of this use. The internet can be a scary place, especially when it comes to your children. However, there are some steps you can take to protect them before this law goes into effect. It would help to keep your children off of social media until they’re 13 years old. Above all, the best thing you can do is monitor what your children watch online.
