California Mandates Proof of Age Online

Can you prove no one under 18 uses your app?

Happy young black teen in casual wear using smartphone and laptop, studying online from home. Cool Afro youth having remote lesson, communicating with teacher or friend on webcam

If you follow tech news you might already be aware of California Age-Appropriate Design Code Act. The bill is intended to flip the baseline for kids online; making digital service providers responsible for providing maximum protections as default, and preventing kids from accessing content or tools that might harm or upset them. While the goal sounds noble, the law casts a net wide enough to make things like comment systems, peer-to-peer communication, advertising and data collection, or sharing disturbing news content illegal if kids can access it. If you can conceive of a possible harm, you must prevent it from happening. It is modeled on a proposal that has stalled in the UK, and is championed in California by baroness Beeban Kidron, a member of the UK House of Lords.

Having passed in both houses of the California legislature, the bill is inches away from becoming law. While backed by child privacy advocates, it gets poor marks from lawyers for its lack of clarity, from internet advocates who fear it harms adults online more than it protects children, and from the tech industry because it is unclear how a business can possibly comply.

The obvious unintended consequence is that companies will either need to implement a robust (no, you can’t take their word for it) age-gating and identity verification system so that you can keep adults and minors separate, or re-engineer your service to “prioritize the privacy, safety and well-being of children over commercial interests” (where ”children” means everyone unless you prove otherwise). This will be an industry-wide issue, and you can count on the 17 year olds to make the program a challenge. Think that through: you’ll need to robustly confirm the age, and consequently the identity of every one of your users in some verifiable way.

This is a BIG DEAL, and while we support privacy protections for children we cannot support a bill this vague that indirectly mandates the universal collection and verification of age and identity.
The law borrows some from California’s other privacy laws in that the smallest companies have more latitude to comply, but the mandated privacy assessments (for every new feature) will eventually burden any firm with a growth plan. You can read more about the bill and its ramifications in the New York Times or on Techdirt, or let us know what you think / ask questions in the links below.

Avatar photo

By Bruce Gustafson

Bruce is the President and CEO of the Developers Alliance, the leading advocate for the global developer workforce and the companies that depend on them. Bruce is also the founder of the Loquitur Group, a DC consulting firm, and the former VP and head of the DC Policy office of Ericsson, a global information and communications technology company, focusing on IPR, privacy, IoT, spectrum, cybersecurity and the impact of technology and the digital economy. He has previously held senior leadership positions in marketing and communications at both Ericsson and Nortel, as well as senior roles in strategy and product management across wireless, optical and enterprise communication product portfolios.

Leave a comment

Your email address will not be published. Required fields are marked *

Related Content

Developers Alliance files Amicus Brief to Argue that Algorithms are Protected by the First Amendment

Developers Alliance files Amicus Brief to Argue that Algorithms are Protected by the First Amendment

With Holidays Approaching, Outlook for Dev Policies is Limited on Capitol Hill

With Holidays Approaching, Outlook for Dev Policies is Limited on Capitol Hill

Alliance Files in the U.S. Supreme Court. Again.

Alliance Files in the U.S. Supreme Court. Again.

Join the Alliance. Protect your interests.

©2022 Developers Alliance All Rights Reserved.