A look at the digital kids industry with a focus on online privacy, data security & the latest trends
California AADC

What you need to know about the new California AADC

California has passed the bill for its Age-Appropriate Design Code Act (AADC). In the world of children’s privacy it is expected to have a global impact. Modeled on the UK’s Children ‘s Code it requires privacy by design in all online services for children or that attract a large child audience, children being users under 18 years old. Sites, apps, platforms, metaverses and connected devices will all need to comply by July 1, 2024. This may sound a long time off but actually it is a relatively short window in terms of the fundamental changes some services will need to make to comply or face significant fines of up to $7,500 per affected child. It will be enforced by the state attorney general.

To date the federal Children’s Online Privacy Protection Act (COPPA) has been the gold standard in the US but the Code will bring additional requirements for services already complying with COPPA which protects children 12 or under only. 

There is time to get into shape but work should start at the design stage for any new services in build or now for any online services that do not currently meet the requirements and it's likely most won’t.

Here’s some of the key requirements that will need to be addressed at a high level:

  • Establish the age range of younger users to treat them appropriately.
  • Provide mechanisms for children to report their privacy concerns.
  • Provide age appropriate and clear privacy notices for children.
  • Algorithms that exploit children’s data to serve the harmful content are prohibited.
  • Precise location tracking is prohibited unless necessary for the operation of the service.
  • Transparency on location tracking is required i.e., include clear messaging to a child that it is on.
  • Do not sell children’s data unless it is essential to the service and do not profile children to serve targeted ads.
  • Only use data for the purpose it was collected.
  • Ensure data minimization, if the data is not needed for a specific and legitimate purpose then don’t collect it.

If you would like support to get into shape with the AADC then please contact PRIVO by clicking here

Join our Newsletter

Stay up to date