California recently passed the California Age-Appropriate Design Code Act, a new law aimed at making the internet safer for children. The sweeping legislation, which goes into effect July 1, 2024, will apply to companies governed by the California Privacy Rights Act and regulate online services, products or features “likely to be accessed by children.” Unlike most other legislation governing children’s privacy, the Act defines children as “consumers under the age of 18.” This change significantly increases the number of companies that will need to consider children’s privacy issues.
Notably, the Act explicitly includes activities already governed by the Children’s Online Privacy Protection Act (COPPA). While federal statutes often preempt state laws that regulate the same activities, COPPA only preempts state laws to the extent that such laws are “inconsistent.” Thus, it appears likely that the Act will co-exist with COPPA, although the extent of this co-existence is likely to be litigated.
"This is absolutely a massive shift in what many — if not most — companies will be required to do," Public Interest Privacy Consulting founder and President Amelia Vance said. "'General audience' companies have largely avoided having any responsibilities under the Children's Online Privacy Protection Act. This is a whole new ballgame…”