September 29, 2022

Volume XII, Number 272

Advertisement

September 29, 2022

Subscribe to Latest Legal News and Analysis

September 28, 2022

Subscribe to Latest Legal News and Analysis

September 27, 2022

Subscribe to Latest Legal News and Analysis

California Passes Law to Protect Children’s Data Online

California Governor Gavin Newsom signed the California Age-Appropriate Design Code Act (the Act) into law last week. This new law will require those online service providers likely to be accessed by children under 18 years old to comply with heightened privacy requirements, including incorporating privacy-by-default and privacy-by-design into their products. The 18-year age threshold for defining a child online is several years higher than the federal standard set by the Children’s Online Privacy Protection Act, which protects data collected from online users under 13. The bulk of the new bill requires online service providers to complete a Data Protection Impact Assessment for any online service, product, or feature likely to be accessed by children. The bill additionally prohibits businesses from using children’s data for any purpose other than the reason for which it was originally collected and requires them to prioritize children’s well-being over business considerations.

Notably, the Act requires businesses to declare whether their product, service, or algorithms could “harm” children without defining the scope of “harm.” At this point, the statute could be read to either require material harm or to treat violations as damage per se. It’s also unclear which group(s) would be responsible for clarifying these new rules and regulations. The Act establishes the California Children’s Data Protection Working Group to advise the Legislature on issues involving technology and child welfare, which will likely release policy statements. However, the Act vests enforcement power with the Attorney General, who may seek injunctions and fines of up to $2,500 for each negligent breach and $7,500 for each intentional breach. Finally, the Act’s findings declare that this law should be read in concert with the California Privacy Rights Act, which also established the California Privacy Protection Agency responsible for regulating and enforcing consumer privacy in the state. The California Age-Appropriate Design Code Act will take effect on July 1, 2024.

Blair Robinson also contributed to this article.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XII, Number 264
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Kathryn Rattigan Attorney Cybersecurity Data Privacy
Associate

Kathryn Rattigan is a member of the firm's Business Litigation Group and Data Privacy + Cybersecurity Team. She advises clients on data privacy and security, cybersecurity, and compliance with related state and federal laws. Kathryn also provides legal advice regarding the use of unmanned aerial systems (UAS, or drones) and Federal Aviation Administration (FAA) regulations. She represents clients across all industries, such as insurance, health care, education, energy, and construction.

Data Privacy and Cybersecurity Compliance

Kathryn helps clients comply...

401-709-3357
Advertisement
Advertisement
Advertisement