California Governor Gavin Newsom signed the California Age-Appropriate Design Code Act (CAADCA) into law on September 15, 2022. Due to take effect on July 1, 2024, the CAADCA is poised to impact the online compliance landscape concerning children’s privacy and safety significantly. Despite a recent injunction against the Act, it is advisable for businesses to continue their preparatory compliance efforts.
The CAADCA brings about substantial changes, such as:
- Defining a child as anyone under 18 years of age
- Requiring data protection impact assessments for online products and services likely to be accessed by children
- Mandating that default settings be ‘high privacy’ for digital services likely to be used by children
The injunction presents an uncertainty over the CAADCA implementation, but this should not act as a deterrent. Corporations and law firms need to take these reforms seriously, given their sweeping nature and the potential for hefty fines and damaging reputational effects for non-compliance.
There is a need for a structured and organized approach in analyzing and responding to the CAADCA’s requirements. Businesses are advised to leverage best practices in data protection and children’s privacy to ensure compliance. They should assess their collection and use of children’s data and monitor relevant legislative developments closely.
For detailed information on the CAADCA and the injunction against it, refer to the article Businesses Should Continue Preparatory Compliance Efforts Despite Injunction Against California Kid’s Online Privacy and Safety Law (CAADCA) by Foley & Lardner LLP.