Court ruling on California’s online child safety law could put similar bills on hold


The decision by a federal judge on Monday to strike down a California law designed to reduce children’s exposure to harmful content online could have far-reaching implications, according to privacy and technology experts, setting up debate over how to define harm and determining at what point it overrides the First Amendment.

The ruling on the law, the California Age-Appropriate Design Code (CAADC), is considered particularly significant because the judge took issue with nearly all aspects of the law on First Amendment grounds. It also comes as Congress is negotiating the Kids Online Safety Act (KOSA), which contains similar provisions.

The California case “no matter what will be appealed to the Supreme Court,” Eric Goldman, a law professor who is co-director of the High Tech Law Institute at Santa Clara University, told Recorded Future News in an interview. Goldman’s scholarship was cited throughout the court decision.

Age-appropriate design laws typically require online services targeted to children not to expose them to harmful content; not to design for compulsive use of their content; to estimate the age of child users with reasonable certainty; and to minimize the collection or use of children’s data among other things.

Five state legislatures have enacted bills focused on children’s online safety and age verification requirements in recent months, often as part of broader comprehensive data privacy bills, according to a tracker created by the Future of Privacy Forum (FPF). Three states, including California, have passed laws more focused on age-appropriate design.

Experts and advocates say the California law’s fate could lead to a domino effect impacting the other laws.

Both Connecticut and Florida included provisions that “appeared to be inspired by the AADC in their broader consumer privacy laws,” FPF Senior Counsel Bailey Sanchez and FPF Fellow Jordan Francis wrote in a newsletter.

The report noted that “both states’ laws contain several other provisions flagged by the [California] Court, so we will be watching how this holding influences the broader children’s online privacy and safety legislative landscape.”

While it is unclear whether Congress will consider the California decision as KOSA continues to be debated, Sanchez said KOSA’s focus on platform design resembles CAADC.

The nexus between free speech and privacy

The California law is emblematic of a larger tension in the privacy and children’s online safety communities. While many of the state-level age-appropriate design laws and KOSA include privacy protections such as minimizing data collection from children, they have been staunchly opposed by groups which often advocate for privacy rights like the ACLU and Electronic Frontier Foundation.

“Where legislation is specifically targeting speech that legislators have deemed harmful or distressing it is going to raise constitutional questions and we see the Kids Online Safety Act take that angle as well by attacking speech that causes depression or causes anxiety,” said Cody Venzke, senior policy counsel for surveillance, privacy, and technology at the ACLU.

He said that the court’s ruling in California, as well as earlier decisions striking down children’s online safety bills in Arkansas and Texas, could have a chilling effect on similar laws elsewhere, including KOSA. The bill’s sponsors, Sen. Richard Blumenthal (D-CT) and Marsha Blackburn (R-TN) did not respond to requests for comment.

Chris Marchese, the director of the litigation center at NetChoice, a membership organization representing Big Tech, agreed, saying via email that California’s “digital parenting regulations have been found likely unconstitutional in court. That raises serious constitutional questions about the Kids Online Safety Act.”

Advocates for children decried the court decision, saying technology companies have hidden behind the First Amendment for too long.

Jim Steyer, the founder and CEO of Common Sense Media, said in an emailed statement that the First Amendment “does not protect tech companies from maximizing profit at the expense of children’s well-being.”

He called the NetChoice lawsuit the latest attempt to keep a “golden fence around tech companies whose products are causing real harm to kids and families.”

One prominent scholar and privacy expert, law professor Daniel Solove, called the decision “a ridiculously expansive interpretation of the First Amendment, one that would annihilate most regulation if applied elsewhere.”

Solove said the finding is reminiscent of a recent court decision requiring the government not to take down misinformation on First Amendment grounds.

But California’s decision to position AADC as a privacy law and not a speech regulation law was a fatal mistake and an argument the court “shredded,” Goldman said.

“There’s a broad-based push to censor the Internet, and censorship-minded folks are embracing privacy framing as a way of hiding their true agenda,” he said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Suzanne Smalley is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

New Zealand university operating despite cyberattack

Next Post

Product leasing giant warns that sensitive information was stolen during cyberattack

Related Posts

‘Konfety’ Ad Fraud Uses 250+ Google Play Decoy Apps to Hide Malicious Twins

Details have emerged about a "massive ad fraud operation" that leverages hundreds of apps on the Google Play Store to perform a host of nefarious activities. The campaign has been codenamed Konfety – the Russian word for Candy – owing to its abuse of a mobile advertising software development kit (SDK) associated with a Russia-based ad network called CaramelAds. "Konfety represents a new form of
Read More