Free speech battles and age-appropriate balance: Maryland and Connecticut try again for youth safety rules

Policymakers, industry members and parents continue to focus their attention on strengthening online protections for children and teens. Although federal legislators have so far been unsuccessful in updating U.S. kids' privacy laws, since 2022, states have taken the initiative to create their own youth online safety frameworks, with a few taking effect this year.

After California adopted its Age-Appropriate Design Code Act in September 2022, many states followed suit by introducing or enacting similar rules designed to enshrine default privacy protections and enhance safety measures for minors. However, California's AADCA was quickly met with constitutional challenges after its passage, and its data protection impact assessment requirement was struck down on free speech grounds in August.

Undeterred, other states, including Maryland and Connecticut, passed children's privacy laws that went into effect this year without facial challenges.

New rules in the old-line state

Maryland's Age-Appropriate Design Code Act, also known as the Maryland Kids Code, is one of the more notable children's online privacy laws passed in 2024. Although Maryland legislators took inspiration from California's AADCA, the two laws have distinctions meant to remedy some of the more constitutionally precarious provisions — such as the DPIA requirement.

The first distinction between the Maryland Kids Code and California's AADCA is the Kid Code's definition of the "best interests of children" standard. California's AADCA mentions the best interests of children but fails to provide how the standard will apply. The Maryland definition creates a duty of care framework entities must follow when considering whether their services pose a risk to children who may access their products.