Privacy & Information Security Law Blog

On April 19, 2022, the California state legislature and an industry self-regulatory group each separately took steps to enhance online privacy protections for children who are not covered by the Children’s Online Privacy Protection Act (“COPPA”), which applies only to personal information collected online from children under the age of 13.

• Center for Industry Self-Regulation Roadmap. The BBB National Programs’ Center for Industry Self-Regulation released a Teenage Privacy Program roadmap for how companies should consider privacy risks and harms to consumers aged 13 to 17. While not binding, the roadmap encourages companies to explain to teens the types of personal information collected and the privacy controls available. The roadmap also addresses other best practices related to advertising, geolocation data, age-appropriate content, user-generated content, content moderation, data sharing and data retention.
• California State Legislation. The California State Assembly Privacy and Consumer Protection Committee approved AB-2273, a bill that would require online services likely to be accessed by children under the age of 18 to build stronger privacy and safety safeguards into their services. The bill would require such online services to (1) include by default certain privacy and data security protections; (2) limit the collection of personal information of children under the age of 18; (3) restrict the profiling of children under the age of 18; and (4) explain the online service’s privacy settings in a way that children would understand. The bill has been referred to the Assembly’s Appropriations Committee for consideration and may be amended before reaching a potential floor vote.