California Age Verification Law | What You Need to Know

In an era where digital privacy has become a paramount concern, compliance with privacy laws such as the California Age-Appropriate Design Code Act (CA AADC), which is set to be enforced starting July 1, 2024, is a testament to this shift, setting stringent standards for businesses online, especially those interacting with minors online. 

The CA AADC, alongside other age verification laws such as  Louisiana Age verification laws, and other privacy laws like the California Privacy Rights Act (CPRA) and the Children’s Online Privacy Protection Act (COPPA), sets a framework for how personal data should be handled to ensure the protection of minors. 

Key Takeaways:

• The CA AADC sets new standards for minor’s online privacy, effective July 2024.
• Social media and gaming sectors must align with these rules to avoid penalties.
• CA ADC focuses on privacy settings, DPIAs, limited profiling, and transparency.
• Facia’s age verification via facial recognition is a compliant, secure solution.

This blog aims to unravel the complexities of the Act, provide actionable insights for compliance, and explore how technologies like Facia’s age verification solution can offer seamless integration for age verification needs.

California Age-Appropriate Design Code Act

The California Age-Appropriate Design Code Act (CAADCA), signed into law by Governor Gavin Newsom on September 15, 2022, and set to take effect on July 1, 2024, aims to safeguard the privacy, data, and well-being of children under 18 who utilize online platforms, services, or products. 

This legislation draws inspiration from the United Kingdom’s Age Appropriate Design Code, reflecting a broader international movement toward enhanced digital privacy for minors.

Core Aspects of CA ADC

Privacy by Default

A cardinal principle underpinning the Act is promoting a high level of privacy by default, which is part of a broader privacy-by-design scheme. The law mandates businesses to configure all default privacy settings to offer a high level of privacy, barring a compelling reason to do otherwise.

Data Protection Impact Assessment (DPIA)

Businesses are required to conduct a DPIA before July 1, 2024, for existing online services likely to be accessed by children, and for any new such services before they are made available to the public. 

The DPIA should elucidate the purpose of the online service, its utilization of children’s personal data, and the associated risks.

Profiling and Geolocation Restrictions

The Act prohibits profiling and the collection of precise geolocation data unless there’s a compelling reason or it’s necessary for providing the online service or feature.

Clear Privacy Information

Businesses need to furnish clear and age-appropriate privacy information, terms of service, and community standards to the users.

Exercise of Rights

It is mandated to provide accessible tools to help children or their parents/guardians exercise their privacy rights and report concerns.

Which Businesses Need Compliance with CA AADC?

The CAADCA extends primarily to businesses subjected to the California Privacy Rights Act of 2020 (CPRA). It specifically targets online services, products, or features likely to be accessed by children under 18. 

This includes services directed at children, substantially similar to services accessed by a significant number of children, or having design elements appealing to children among other indicators.

Businesses Subject to CPRA

The Act furthers the intents of the CPRA and applies to businesses that fall under its jurisdiction. These are typically for-profit entities doing business in California that collect personal information of California residents and meet specific threshold criteria

Online Services Likely to be Accessed by Children

The Act creates legal obligations for online products and services likely to be accessed by children under 18. This includes services:

• Directed to children as defined by the Children’s Online Privacy Protection Act (COPPA).
• Routinely accessed by a significant number of children.
• Advertising marketed to children.
• Substantially similar to other online services, products, or features frequently accessed by a significant number of children.
• Having design elements appealing to children, like games, cartoons, music, and celebrities who are popular among children.
• Where internal company research indicates a significant audience of children.

Broader Definition of Children

Unlike COPPA which defines “child” as an individual under the age of 13, the CA AADC defines “child” as a consumer under the age of 18, thereby broadening the scope of businesses that could fall under its purview.
Social media companies, gaming companies, and other businesses already subject to COPPA are among the largest organizations likely to be impacted by this Act due to the nature of their online platforms which are accessible or appealing to children​

If you are a business that is subject to the CA AADC, you will need to take steps to comply with the law’s requirements. For more information, please see our list of businesses that need age verification compliance

Penalties For Non-Compliance

Violations of this Act can result in civil penalties imposed by the Attorney General, with fines of up to $2,500 per affected child for negligent violations, and up to $7,500 per affected child for intentional violations. 

However, businesses in substantial compliance may receive a 90-day notice to rectify any potential violations before any action is initiated.

Controversy:

Since its passage, the Act has sparked considerable debate, although the specifics of the controversies weren’t detailed in the sources consulted.

Businesses operating in California, especially those in the social media and gaming sectors, along with companies already subject to the Children’s Online Privacy Protection Act (COPPA), are advised to closely review the requirements of the CAADCA to ensure compliance, and to update their data protection measures accordingly.

Why CA AADC & Age Verification is Necessary

The California Age-Appropriate Design Code Act (CA AADC) and the emphasis on age verification are driven by the need to enhance online safety and data privacy for minors. The rise in digital engagement among children and teenagers exposes them to various online risks, making age verification and stringent data privacy measures crucial. Here are the key points:

• Online Safety: Protect minors from exposure to harmful content, cyberbullying, and predatory behaviour.
• Data Privacy: Ensure informed consent and protect children’s personal data.
• Parental Control: Enable parents or guardians to manage their children’s online interactions.
• Regulatory Compliance: Align with broader trends in data protection and legal requirements.
• Ethical Practices: Foster trust and demonstrate responsible business conduct towards the user base.
• Reduced Liability: Mitigate legal liability and reputational risks by adhering to the law.
• User Trust: Enhance user trust and brand reputation through a safe and privacy-compliant online environment.
• Global Trend: Adapt to the global movement towards enhanced online protection for minors, aligning with similar regulatory efforts internationally.

How To Prepare for  CA AADC Before 2024?

Preparing for the CA AADC before 2024 requires implementing reliable age verification mechanisms. 

One efficient solution is utilizing Facia for age verification. This software employs facial recognition technology to accurately determine the age of users, ensuring compliance with the CA AADC’s mandate to verify the age of child users. 

By adopting Facia, businesses can provide a secure, user-friendly verification process, minimizing risks of non-compliance.

Age Verification through Facia

Facia provides a seamless and reliable age verification solution through advanced facial recognition technology. 

By scanning and analyzing facial features, Facia accurately estimates the age of users, ensuring that only age-appropriate content and services are accessible. 

Implementing Facia for age verification not only aids in complying with the CA AADC but also fosters trust and transparency with users, making it a prudent choice for businesses preparing for the new law.

Conclusion

As the digital landscape evolves, so too does the need for robust age verification and privacy measures to protect minors. California’s Age-Appropriate Design Code Act (CA AADC) represents a significant step forward in these efforts, setting a new standard for online services likely to be accessed by those under 18. With the 2024 deadline approaching, businesses must act swiftly to ensure compliance and avoid substantial fines. 

By implementing Facia’s cutting-edge age verification software, companies can meet legal requirements with confidence and ease, while also affirming their commitment to online safety and ethical data practices. 

Don’t wait to safeguard your business and the well-being of young users—embrace Facia’s age verification solution today and set a course for a compliant and secure digital tomorrow.