California has implemented a new kids data and privacy law that could have a far-reaching impact on how kidcos do business.
On September 15, state governor Gavin Newson ratified the California Age-Appropriate Design Code, which requires kidtech companies and online platforms to protect children’s wellbeing, data and privacy through the design of online products.
The law, which officially comes into effect on July 1, 2024, restricts companies from geo-locating kids, and requires them to apply maximum privacy protections by default, and avoid using design to entice children to give up personal data. Additionally, it raises the defined age of a child from 13 to 18.
It also requires developers to include age-specific design elements, make it easy for kids to report privacy concerns, and notify them when they’re being monitored or tracked.
Regulation around making content that is a better match for kids’ needs and abilities is good, but the increasing volume of region-specific regulations are tough for developers to successfully navigate, notes David Kleeman, SVP of global trends for kids research firm and gaming company Dubit.
“In general, I’m in favor of regulatory efforts that begin from positives—how to build for kids’ needs and abilities. The California law and its forerunner in the UK (the Age-Appropriate Design Code) do that,” says Kleeman. “That said, we’re headed toward an emerging maze of laws–local, state, national, regional, global—that will make it very difficult for builders and creators to monitor, understand and manage the regulatory patchwork.”
Shai Samet, founder and president of the kidSAFE Seal Program, which analyzes and approves kid-friendly websites and games, suspects that this law could become a standard for the rest of the US. On a basic level, it’s unlikely that app developers will want to create different versions just for California-based users, so the tenets that underpin it could quickly become national by default.
But it’s also precedent-setting because it applies to products that are likely to interest kids, and not just products made specifically for them. And the new age definition of a child in the digital marketplace means social media networks will now have to abide by the law as well, if they are designed or likely to appeal to teens.
The new act opens up big questions about what legislation could be coming next, says Samet. Additional laws and guidance might be needed to support it, and it’s unclear how COPPA—the federal Children’s Online Privacy Protection Act—will overlap, or if the FTC might take concepts from this new law and apply it to COPPA.
The concept of making tech kid-safe shouldn’t be a surprise to companies in the industry anymore, Dubit’s Kleeman notes.
“The pandemic proved that every digital company is a children’s company, as kids and teens discovered and hacked all types of platforms to meet their needs for communication, collaboration and play,” he says. “So every digital media company needs to find a qualified advisor on safety, privacy and ethical design, with a global perspective.”