California legislators are expected to pass a set of rules that would require tech companies to implement the highest level of privacy and restrict data-gathering for children.
California’s State Senate voted 33-0 in favor of passing the California Age Appropriate Design Code on Monday, months after the State Assembly voted in favor of a similar bill in May. The bill is being sent for finalization to California Gov. Gavin Newsom, who has not taken a public stance on the measure. The legislation would place some of the strictest restrictions on internet privacy regarding children in the United States to date.
“The digital ecosystem is not safe by default for children,” said Buffy Wicks, a Democrat in California’s State Assembly and a co-sponsor of the bill, according to the New York Times. “We think the Kids’ Code, as we call it, would make tech safer for children by essentially requiring these companies to better protect them.” The bill was sponsored by Wicks and Republican Assemblyman Jordan Cunningham with the help of the U.K.-based Five Rights Foundation.
The bill has been contested by the tech industry and lawmakers for several months, with lobbyists seeking to amend the bill to accommodate current practices. The current version of the Design Code requires companies to prioritize the safety of children in their product design. It will also restrict apps’ ability to collect data on anyone 18 or younger and require apps to turn on their highest privacy settings by default for children.
The bill implements restrictions on top of the Children’s Online Privacy Protection Act of 1998, which protects the privacy of all users 13 or younger. The rules are scheduled to take effect in 2024. It’s unclear if tech companies will change their policies across the United States to accommodate the design code or if they will keep it location-locked.
The Design Code is heavily inspired by the United Kingdom’s Age-Appropriate Design Code, which the country implemented in 2021 and has similar privacy restrictions for youth in the U.K.
“Today, California took a massive step forward in securing a future in which the internet is fundamentally designed around the best interests of young people,” said Accountable Tech Executive Director Nicole Gill in a statement. “The California Age-Appropriate Design Code will ensure Big tech platforms prioritize the safety, wellbeing, and privacy of children and teens, and put an end to the pervasive tracking, targeting, and manipulation they face online.”
Other tech advocacy organizations are hesitant to voice support for the legislation, as they favor a federal policy. “It’s another example of why we need a federal privacy law that includes universal standards to protect kids online instead of a patchwork of state laws that creates confusion and compliance complications for businesses,” Technet’s California Executive Director Dylan Hoffman told Axios.
Others have expressed concerns about potentially excessive barriers the code would implement, such as requiring age authentication via “estimating the age of child users.”
“[The Design Code] would erect digital barriers throughout the Internet for everyone; drive some businesses out of the industry entirely; expose everyone, including children, to greater privacy and security risks; strip vulnerable users of access to sensitive information they need; create chilling effects that discourage critical and whistleblower content; shrink the Internet for California minors; and put California minors at a permanent professional disadvantage,” wrote Eric Goldman, a law professor at Santa Clara University Law School, in an op-ed.
At least one bill in Congress has been proposed to create a federal privacy framework. The American Data Privacy and Protection Act proposed a series of data collection practices and was moved to a floor vote by the Committee on Energy and Commerce in July.