S.B. 568 Expands Online Privacy Protections Beyond Federal COPPA Rules and Extends Rights to All Children Under 18 Years of Age
California Governor Brown is preparing to sign into law an unprecedented children’s online privacy bill (S.B. 568), which adds a new chapter to the State’s Business and Professions Code (BPC) to protect the online privacy of children and teenagers who are under 18 years of age and reside in the State of California. The bill establishes Chapter 22.1, entitled “Privacy Rights for California Minors in the Digital World,” which will commence with Section 22580 in Division 8 of the BPC.
In response to minors’ increasing access to digital content and products available online, California Senate President pro Tempore Darrell Steinberg introduced S.B. 568 “to increase protections for children as they navigate through social media and online.” Upon its initial passage in the Senate on April 29, 2013, Senator Steinberg’s press release described the purposes of the bill as follows: “S.B. 568 strengthens the privacy rights of minors in the digital world by allowing them to remove inappropriate content they themselves have posted, and also protects minors from harmful marketing and advertising.”
The Assembly approved S.B. 568 by a margin of 62-12 on August 26, 2013, and the Senate unanimously passed it on August 30, 2013. It was presented to the Governor for his signature on September 5, 2013. Governor Brown is expected to sign the bill before the expiration of the signing period on October 13, 2013.
Provisions of New Law
The new law, which will become effective as of January 1, 2015, has two main provisions. First, Section 22580 seeks to protect children and teens under the age of 18 by prohibiting, with few exceptions, operators of Internet websites, online services, online applications and mobile apps from knowingly marketing and advertising to a minor a broad range of products specified in the law, including alcoholic beverages, firearms, ammunition, spray paint, tobacco products, fireworks, tanning services, dietary supplements, lottery tickets, tattoos, drug paraphernalia and obscene matter, among other products and services. Secondly, Section 22581 will require such operators to notify minors of their rights to remove content or information they posted to the operator’s website, online service, online application and mobile apps, and honor their requests to remove such data, subject to specified conditions and exceptions.
Purposes of Legislation
The Senate Judiciary Committee analysis provides additional insight into the bill’s legislative intent, explaining that the bill author’s “stated need for the bill” was that “a large part of a child’s social and emotional development is occurring while that child navigates through the digital world while online and through their cell phone.” The author contended that young children may be more susceptible to revealing personal information before they comprehend the consequences.
Currently, the Children’s Online Privacy Protection Act of 1998 (COPPA) requires companies to obtain parental consent before collecting personal information from children under 13 years of age. Such personal information includes details that could be used to identify, contact or locate a child. This new California law was designed to supplement and extend the pre-existing COPPA rules, adding even greater privacy protections for both children and teens under 18 years of age. As stated in the Senate Judiciary Committee analysis, the author explains the “need to protect these children, consistent with COPPA, and extend protections in the digital world to teens,” arguing that “the percent of teens that use social network sites almost doubles between ages 12 and 13…[and] over 80 percent of 13 year old users actively use social media.”
Questions Regarding “Directed to Minors”
After the California Senate’s initial passage of the bill in April 2013, the Center for Democracy and Technology (CDT) testified on June 25, 2013, about the provisions of S.B. 568 before the California State Assembly’s Committee on Arts, Entertainment, Sports, Tourism and Internet Media. Among other things, CDT’s testimony argued that the bill is “unconstitutionally vague” as to sites that may be considered “directed to minors,” which could leave website operators “with no certainty of their obligations under the law.” The Assembly amended the bill prior to its passage by that chamber to clarify that the bill’s requirements will only apply to websites that are “predominantly” directed to minors. The Senate then concurred in this amendment and all of the Assembly’s amendments to S. B. 568, approving the amended bill unanimously and sending it to Governor Brown for his signature.
Operators of Internet websites, online services, online applications and/or mobile apps with registered users who are minors or who are engaged in marketing or advertising the content, services or products specified in the bill, whether through third-party advertisers or contextual advertising, should carefully review the provisions of the new law to ensure their compliance upon its effective date.
Additionally, given the influence that California privacy legislation often has in fostering similar federal policy proposals, coupled with the new law’s stated purpose in building upon existing federal COPPA rules to extend online privacy protections to teenage minors, the bill’s enactment may lead to further efforts among policymakers and privacy advocates in Washington, D.C., to call for nationwide privacy protections for all children under 18 years of age.
This advisory is published by Alston & Bird LLP to provide a summary of significant developments to our clients and friends. It is intended to be informational and does not constitute legal advice regarding any specific situation. This material may also be considered attorney advertising under court rules of certain jurisdictions.