Children’s Online Safety a...
Children’s Online Safety at the Fo...

Children’s Online Safety at the Forefront of California Law

California passed a new law, AB 2273, known as the California Age-Appropriate Design Code Act (CAADCA)

Ojas Rege OneTrust General Manager, Privacy & Data Governance Cloud

clock3 Min Read

Featured Image

The law is the latest evolution in regulators’ efforts to protect minors and their data on the Internet. It places stricter requirements on businesses that provide online services, products, or features likely to be accessed by a child under 18 years of age. These requirements include regularly reviewed Data Protection Impact Assessments (DPIAs), default privacy settings at the highest protection level, and privacy policies that are understandable by children.

The CAADCA reflects an ongoing focus at the state level on establishing data privacy and data protection guardrails for the online safety of children. It is one of many new state laws going into effect in 2023 and 2024 to increase a variety of consumer rights protections. As more states propose their own bills, the privacy landscape in the United States is becoming increasingly fragmented.

Take a Proactive Privacy Approach

As the state-by-state patchwork of privacy rules becomes more complex, it’s essential for companies to build flexible and  scalable solutions that adhere to different regulations. Even for well-staffed organizations, keeping up with the pace and variability of regulations is a struggle. It’s common to end up with a complicated set of disconnected privacy programs, siloed by region or individual regulations. These disconnects cause operational inefficiencies and strained teams, resulting in poor governance, and unreliable or inconsistent consumer experiences.

A proactively designed privacy program embeds privacy into the organization and is both scalable and necessary to earn and retain consumer trust. You should not wait for regulations to dictate your privacy policies. Instead, proactively establish privacy principles and frameworks at the company level. Then, map specific regulatory requirements to your frameworks, making it easier to scale key privacy activities across regions, regulations, audiences, and internal functions.

Anticipate Evolving Privacy Legislation

Privacy protection for children is a good example of how regulations evolve along themes that well-designed privacy programs anticipate. The Children’s Online Privacy Protection Act (COPPA) was passed by the US Congress in 1998 and took effect in April 2000. It focused on restricting the collection of children’s personal information and limiting how that information could be used by operators. Twenty years later, the Age Appropriate Design Code was issued in the UK, setting standards for online services to both protect children’s privacy and reinforce that such services should be designed with children in mind. There are substantial similarities between the CAADCA and the UK Code. This is an evolution of privacy.

The CAADCA is yet another reminder to organizations of the importance of designing scalable and flexible privacy programs now, so that they can anticipate and respond effectively to future legislation.


You Might Also Be Interested In

JANUARY 12, 2023

Ultimate guide to the EU CSRD ESG regulation for businesses

JANUARY 11, 2023

Continuous improvement: The leading indicator for successful compliance programs

JANUARY 10, 2023

Build trust, promote your program in the Third-Party Risk Exchange

JANUARY 9, 2023

Building trust in a zero trust world

JANUARY 9, 2023

Consent management by the numbers: 2022 DMA report summary

JANUARY 9, 2023

Navigating the California Privacy Rights Act as a HIPAA-compliant business

JANUARY 6, 2023

US state privacy bills on the horizon in 2023

JANUARY 4, 2023

3 steps to stay compliant while using consent-driven targeted marketing

Onetrust All Rights Reserved