New Tech Privacy Legislation in California for 2024
As the state of California has historically been ahead of the curve as it relates to data privacy legislation, they have taken a proactive approach as it concerns the regulation of major technology companies in recent years as well. To this point, California governor Gavin Newsome signed two new tech bills into law this past month that are the first of their kind as it pertains to privacy legislation within the U.S. Likewise, AB-587 Social media companies: terms of service, and AB-2273 The California Age-Appropriate Design Code Act will both serve to provide California residents with new data privacy protections, albeit in slightly different ways.
Beginning with AB-587, the law represents the state of California’s attempt to tackle the growing issue of content moderation within the context of social media. More specifically, the Office of Governor Gavin Newsom has described the law as “a first-of-its-kind social media transparency measure to protect Californians from hate and disinformation spread online. AB 587 by Assemblymember Jesse Gabriel (D-Encino) will require social media companies to publicly post their policies regarding hate speech, disinformation, harassment, and extremism on their platforms, and report data on their enforcement of the policies.”
Subsequently, the law states that “A social media company shall post terms of service for each social media platform owned or operated by the company in a manner reasonably designed to inform all users of the social media platform of the existence and contents of the terms of service.” This being said, the manner in which popular social media companies will have to begin serving customers within the state of California will be a significant deviation from the fashion in which social media has functioned up until this point, as content moderation has generally been at the discretion of the owners of a given social media platform.
What’s more, in addition to mandating that social media companies publically post their terms of service, AB-587 also requires that social media companies disclose “A list of potential actions the social media company may take against an item of content or a user, including, but not limited to, removal, demonetization, deprioritization, or banning”, as well as “A description of the process that users must follow to flag content, groups, or other users that they believe violate the terms of service, and the social media company’s commitments on response and resolution time.” As such, it will be interesting to see how major multinational technology companies such as Meta, Twitter, and TikTok, among others, respond to the new legislation that has been enacted in California.
On the other hand, AB-2273 is a law that strictly pertains to the online usage of children that reside within the state of California. To this end, despite the fact that the data privacy protection of children within the U.S. is one of the few data protection issues that has been addressed by the passing of a federal law, the Children’s Online Privacy Protection Act (COPPA), this law has not prevented social media sites from infringing on the personal privacy of children around the country. For this reason, Governor Newsome has taken additional measures to ensure that the personal data of minors residing within California is protected at all times.
Consequently, AB-2273 mandates that businesses “complete a Data Protection Impact Assessment, as defined, for any online service, product, or feature likely to be accessed by children and maintain documentation of this assessment as long as the online service, product, or feature is likely to be accessed by children.” Moreover, the law also prohibits businesses that sell products and services aimed at children, or that have the potential to be used by children, from selling the personal information of said children, be it in the form of contact information, or geolocation information, among other things.
Alternatively, as it concerns the punishments that can be imposed against businesses that fail to adhere to the provisions of AB-2273, the law states that “Any business that violates this title shall be subject to an injunction and liable for a civil penalty of not more than two thousand five hundred dollars ($2,500) per affected child for each negligent violation or not more than seven thousand five hundred dollars ($7,500) per affected child for each intentional violation, which shall be assessed and recovered only in a civil action brought in the name of the people of the State of California by the Attorney General.”
In accordance with the California Privacy Rights Act (CCPA), the state of California has arguably the most rigorous data privacy regulations of any state or territory throughout the country. Furthermore, when AB-587 and AB-2273 ultimately come into effect in 2024, businesses that are looking to provide their products or services to customers that reside within the state of California will have to be sure that their data collection, processing, transfer, and retention practices are compliant with these newfound regulations at all times, as there are now a host of different monetary penalties that can be imposed against businesses that are found to be in violation of any of the numerous data protection laws that currently exist within the state.