California Governor Jerry Brown signed a bill allowing minors to “erase” information that they post to websites. The law will go into full effect in January 2015. In the meantime, website operators should review privacy polices and practices to ensure compliance with the new standards.
The law requires operators of websites and mobile apps directed towards minors in California to remove content that the minor posts on sites as a registered user. Unlike the Children’s Online Privacy Protection Act (“COPPA”), the law will apply to sites and apps directed at children under 18 years old, rather than only those under 13. The legislation also requires that websites clearly inform minors how to remove publicly posted information. The bill does not, however, compel websites to remove content that is posted by third parties or to permanently erase the content from a company’s internal computer systems. This tracks the trend of several major social media sites, which already allow registered users to delete their own posts from public view to protect minors from the future implications of impetuous posts that can come back to haunt them later in life.
Additionally, the law prohibits websites from marketing and advertising certain products, including alcohol, tobacco, firearms, tanning beds, and tattoos, if the websites are targeted to minors or have known minor users; and the law prohibits websites and apps from sharing children’s personal information with third parties that intend to market these products to minors.
Operators of websites and mobile apps directed towards minors should consider taking the following steps to come into compliance with the new law:
- Implement an internal policy that allows site operators to verify the identity of registered minors who post on the site and easily remove posts by those users.
- Provide clear instructions explaining the steps minors can take to delete these posts.
- Review sharing policy to ensure that minors’ personal information is not shared with third parties who intend to market the prohibited items to minors.
As almost one third of data privacy class actions are brought in California, we expect when this goes into force there may be a surge of class action filings against website operators. As a result, companies should consider using the next twelve months to review and revise their privacy programs in order to comply with the new provision.