Author

Alison Pepper

4As EVP of Government Relations & Sustainability

Topic

  • Government Relations
  • Privacy Law

Mirroring the UK’s Children’s Code, California’s AB 2273, the Age-Appropriate Design Code Act, was introduced earlier this year with the intent that “[c]hildren should be afforded protections not only by online products and services specifically directed at them, but by all online products and services they are likely to access.” The bill contains provisions for children’s data protection and limits to online exposure for minors under age 18 that would be enforceable by the California Privacy Protection Agency (CPPA). Agencies should review the bill’s requirements, and if applicable, begin planning for implementation in coordination with their clients. 

AB 2273 requires a business that provides an online service, product, or feature likely to be accessed by a child to comply with specified requirements, including:

  • Configuring all default privacy settings offered by the online service, product, or feature to the settings that offer a high level of privacy protection offered by the business;
  • Providing privacy information, terms of service, policies, and community standards concisely and prominently; and
  • Using clear language suited to the age of children likely to access that online service, product, or feature.
  • Perform risk assessments to evaluate, document, and mitigate risks of material detriment to children;

It also seeks to prevent the use of any dark patterns that encourage children to divulge excess personal information. Similar to the Federal Children’s Online Privacy Protection Act (COPPA), it would require that websites provide privacy notice information in clear language suited to the age of children likely to access the online service.

The bill defines “likely to be accessed by a child” to mean that a child would reasonably access the online service, product, or feature if:

  • It is directed to them (as defined by the Children’s Online Privacy Protection Act, 15 U.S.C. Sec. 6501 et seq.);
  • It is routinely accessed by children through academic, market, or internal company research;
  • It advertises to children; or
  • It has design elements that are known to be of interest to children, including, but not limited to, games, cartoons, music, and celebrities who appeal to children.

As enacted, AB 2273 would require the CPPA, in consultation with the taskforce, to adopt regulations by April 1, 2024. This bill would authorize the California Attorney General to seek an injunction or civil penalty against any business that violates its provisions. Violations of AB 2273 can result in injunctions or civil penalties against businesses of up to $2,500 per affected child for each negligent violation or up to $7,500 per affected child for each intentional violation. Businesses that substantially comply with Data Protection Impact Assessment requirements, however, can benefit from a 90-day cure period. AB 2273 also expressly prohibits a private right of action.

The bill passed out of the legislature on August 30, 2022 and was signed by Governor Newsom on September 15, 2022.

For additional information or concerns regarding California’s AB 2273, the Age-Appropriate Design Code Act, please contact Alison Pepper

 

Related Posts

View All Posts
A bald man in a gray blazer writes notes during a conference. He is surrounded by people seated at tables. The atmosphere is focused and professional.

03/05/2025

White House Seeks Public Comment on U.S. AI Strategy

Learn More
A woman in a blue sweater speaks into a microphone during a meeting or conference. She is seated at a table with a cup of coffee and a smartphone in front of her. Other attendees are seated nearby, listening attentively.

03/05/2025

Oklahoma Bill Introduced to Broadly Ban DTC Pharmaceutical Advertising

Learn More

02/03/2025

U.S. Copyright Office Publishes Part 2 of AI Report, Offering Clarity on Copyright for Generative AI Outputs

Learn More
View All Posts