How California's new online child safety bill works

Some tech companies may implement uniform changes that extend beyond California.

August 31, 2022, 2:29 PM

California, home to some of the world's largest tech companies, passed a landmark bill on Tuesday that would require a broad swathe of apps and sites to strengthen their safety protections for young users.

The bipartisan bill passed the California Senate by a vote of 33 to 0, though seven Republicans abstained. It marks the latest attempt to rein in tech companies over the alleged damage their products cause to children. Democratic Gov. Gavin Newsom has not taken a public stance on the bill.

The bill drew opposition from a coalition of industry groups, which includes the Chamber of Commerce and TechNet, a trade organization that represents member companies such as Google, Snap, Meta, Amazon and Apple.

In a letter of opposition sent to the California legislature in response to a recent version of the bill, the coalition of trade groups said the bill "contains a great deal of subjectivity." Further, the coalition said the bill should afford companies an opportunity to fix products found to be in violation, since "the goal is to encourage and incentivize companies to take proactive steps to protect children online."

The final version of the bill includes a 90-day grace period for companies found in violation.

The call for bolstered online protections for children gained momentum in the aftermath of revelations last fall from Facebook whistleblower Frances Haugen, who released internal research showing that the company understood the danger that Facebook-owned Instagram posed for some teen girls.

If signed into law, the sweeping California bill -- dubbed the The California Age-Appropriate Design Code Act -- will go into effect in 2024. It may result in nationwide changes for some online platforms, if companies opt to implement uniform regulations that affect children beyond California.

Here's exactly what California's new children's online safety bill would do:

Require companies to analyze and address the impact of their products on children

The bill mandates businesses that sell online products likely to be used by children to conduct an assessment of the effects those products have for young users, whom the bill defines as people under the age of 18.

The tech companies must take proactive steps to address harm found to be caused by their apps or other online services.

Force business to implement some specific protections for young users

Under the bill, companies must take some immediate steps to protect children who use their services.

For instance, apps and sites would need to automatically place children's accounts on the highest privacy setting available. The platforms would also be disallowed from sweeping up data on the exact location of children, unless they provide a clear and direct signal to users acknowledging that such information will be collected.

PHOTO: In this July 17, 2022, file photo, the California state Capitol is shown in Sacramento, Calif.
In this July 17, 2022, file photo, the California state Capitol is shown in Sacramento, Calif.
Myung J. Chun/Los Angeles Times via Getty Images, FILE

Create a working group to recommend best practices

A group of stakeholders, called the California Children's Data Protection Working Group, would make a set of recommendations to the state legislature on how companies can best implement safety protections, the bill says.

The working group would be made up of representatives from industry, academia and consumer advocacy groups, as well as small and large businesses.

Fine companies in violation of the bill

If found to have violated the bill, a company would face financial penalties pegged to the number of children affected in a given instance.

A fine of $2,500 per affected child would follow a negligent violation of the bill, while a penalty of $7,500 per affected child would come along with an intentional transgression, the bill says.

Prior to imposing a penalty, the bill would offer companies a 90-day grace period to fix the aspect of their products -- such as an algorithm or specific utility -- found to be in violation.