California lawmakers met in Sacramento today to discuss, among other things, proposed legislation to protect children online. The bill, AB2273, known as The California Age-Appropriate Design Code Act, would require websites to verify the ages of visitors.
Critics of the legislation argue that this requirement threatens adult privacy and the ability to use the Internet anonymously, in California and likely elsewhere, because of the role the Golden State tech companies play on the Internet.
“First, the bill claims to protect children on the pretense, but it will change the Internet for everyone,” Eric Goldman, a professor at Santa Clara University School of Law, said in a statement. blog post† “To determine who a child is, websites and apps will have to verify the age of ALL consumers before they can use the service. Nobody wants this.”
Goldman says the bill will end casual web browsing, forcing companies to collect personal information they don’t want to store and protect — and consumers don’t want to provide — to verify the age of visitors. And since age verification generally requires identity information, that threatens the ability to use the Internet anonymously.
Goldman also objects to the fact that this US state-level account is modeled after the UK’s Age-appropriate design code (AADC) because European legislation makes compliance a matter of engagement and dialogue with regulators, as opposed to the US rules-based approach which provides more certainty about what is and is not allowed.
In addition, he argues that the scope of the bill extends beyond children’s privacy and implies that consumer protection and content moderation will be moderated. He therefore views the bill as “a Trojan horse for comprehensive regulation of Internet services” and would turn the California Privacy Protection Agency (CPPA) into a general Internet regulatory body.
At the same time, it is clear that current laws to protect children are inadequate. In an April letter [PDF] Justin Brookman, director of technology policy for consumer reports, told California lawmakers that companies often circumvent the requirements of the Children’s Online Privacy Protection Act (COPPA), the federal law that requires parental consent to process the data of children under 13. . to 2018 study that found thousands of apps violate COPPA through the use of Software Development Kits (SDKs), ad code libraries, and analytics that collect data about children.
supporters of California bill point to technical changes coming from the UK’s AADC, such as Google making SafeSearch the default browser mode for anyone under the age of 18 and TikTok and Instagram disabling direct messages between children and adults who don’t follow them, as examples of how the law affects the internet. for children could improve .
While the UK’s AADC has made valuable improvements in children’s privacy, proposed legislation often creates collateral damage if not carefully drafted. Both the UK and the European Unionfor example, have made changes to the law to protect children from abuse and exploitation by destroying privacy and encryption.
Brookman, in a message to The register, said, “I generally disagree with Eric on most things, but I think he has a point here.” And he pointed to his April letter saying Consumer Reports would support the bill if some changes were made.
He suggested that the bill should differentiate the way teens and children under 13 are treated, and adopt clear, rules-based language rather than ambiguous, ambitious mandates, such as instructing websites to “default to the highest level of maintain privacy”.
He also urged lawmakers to drop the age verification requirement.
“Mandatory identity verification would require extensive and expensive data collection and eliminate consumers’ rights to read and speak anonymously, undermining the fundamental objectives of the bill,” he wrote in the letter.