Children’s Digital Privacy Act Could Market More Intrusive Age Verification Technologies

Governments and agencies have a duty to renew safeguarding measures that protect children online. The internet is flooded more than ever with content deemed inappropriate for younger audiences, thanks to the continuous advances of the World Wide Web.

In September, The California Age Appropriate Design Code got passed into law to tackle children’s exposure to the dark side of the web and ensure strict data privacy regulations. Promoted as a “privacy by design” initiative, the bill goes beyond simple measures like putting in place parental controls and sets out detailed refinements to algorithms in platforms to ensure underage data is not misused to expose children to harmful content online.

The UK law has been received in more favor than the California version. Experts warned that children are often burdened with responsibility for their own safety online, rather than businesses that indiscriminately target their products and solutions to consumers of all ages.

The legislation enforces safety frameworks around products that young customers are likely to see online rather than imposing blanket rules on all product advertising which would hold businesses accountable. Hence, it needs more clarity around how children can be protected in all aspects online when personal data is misused without seeking consent.

The Code was legislated by Gov. Gavin Newsom and will come into effect on July 1, 2024. The criticism reveals a lot about the mindset of businesses that calculate content that users are likely to see online. Technology providers, which currently oversaturated the market, are being called to have better processes to determine the ages of their audience.

On the other hand, this will enable businesses to ask for a government-approved ID or facial biometrics to confirm age, which some argue invades privacy rights and is a backward step for children’s anonymity online.

Jennifer King, Stanford HAI Privacy and Data Policy Fellow, said: “This is focused on kids, but this is coming for adult audiences, too”.

Questions marks remain whether, with the freedom to ask users to verify their age, businesses will still meet the standards for handling personal data correctly and preventing data misuse by third parties. The law was intended to ensure that businesses configure children’s default settings to have a high level of privacy across all platforms and do not sell on their personal information such as geolocation.

Chloe Altieri, from the Future of Privacy Forum, commented: (The law) takes a substantially different approach than the leading federal framework”.