California is in court fighting about a draft children's privacy bill. As a stop gap while the state fights it out about that first bill, it has introduced new legislation that would supplement the state's overall privacy law (CCPA) with provisions specific to children under 18. The proposed new law would require “affirmative authorization” to collect from, use, share, or sell data about under-18s. (Currently, the CCPA offers some protections for users 16 and under.) For under-13s, the law would require parental consent.
Why It Matters
The more laws there are in the privacy arena, and the more regulators grow to like passing them, the better the chances of unintentionally broad consequences. There is already a federal law on the books that requires “verifiable parental consent” regarding online data from children under 13 when a service is “directed to” children. That law, however, was passed in the 1990s – the infancy of the internet and long before the always-on, device-driven era of social media. As the nature of media consumption has changed, so has the appetite of regulators to craft much broader rules that are not necessarily confined to “kids' media." Now, it is much more likely that online services will have to comply with some children's privacy rules even if they are not actively seeking children as their user base. The sheer number and complexity of the rules makes this a tricky compliance proposition.
Subscribe to Taylor English Insights by topic here.
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-09-02-16-51-11-418-66d5ecff75128dc1466c94ac.jpg)
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-11-15-14-55-15-714-673760d3d0763092c0219f9d.jpg)
/Passle/5fe0c4f453548a10fc881e09/SearchServiceImages/2024-11-14-18-24-27-197-6736405b1e2d60506ae65a6d.jpg)