By MADISON HIRNEISEN
THE CENTER SQUARE STAFF REPORTER
(The Center Square) — A bipartisan bill aimed at increasing online privacy and safety for children cleared its first hurdle in the Legislature on Tuesday.
The bill, AB 2273, would create the California Age Appropriate Design Code Act, which would require businesses that create goods or services “likely to be accessed by children” to follow new standards. The guidelines would include “considering the best interests of children likely to access the service when designing, developing and providing that service.”
The bill would require that companies providing a service “likely to be accessed by children” make the “highest level of privacy possible” the default for platforms accessed by children unless there is “reasonable certainty” that the user is an adult. According to a bill analysis, this could include “disabling profiling unless the business can demonstrate a compelling reason that a different default setting is in the best interests of children likely to access that service.” Under existing law, online platforms can treat all consumers as adults if they are 13 or older, but this bill defines “child” as a consumer under 18.
Additional protections in the bill would prohibit businesses from collecting and retaining a child’s personal information that is “not necessary to provide a service” and bar companies from collecting any “precise geolocation information by default” unless the business can prove it is in the child’s “best interest.” Companies would also be prohibited from collecting geolocation information without alerting the customer that this information is being collected.
Assemblymember Buffy Wicks, D-Oakland, authored the bill alongside Assemblymember Jordan Cunningham, R-San Luis Obispo, whose district includes northern Santa Barbara County.
Ms. Wicks told lawmakers Tuesday that, while the state and federal governments have existing privacy laws to protect children, there is no comprehensive law that currently exists to protect children under 18 from online products they are likely to access.
As a result, Ms. Wicks said online platforms have been created with “adult design principles that do not factor in the unique needs of young minds, abilities and sensibilities.”
“By not considering children under 18 in the design of online products and services that they’re likely to access, they face a number of adverse impacts due to their interactions with the online world including bullying, mental health challenges and addictive behavior,” Ms. Wicks said. “As amended, AB 2273 will address these issues by requiring websites and other online services that are likely to be accessed by children to offer privacy and safety protections by default, unless there is reasonable certainty that the consumer is an adult.”
The protections in the bill are drawn from the Britain’s Age Appropriate Design Code, which sets the standard for digital services processing children’s data. Baroness Beeban Kidron, a crossbench peer in the British House of Lords and chair of the 5Rights Foundation, helped to create and implement the British standard and spoke in support of AB 2273 on Tuesday.
Baroness Kidron told lawmakers Tuesday that the British law resulted in the “biggest innovation” for child safety that the technology sector “has ever taken on.” She noted that under the United Kingdom’s law, YouTube turned off its autoplay function, and both TikTok and Instagram stopped the ability for unknown adults to direct message minors.
Together with many others, these changes helped to “detoxify the online experience for young people,” the baroness said.
“I am pro tech, but just as one cannot or should not be able to sell, rent or drive a car with no seatbelts, rearview mirror or headlines, it must not be possible to sell, rent or offer a child services and products that have not taken account of their privacy and safety,” Baroness Kidron said. “The California Age Appropriate Design Bill simply ensures that companies have to ask themselves the question: What would they do differently if they knew the end user was a child?”
The bill would also establish the California Children’s Data Protection Task Force within the California Privacy Protection Agency, which would weigh the best practices for implementing the policy and support businesses along the way.
The bill was opposed by the California Chamber of Commerce and TechNet, though both parties recognized that their organizations take the issue of a child’s privacy online seriously. Both opposition parties also acknowledged that the bill has been amended, but TechNet recommended the bill be further altered to specify the provisions to site features and services directed at children rather than just “likely to be accessed by children.”
“Directed to children is an existing standard that our companies understand and comply with for years,” Lia Nitake, TechNet’s deputy executive director for California and the Southwest, told lawmakers.
The California Chamber of Commerce also voiced concern that the bill “uniformly lumps all minors into the same age group without differentiation.” They asked that the bill’s authors consider whether 17 to draw the line “as a matter of public policy.” The chamber also requested that the bill be amended to require the task force to report back to the Legislature.
The bill was advanced in a 9-0 vote by lawmakers on the Assembly Committee on Privacy and Consumer Protection on Tuesday. Chair of the committee, Assemblymember Jesse Gabriel, praised the authors for their work on the bill but said there is a “great deal of work left to be done.” Assemblymember Gabriel said the bill “currently lacks some of the provision” that he deemed necessary, asking that the authors continue to work with stakeholders as the bill moves forward.
The bill will be heard next in the Assembly Appropriations Committee.
Madison Hirneisen covers California for The Center Square.