Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

California ADCA bill aims to increase children’s data privacy

By Kamran Salour, Ron Raether, Robyn Lin, Safvet Besen
child using tablet

Image from Unsplash

August 24, 2022

Recently, California introduced Assembly Bill 2273 (AB 2273) or the California Age-Appropriate Design Code Act (ADCA). If passed, the ADCA will impose certain data privacy requirements on businesses that provide “an online service, product or feature likely to be accessed by a child.” Unlike other statutes, the ADCA defines child as a consumer under 18 years of age. These requirements are intended to protect children’s personal information and limit children’s online exposure.

Data privacy dos and don’ts of the ADCA

If enacted, a business subject to the ADCA must comply with the following requirements:

  1. Consider the “best interests” of children when designing and developing the product in a manner that prioritizes “the privacy, safety and wellbeing of children over commercial interests.” This includes taking into account the “unique needs of different age ranges” such as a child who is not yet literate compared to a teenager.
  2. Undertake a Data Protection Impact Assessment (DPIA) for their products, which is a “systematic survey” of the risks associated with child access to the business’s   products.
  3. Establish the age of users with a reasonable level of certainty to appropriately configure all default privacy settings to offer a high level of protection for children using online services.
  4. Provide an obvious “signal” if location or activity is being monitored and make any privacy information and terms of services in clear language that children can understand.
  5. Enforce the business’s established terms, policies and community standards as defined for children and provide prominent, accessible and responsive tools to help children (or their parent or guardian) exercise their privacy rights and report concerns.

ADCA prohibits businesses from:

  1. Using the personal information of a child to establish age or age range for any purpose longer than necessary or that may harm the physical health, mental health or wellbeing of a child.
  2. Profiling a child by default.
  3. Collecting, selling, sharing or retaining any personal information or precise geolocation that is not necessary for the product with which a child is actively and knowingly engaged.
  4. Collecting any precise geolocation information of a child unless there is an obvious signal to the child that this information is being collected.
  5. Using dark patterns to lead or encourage children to provide additional personal information that is unnecessary, as well to forego privacy protection measures.

The ADCA would also require the CPPA to establish and convene the California Children’s Data Protection Working Group (CDWG) to evaluate best practices for the implementation of these provisions. The CDWG, which would be comprised of professionals with expertise in areas such as data privacy, mental health and children’s rights, would make recommendations on best practices for businesses adapting to the increased privacy levels.

The ADCA has the power to make material change in data privacy law, and the requirements and prohibitions for compliance will have a tangible impact on businesses. Not only does it establish guidelines like considering the “best interests” of children or undertaking systematic surveys, but it sets out clear requirements for businesses to make policies with a high default level of protection.

Although the ADCA is specifically for children, its passage will have an even greater impact on businesses than existing data privacy laws in the state. The ADCA’s introduction reflects a greater interest in data protection, especially children’s data.

What’s next for the ADCA?

After its introduction to the California Assembly in February 2022, the ADCA has since passed in the Assembly on May 26, 2022 and was introduced to the California Senate on May 27, 2022. In June 2022, it was referred to the Committee on Judiciary before being amended and referred to the Committee on Appropriations, where a hearing was held on August 1, 2022. On August 11, an amended bill passed the Senate committee that is now under consideration by the State Senate.

The Senate has until the end of the 2022 California legislative session on August 31, 2022, to act. If the Senate passes the amended bill, it will have passed both houses of the California legislature and proceed to Governor Gavin Newsom, who will then have 12 days to either sign or veto the bill. The ADCA would then take effect July 1, 2024.

Tech companies have already shown a greater interest in protecting children’s data by modifying their services on a company-wide scale. For example, Google designated SafeSearch as the default for children under 18 browsing the web. Additionally, social media platforms Instagram and TikTok have barred adults from directly messaging children who don’t follow them back.

The ADCA’s bipartisan support is a good signal for its likely passage. If passed, the ADCA would hold significant weight given the number of tech companies based in California.

KEYWORDS: California Consumer Privacy Act (CCPA) cyber security legislation data collection data privacy data protection mental health

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Kamran Salour is a Partner at Troutman Pepper.

Ron Raether is a Partner at Troutman Pepper.

Robyn Lin is an Associate at Troutman Pepper.

Safvet Besen is a Summer Associate at Troutman Pepper.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • CCPA

    The California Consumer Privacy Act: Everything We Know with Six Months to Go

    See More
  • id 1 feat

    California Bill Would Restrict Selling and Access to License Plate Data

    See More
  • data privacy

    The California Consumer Privacy Act Has Data Security at its Core

    See More

Related Products

See More Products
  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

  • s and the law.jpg

    Surveillance and the Law: Language, Power and Privacy

  • 9780367667887.jpg

    Surveillance, Privacy and Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing