Court Upholds Key Provisions of California’s Age-Appropriate Design Code
In early August, a federal appeals court in the US made a significant ruling on the California Age-Appropriate Design Code (CAADC). This law passed in 2022, mandates that companies design their products with children’s safety and privacy in mind. The recent ruling partially vacated the lawsuit brought forward by tech trade group NetChoice, which represents major tech companies like Amazon, Meta, and Google.
Provisions in the CAADC and legal challenges
The law, sponsored by 5Rights and passed with unanimous support from the California legislature in 2022, requires companies to provide all under 18s with a high level of data protection by design and default. Building on best practice standards rolled out in other jurisdictions in the UK and Europe, the law prevents companies among others from tracking or profiling kids and teens.
In 2023, a local court decided that the law was likely violating the First Amendment. However, the recent Circuit Judge’s ruling partly reversed that decision as concerns the law’s provisions that require companies to estimate the age of child users and offer them a high level of privacy and safety by default. This is encouraging news for Age-Appropriate Design Code bills across the United States, especially in Maryland, California and Vermont, because it reaffirms that the core principles of safety-by-design and privacy-by-default are constitutional.
The court however upheld NetChoice’s claim that the requirement on companies to conduct and document a Data Protection Impact Assessment in order to identify and mitigate risks to children before a new service or feature is launched, was likely in breach of the First Amendment “because it clearly compels speech” by forcing companies to “opine” on what could be harmful to children. Data Protection Impact Assessments are a cornerstone of comprehensive data protection laws, including the California Privacy Rights Act, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act, as well as the EU’s GDPR.
The Global Impact of Child Safety Laws
“This ruling affirms that tech companies can and should be held accountable for ensuring their products are safe for children. We know from whistleblowers such as Frances Haugan that these companies are often aware of the harms they are causing, and deliberately choosing profit over kids’ safety. This is not only immoral, but should clearly be illegal.” says Leanda Barrington-Leach, Executive Director at 5Rights, which is a member of the Kids Code Coalition supporting the AADC in the US.
As legislators around the world move in sync to adopt the standards of the Age-Appropriate Design Code, 5Rights looks forward to seeing Californian kids benefit from the same protections.