California will not be deterred from protecting youth online. As a battle over the legality of the California Age-Appropriate Design Code Act continues, the attorney general and state lawmakers are set to pursue children's online safety via a different legislative vehicle.

At a press conference 29 Jan., California Attorney General Rob Bonta announced the introduction of two bills to the California State Legislature 2024 legislative session that cover youth privacy and growing issues with minors' use of social media. The privacy bill, deemed the proposed Children's Data Privacy Act, aims to amend the California Consumer Privacy Act to tighten youth coverage. The proposed Protecting Youth from Social Media Addiction Act focuses on measures to moderate content and limit luring features or techniques on social media platforms.

"We believe here in California that we can have incredibly successful, innovative, forward-looking and forward-leaning companies that are also responsible, and protect the safety and health of our children," Bonta said. "Social media companies show us time and time again they are all too willing to ignore the detriment to our children … we need to do better and do things differently."

Bill highlights provided during the press conference indicated provisions will not be a one-for-one match with privacy requirements under the AADCA, which is under a state court-ordered injunction over alleged First Amendment violations by technology association NetChoice.

The proposed Children's Data Privacy Act would prohibit businesses from collecting, using, sharing or selling personal data of minors under age 18 without "affirmative authorization" while data practices against users under 13 will require informed parental consent. Bonta said the extended coverage "closes a gap" in the CCPA that leaves 17-year-olds "exposed" to unwanted data processing. Additionally, the bill empowers the California Department of Justice to seek civil penalties of up to USD5,000 for individual violations.

The AADCA includes explicit privacy-by-default settings, data protection impact assessments within a 72-hour window upon request from the California attorney general, and standards to assess whether services are likely to be accessed by minors.

State Assemblywoman Buffy Wicks, D-Calif., is the lead sponsor on the new children's privacy bill and previously carried the AADCA to its passage out of the legislature in 2022. While not as comprehensive as the AADCA, Wicks indicated the new bill holds equal importance in regard to setting the bar on children's privacy.

"By the time a child is 13 years old, online advertising firms have collected an average of 72 million data points about them," Wicks said, noting the bipartisan nature of the bill and other children's online safety bills passed by the legislature. "You know that this cannot stand. … This is so important because the data being collected informs the algorithms. The algorithms inform the advertising." 

Wicks added the bill seeks to "bring conformity" among a "patchwork" of children's privacy statutes forming around the U.S. The CCPA and enacted comprehensive privacy laws in 12 other states contain children's privacy provisions, but language varies based on the state. Connecticut amended children's privacy provisions in its law in 2023 and other states, including Colorado and Virginia, have 2024 bills proposed to amend their laws.

The introduction of California's new children's bills will not impede the legal battle over the AADCA. The proposals are aimed to complement the AADCA assuming it prevails in its current legal challenge. However, California officials anticipate lawsuits if either of these bills pass.

"We expect these bills to be challenged based on the conduct of NetChoice and others in the past. We expect them on the First Amendment, Section 230 and more. It's part of the common playbook," Bonta said. "They don't want to be told what to do in some respects, and we think these approaches are fully compliant … with whatever the challenge may be."

State Sen. Nancy Skinner, D-Calif., the social media bill sponsor, added the bills and their implications are weighed "carefully" while Wicks described feeling "disheartened" about the prior AADCA challenge after social media platforms fully engaged with lawmakers before it passed through the legislature.

NetChoice's challenges of children's online safety bills are not limited to California. A social media bill recently passed in Ohio featuring age verification and parental consent provisions was blocked by a federal judge following a NetChoice challenge.

"These are the same harmful ideas recycled from California's AADC, which was noted in our case against AG Bonta as unconstitutional," NetChoice Vice President and General Counsel Carl Szabo said in a statement on the new California bills. "Rather than violate the Constitution, annihilate privacy, and force the government control of families, California policymakers need to engage with alternative, constitutional proposals."

Despite legal uncertainty, states remain engaged and determined to pass bills that in many ways mimic California's AADCA. Bills in Maryland, New Mexico, South Carolina and Vermont carry foundational pieces for the AADCA framework while either addressing or omitting provisions cited in the California legal challenge.