New age-appropriate site design code awaits California governor’s signature


Following in the footsteps of UK lawmakers, pols in the US state of California have unanimously approved a bill that would force many online businesses to think about how children can consume their content, and that adds to state data privacy rules.

The California Age-Appropriate Design Code Act awaits Governor Gavin Newsom’s signature. At present, it is known as Assembly Bill 2273.

Depending on how you look at it, kids are bursting into online content not caring what they’re about to encounter, or kids are being swamped with a never-ending stream of revenue-seeking products.

In any case, this law and other bills like it want to slow down certain transactions and put material that a child may consume in a more protective context. Where necessary, companies should also give children the opportunity to make informed decisions about what to do next.

The bill would apply to providers of content or services likely to be viewed online by children.

First and foremost, the design code would force these providers to make their highest level of privacy the default for their site.

And everything that typically relates to the very last pixels at the bottom of a web page – privacy policies, terms of service and other boilerplate – should be more visible and written in language suitable for the youngest expected visitor.

“Dark patterns,” the insidious ways of leading visitors down the path to revenue-generating action, would be banned. In this case, a dark pattern could cause children to give up personal identifying information.

When information about a child is collected, the law would prevent it from being used for purposes other than those that are likely to be clearly stated.

Civil penalties under the Act could be as high as $7,500 per affected child.

The data protection rules are intended to complement existing legislation passed in 2018 which requires age verification for specific products and services.

California’s code draws heavily from the UK’s Children’s Code, a 15-standard reflection of how lawmakers believe the online experience should be for children. It takes effect on July 1, 2024.

The UK document is broader, however, referring to toys and connected devices that involve online services.

Article topics

access management | age verification | children | data privacy | digital identity | legislation


Comments are closed.