California recently became the first state to enact legislation to provide web users under the age of 18 with the right to delete or remove content they have posted online. The law – entitled the Privacy Rights for California Minors in the Digital World – will take effect on January 1, 2015.
California’s new law has two main parts.
“Eraser” Provision: An operator of (a) a web site, online service, online application or mobile application (hereinafter, collectively, Sites or Applications) that is “directed to minors” or (b) a general audience site with “actual knowledge that a minor is using its” Sites or Applications must “permit a minor who is a registered user” to either remove or request the removal of information posted on the Site or Application by the user. § 22581. These operators must also give notice to minors who are registered users of their ability to have this information removed and provide clear instructions for doing so. Id.
Advertising Prohibitions: The law also restricts marketing and advertising of products not legally available to minors such as alcohol, firearms, tobacco, tattoos and lottery tickets. Section 22580 prohibits operators of Sites or Applications “directed to minors” from marketing or advertising these products on their Site or Application. Similarly, it prohibits operators of general audience Sites or Applications from marketing or advertising these products “to a minor who the operator has actual knowledge is using” its Site or Application “if the marketing or advertising is specifically directed to that minor based upon information specific to that minor.” Id.
Gaps in Protection
Although the bill’s sponsor, state Senate President Pro Tem Darrell Steinberg (D-Sacramento), claims that California has taken “a major step to protect [its] children,” the protection is not exhaustive. For example:
- The law does not require companies to remove data from their servers, as long as they delete it from their websites.
- Operators need not erase content copied or posted by a third party.
- Anonymized information (such that the minor who is a registered user cannot be identified) is exempt.
- The law does not apply to content for which the minor “received compensation or other consideration.”
- Nor does it cover posts in which others mention a minor.
Potential for Unintended Consequences?
Critics such as the Center for Democracy and Technology (CDT) have also expressed concern that the law’s emphasis on sites “directed to minors” will create uncertainty for those sites used by older teens and young adults. Citing their experience with the Children’s Online Privacy Protection Act (COPPA) which covers websites directed to children under age 13, they worry that operators may be discouraged from creating content geared towards younger users and may even prohibit minors from using their sites.
Potential for a Patchwork of Laws
Of course California’s new law only covers requests by its own minor residents. If other states follow suit with their own (inevitably slightly different) laws, we may see another example of the "bullet bill" phenomenon that we have described in the context of employer or educational institution access to social media accounts. Ultimately, we may find ourselves with a series of laws with varying requirements that lead to unintended consequences (such as those highlighted by CDT).