In September 2013, Governor Jerry Brown of California signed into law Senate Bill 568. This bill extends additional protections to Internet users under the age of 18 than they previously had under federal and state law. The effect of the law is two-fold: first it restricts certain kinds of advertisements directed at underage users, and second, it allows minors to erase, or have removed, content that they have posted to websites and other online services and applications.
New Advertising Restrictions
Senate Bill 568, which adds a chapter to California’s Business and Professions Code entitled “Privacy Rights for California Minors in the Digital World” (the “Act”), is directed towards operators of web sites, online services or applications. The first part of the Act prevents operators of these online entities that are directed at people under the age of 18 from advertising certain kinds of products and services. These products are generally those that are already illegal for one under the age of 18 to buy or use. These products and services range from tobacco, alcohol and firearms to fireworks, dietary supplements and artificial tanning services.
New “Eraser” Ability
The second part of the Act provides a new “eraser” option for certain minors using websites and online services. Under the requirements of the Act, operators of websites, online services, online applications and mobile applications, who have knowledge that users of such a site or service are under the age of 18, must allow such registered users to either directly erase their posts to that website, or must establish a system where the registered minor may request and obtain removal of the content. The Act also requires operators to inform users of their ability to remove user-posted content and the manner in which they may do so. Removal of the content is not required if the content was posted by another user of the site, if the minor was compensated for the creation of the content, or if the content is sufficiently anonymized such that the registered minor cannot be identified from it.
While in theory a website or other online services operator will not fall under the reach of these new requirements if they are not engaged in making their site or services available to California residents, in practice, it is nearly impossible to limit users of a website from particular locations. Because of this, and because of the size of California’s population, as a practical matter, many operators of websites and other services that allow minors to post content or that allow advertisements for the prohibited products will want to comply with the new requirements or take steps to exempt their sites from coverage of the Act.
Given the breadth of the Act, websites that are currently exempt from the Children’s Online Privacy and Protection Act (“COPPA”) may need to re-evaluate and implement new compliance procedures. The Federal Trade Commission, the agency tasked with enforcing COPPA, has recently announced that it does not consider COPPA to occupy the field and preempt state laws on the subject, but rather it considers COPPA to provide a floor of protections, which states are free to increase. Senate Bill 568 does just that. The new requirements created by the Act go beyond the scope of COPPA in at least two key respects. First, COPPA only applies to websites that are directed at children under the age of 13, thus some website operators have found it easier to use age confirmation gates to restrict users under the age of 13 rather than comply with the requirements of COPPA for younger users. However, these same websites may not want to keep all children under the age of 18 from using their services or websites and would therefore need to comply with the requirements of the Act. Second, COPPA only affects websites that collect and maintain data on its users, whereas the Act potentially touches on all websites and other services that are directed towards users under the age of 18.
In addition, because of the new “eraser” option for content posted by minors, site and service operators will either need to update their applicable terms and conditions or provide some other mechanism to inform users about the ability of minors to remove relevant user-posted content.
The “Directed Towards Minors” Standard
The Act defines an “Internet Web site, online service, online application, or mobile application directed towards minors” as one that is “created for the purpose of reaching an audience that is predominantly comprised of minors, and is not intended for a more general audience comprised of adults.” The Act also prevents the marketing of the described products to users that the website operator has actual knowledge is using the service and is under the age of 18. However, the Act provides a safe harbor for website operators that take reasonable actions in good faith designed to ensure compliance with the advertising and marketing restrictions imposed by the new statute.
Compliance with Minor “Eraser” Requirement
The second half of the Act imposes the requirement that operators of all websites, regardless if they are directed at minors, allow registered users under the age of 18 to erase or request and obtain the removal of their created content from websites. Although there are safe harbors built into the Act, website operators may find it easier to implement other practices to avoid compliance obligations, such as eliminating all user generated content from their websites or preventing users under the age of 18 from posting any created content. An analysis of the scope of allowable user activities is necessary to craft a compliance procedure that is best for an individual website or other service.
The Act takes effect on January 1, 2015, so operators of covered websites, services and applications have until then to ensure their compliance with the new requirements of the Act.