New Tech Privacy Legislation in California for 2024

October 12, 2022 | 4 minutes read
New Tech Privacy Legislation in California for 2024

As the state of California has historically been ahead of the curve as it relates to data privacy legislation, they have taken a proactive approach as it concerns the regulation of major technology companies in recent years as well. To this point, California governor Gavin Newsome signed two new tech bills into law this past month that are the first of their kind as it pertains to privacy legislation within the U.S. Likewise, AB-587 Social media companies: terms of service, and AB-2273 The California Age-Appropriate Design Code Act will both serve to provide California residents with new data privacy protections, albeit in slightly different ways.

AB-587

Beginning with AB-587, the law represents the state of California’s attempt to tackle the growing issue of content moderation within the context of social media. More specifically, the Office of Governor Gavin Newsom has described the law as “a first-of-its-kind social media transparency measure to protect Californians from hate and disinformation spread online. AB 587 by Assemblymember Jesse Gabriel (D-Encino) will require social media companies to publicly post their policies regarding hate speech, disinformation, harassment, and extremism on their platforms, and report data on their enforcement of the policies.”

Subsequently, the law states that “A social media company shall post terms of service for each social media platform owned or operated by the company in a manner reasonably designed to inform all users of the social media platform of the existence and contents of the terms of service.” This being said, the manner in which popular social media companies will have to begin serving customers within the state of California will be a significant deviation from the fashion in which social media has functioned up until this point, as content moderation has generally been at the discretion of the owners of a given social media platform.

What’s more, in addition to mandating that social media companies publically post their terms of service, AB-587 also requires that social media companies disclose “A list of potential actions the social media company may take against an item of content or a user, including, but not limited to, removal, demonetization, deprioritization, or banning”, as well as “A description of the process that users must follow to flag content, groups, or other users that they believe violate the terms of service, and the social media company’s commitments on response and resolution time.” As such, it will be interesting to see how major multinational technology companies such as Meta, Twitter, and TikTok, among others, respond to the new legislation that has been enacted in California.

AB-2273

On the other hand, AB-2273 is a law that strictly pertains to the online usage of children that reside within the state of California. To this end, despite the fact that the data privacy protection of children within the U.S. is one of the few data protection issues that has been addressed by the passing of a federal law, the Children’s Online Privacy Protection Act (COPPA), this law has not prevented social media sites from infringing on the personal privacy of children around the country. For this reason, Governor Newsome has taken additional measures to ensure that the personal data of minors residing within California is protected at all times.

Consequently, AB-2273 mandates that businesses “complete a Data Protection Impact Assessment, as defined, for any online service, product, or feature likely to be accessed by children and maintain documentation of this assessment as long as the online service, product, or feature is likely to be accessed by children.” Moreover, the law also prohibits businesses that sell products and services aimed at children, or that have the potential to be used by children, from selling the personal information of said children, be it in the form of contact information, or geolocation information, among other things.

Alternatively, as it concerns the punishments that can be imposed against businesses that fail to adhere to the provisions of AB-2273, the law states that “Any business that violates this title shall be subject to an injunction and liable for a civil penalty of not more than two thousand five hundred dollars ($2,500) per affected child for each negligent violation or not more than seven thousand five hundred dollars ($7,500) per affected child for each intentional violation, which shall be assessed and recovered only in a civil action brought in the name of the people of the State of California by the Attorney General.”

In accordance with the California Privacy Rights Act (CCPA), the state of California has arguably the most rigorous data privacy regulations of any state or territory throughout the country. Furthermore, when AB-587 and AB-2273 ultimately come into effect in 2024, businesses that are looking to provide their products or services to customers that reside within the state of California will have to be sure that their data collection, processing, transfer, and retention practices are compliant with these newfound regulations at all times, as there are now a host of different monetary penalties that can be imposed against businesses that are found to be in violation of any of the numerous data protection laws that currently exist within the state.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »