September 20, 2024
Broader Protections for Kids Under New CCPA Amendment
California is imposing tough new rules on processing the data of anyone under the age of 18, with the potential to affect businesses that don't target younger consumers.
California Governor Gavin Newsom recently signed into law the California Age-Appropriate Design Code Act (AADCA), which significantly increases the privacy protections that businesses must extend to children online. The AADCA builds on an existing federal privacy law, the Children’s Online Privacy Protection Act (COPPA), but takes those protections to a whole new level by greatly expanding their reach.
The new law does not go into effect until July 1, 2024, but some of the compliance measures will take a lot of planning so it’s never too early to get a handle on it. Learn about when the AADCA applies and what it requires from businesses.
The AADCA applies to “businesses that develop and provide online services, products, or features that children are likely to access.” This raises three main questions:
The AADCA applies to “businesses”; fortunately, we already have a familiar definition for that term because the new law explicitly refers to the California Consumer Privacy Act (CCPA) for many of its key definitions. Under the CCPA, a business is a for-profit entity that collects personal information, does business in California, and meets at least one of the following criteria:
To learn more about how these criteria are calculated, read our defined in the CCPA) any personal information that is not necessary to provide an online service with which a child is actively and knowingly engaged, unless the business can demonstrate a compelling reason why it is in the best interests of the child.
By default, businesses may not engage in the profiling of minors. Profiling is any automated processing of personal information that is used to evaluate a person, such as using past purchases to predict future shopping behavior.
However, a businesses may profile a child by default if two conditions are met:
Disclaimer: This content is provided for general informational purposes only and does not constitute legal or other professional advice. Without limiting the foregoing, the content may not reflect recent developments in the law, may not be complete, and may not be accurate or relevant in an applicable jurisdiction. This content is not a substitute for obtaining legal advice from a qualified licensed attorney in the applicable jurisdiction. The content is general in nature and may not pertain to specific circumstances, so it should not be used to act or refrain from acting based on it without first obtaining advice from professional counsel qualified in the applicable subject matter and jurisdictions.
Get monthly updates on the latest updates on policy & the shifting privacy landscape.
Dive into a world of knowledge, trends, and industry updates on the TrueVault blog.
