Northern District of California Court Finds CA AADC Violates Firs

Table Of Content

• Next Steps for California Businesses
• Alan Raul, Founder of Sidley Austin’s Privacy and Cybersecurity Law Practice Elected FPF’s New Board President
• American Data Privacy and Protection Act (ADPPA): Explained
• Big Tech’s Attempts to Undermine the California Kids Code
• Enforcement
• Obligations for Organizations Under the California Age-Appropriate Design Code Act
• US Senate committee advances two children's privacy bills

And it doesn’t only apply to tech products directed marketed at children, but rather “all online products and services they are likely to access”. The code authorizes the Attorney General to seek an injunction or civil penalty against a business that violates its provisions. SACRAMENTO – Governor Gavin Newsom today announced that he has signed bipartisan landmark legislation aimed at protecting the wellbeing, data, and privacy of children using online platforms. Children’s Privacy and Safety intends to help the practitioner and advocate on their journey to protect children’s data privacy and safety.

Next Steps for California Businesses

The attorney general's office will assume enforcement powers after previous versions of the bill left enforcement to the California Privacy Protection Agency. The bill establishes the California Children’s Data Protection Working Group, a 10-member group appointed by branches of state government and the CPPA to consider best practices for implementing the law. As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments. While the CA AADC will not go into effect until next year, companies within its scope may want to get an early start in identifying potential risks in a DPIA and take measures to address them, as appropriate. Considering these privacy and safety issues early in the product development cycle could help reduce risk and facilitate compliance. The AADC model is already in effect in the UK and Ireland, and has spurred meaningful changes from Big Tech platforms in the UK to protect the safety and privacy of kids online.

Alan Raul, Founder of Sidley Austin’s Privacy and Cybersecurity Law Practice Elected FPF’s New Board President

The CCPA also creates a requirement for covered entities to receive affirmative opt-in authorization to sell the data of 13- to 16-year-old users. The ADCA would require covered entities to use age-appropriate language for privacy disclosures and the increase in age aims to create age-appropriate regulations for all minors. However, aggregating all children under 18 in a single group may cause issues in implementation because the developmental needs and maturity of teenagers are vastly different from those of elementary school age children. The California ADCA could benefit from a similar approach, which could improve the readability of privacy notices for young people while also incentivizing services to collect less identifiable data regarding user age.

American Data Privacy and Protection Act (ADPPA): Explained

The Act’s definition of online service, product, or feature does not mean a broadband internet access service or telecommunications service, nor the delivery or use of a physical product. Technology companies use sophisticated methods to collect and analyze personal data, then use these insights to keep people engaged longer and influence their behavior. "We have to get this right. California has to get this right," State Sen. Jordan Cunningham, R-Calif., said. The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.

We Need to Keep Kids Safe Online:

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy. Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them. Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems. Learn how to surround AI with policies and procedures that make the most of its potential by reducing its risks. The Children’s Data Protection Working Group will be established as part of the California Age-Appropriate Design Code Act to deliver a report to the Legislature, by January 2024, on the best practices for implementation.

Is Your State's Child Safety Law Unconstitutional? Try Comprehensive Data Privacy Instead - EFF

Is Your State's Child Safety Law Unconstitutional? Try Comprehensive Data Privacy Instead.

Posted: Tue, 03 Oct 2023 07:00:00 GMT [source]

The CA AADC requires that companies subject to the law estimate the age of child users with a reasonable level of certainty (appropriate to the applicable level of risk) or apply the required protections to all consumers. It does not, however, provide guidance as to how this is to be done or how to do it in a manner that addresses principles such as data minimization. AB 2273 prohibits companies that provide online services, products or features likely to be accessed by children from using a child’s personal information; collecting, selling, or retaining a child’s geolocation; profiling a child by default; and leading or encouraging children to provide personal information. Under the California Age-Appropriate Design Code Act, any “company that provides an online service, product, or feature likely to be accessed by children” must adhere to specific rules and regulations. The ADCA is currently pending in the California Senate Judiciary Committee and will be discussed in a committee hearing on June 28, 2022. Although the bill passed unanimously through the House, it is not yet clear how it will be received by the Senate and what revisions may be adopted.

The suit also claims that the Act’s requirement of age estimation “with a reasonable level of certainty” incentivizes businesses to collect more data, conflicting with other state privacy laws, such as biometric privacy laws. AB 2273 is part of a two-pronged children's online safety overhaul by the California Legislature. AB 587, the Social Media Accountability and Transparency Act, also passed both chambers with overwhelming majority votes.

Obligations for Organizations Under the California Age-Appropriate Design Code Act

This new requirement would be a large shift for entities as they would also be required to report the assessments to the CPPA and for review every 24 months or before new features are offered to the public. DPIAs can serve to strengthen enforcement of privacy laws, but are resource-consuming for both covered entities complying and regulators. The CPRA also requires risk assessments, but it is not clear whether these assessments will be filed with the CPPA, unlike the ADCA. The bill also requires that privacy information, terms of service, policies, and community standards be easily accessible and upheld – and requires responsive tools to help children exercise their privacy rights. The bipartisan legislation strikes a balance that protects kids, and ensures that technology companies will have clear rules of the road that will allow them to continue to innovate.

Minnesota wants to crack down on tech and social media giants. Tech companies are pushing back. - Star Tribune

Minnesota wants to crack down on tech and social media giants. Tech companies are pushing back..

Posted: Fri, 22 Mar 2024 07:00:00 GMT [source]

US Senate committee advances two children's privacy bills

The lawsuit enjoining the enforcement of CAADCA was brought by Netchoice, a trade association of online businesses and eCommerce businesses, in December 2022. Netchoice challenged the constitutionality of CAADCA in its complaint against California Attorney General Rob Bonta. In terms of regulation and enforcement, the bill requires the PPA to create establish and convene the California Children’s Data Protection Taskforce (CDPT) to evaluate best practices for the implementation of these provisions.

“Although the stated purpose of the Act — protecting children when they are online — clearly is important, NetChoice has shown that it is likely to succeed on the merits of its argument that the provisions of the CAADCA intended to achieve that purpose do not pass constitutional muster,” wrote Freeman. The Act mandates that by April 1, 2023, the Working Group will be in place, with members chosen by the CPPA. "Californians with knowledge in privacy, physical health, mental health, well-being, technology, and children's rights" would constitute members of the Group. Any privacy information, terms of service, policies, or community standards must be concise, prominently displayed, and use clear language suited to the age of children likely to access the Service. In addition, NetChoice claims that the CAADCA does not define certain terms, such as “materially detrimental” to the well-being of a child, age estimation “with a reasonable level of certainty,” “harmful” or “potentially harmful” content. Lacking a clear guidance, NetChoice argues, online businesses will choose to self-censor to avoid “draconian penalties.” Self-censorship compromises the values of the First Amendment and chills free speech.

If the ADCA is passed and signed by the governor, it will shift the children’s data privacy landscape in the United States – many online services are based in California and nearly all have California users. For now, it remains to be seen whether the ADCA will emerge from the California Senate and, if it does, the provisions that may be amended in the process. The ADCA defines children as consumers under the age of 18, a higher age than any enacted child privacy law in the US. The ADCA definition differs from that of COPPA and the California Consumer Privacy Act (CCPA) which define children as under 13.

In proposing the ADCA, California expands the growing conversation on children’s online protection. Domestically and internationally, legislatures, policymakers, and advocates are attempting to balance the need for youth data protection and mitigating the negative effects of online content with the need for young minds to learn and explore. These efforts may further motivate Congress to push for more comprehensive federal children’s privacy protections and extend heightened protections to teens.