California’s trailblazing law directing online services like
The new law, enacted last week, adds to California’s lead over national efforts to adopt an overarching privacy law, though it may push the US Congress to act on kid-focused measures so standards are uniform across states.
“California has leapfrogged over any federal effort,” said Phyllis Marcus, a partner at Hunton Andrews Kurth LLC who previously led children’s privacy enforcement at the Federal Trade Commission.
The state was the first in the US to adopt a comprehensive consumer privacy law in 2018, with updates applied more recently. Now it’s the first to add directives for how social media platforms, video games, and other online services must design their products with children and teens in mind. This collection of privacy laws is adding to California lawmakers’ contention that a federal bill shouldn’t override their state’s laws.
“As California continues to add strong privacy policies like this one, it becomes all the more imperative that we ensure that federal privacy legislation does not undermine decades of progress made in our state,” Rep.
Read more: California Adopts First-in-Nation Safeguards for Kids Online
Progress on House lawmakers’ bipartisan federal privacy bill (
California lawmakers are “understandably apprehensive” about a federal law undermining their state measures, which may make it harder to advance a comprehensive bill and force further negotiations, according to Josh Golin, executive director of Fairplay, a kids’ advocacy group.
Pressing on Federal Bill
Despite the hurdles, the House bill’s backers are pressing ahead as the legislative calendar dwindles.
Bill sponsor and Energy and Commerce Chair
A spokesperson for Republicans on the Energy and Commerce Committee also said the House bill is needed, adding that California shouldn’t dictate security standards for the rest of the country.
Pallone and Rep.
California’s new law could have a very different effect on several children’s privacy bills pending in the US Senate, neither of which would preempt state rules. When combined, they would be similar in strength to California’s law, Golin said.
California’s law is “a huge win and we need more,” kids advocacy group CommonSense founder Jim Steyer said.
“This should be a big spur to several of the major federal bills,” he added in reference to committee-approved bills that would require safeguards to control minors’ experience on platforms (
Markey’s bill is similar to California’s law, which would restrict how companies can use children’s data. His bill would prohibit companies from collecting a minor’s personal information without providing notice and obtaining consent.
Read more: FTC’s Bedoya Calls for Congress to Update Kids’ Privacy Law
Following the Rules
While members of Congress hash out thorny issues around federal privacy protections, companies are left with uncertainty about how to mesh California’s law with COPPA, the federal law governing the data of children under age 13. Markey’s bill would extend the law to children under 17, while California’s new law targets online services likely to be accessed by children under age 18.
California’s policy also broadens the scope of companies subject to compliance requirements and raises questions about how to check user ages online.
“It’s the big unanswered question of how any of this will work in practice,” said Christine Lyon, a Silicon Valley-based partner at Freshfields Bruckhaus Deringer LLP.
Companies often use age gates that ask a user to enter their birthday before entering a site or app, though children can lie to gain access. Efforts to verify age, by uploading an ID or submitting a selfie, may undermine privacy goals.
A spokesperson for
A spokesperson for TikTok parent company Bytedance Ltd. did not respond to a request for comment.
To contact the reporters on this story:
To contact the editors responsible for this story: