Last week, New Jersey Assemblyman Herb Conway Jr. introduced a bill similar to the California Age-Appropriate Design Code (“CA AADC”) enacted in September.  The bill, NJ A4919, tracks the CA AADC in many respects but contains several notable differences, which we summarize below:

  • Covered businesses.  The CA AADC applies to any online service, product, or feature likely to be accessed by children, with exceptions for broadband internet access services, telecommunications services, and the delivery or use of a physical product.  However, NJ A4919 would apply only to online services, products, or features likely to be accessed by children that are offered by a social media platform.
  • Likely to be accessed by children.  Like the CA AADC, NJ A4919 provides criteria for determining when a service, product, or feature is “likely to be accessed by children.”  The factors provided by NJ A4919 are the same as those included in the CA AADC, with two exceptions.  First, both the CA AADC and NJ 4919 include as a criteria that “the online service, product, or feature is directed to children,” but the CA AADC further specifies that this criteria adopts the definition of “directed to children” provided in the Children’s Online Privacy Protection Ace (COPPA) while NJ A4919 does not.  Second, both the CA AADC and NJ A4919 provide that one criteria that may be used to determine if a product, service, or feature is “likely to be accessed by children” is whether “the online service, product, or feature is determined, based on competent and reliable evidence regarding audience composition, to be routinely accessed by a significant number of children,” the CA AADC lists an additional criteria for services that are “substantially similar or the same as” such services, products, or features.  NJ 4919 does not provide a similar criteria.
  • Data Protection Impact Assessment (DPIA) requirements.  Both NJ 4919 and the CA AADC require covered entities to complete a DPIA for each product, service, or feature likely to be accessed by children before it is offered to the public, and they provide virtually identical requirements for the specific information that must be included in such assessments.  However, the CA AADC requires covered entities to document “[w]hether, how, and for what purpose the online product, service, or feature collects or processes sensitive personal information of children,” but NJ A4919 applies this requirement to all personal information, not just sensitive personal information.
  • Geolocation information.  The CA AADC and NJ 4919 both prohibit covered entities from sharing geolocation information of children by default unless it is strictly necessary to provide the relevant service, product, or feature and it is only collected, sold, or shared when necessary to provide such service, product or feature.  However, the CA AADC only imposes this requirement for precise geolocation information, whereas NJ 4919 applies this requirement to all geolocation information.
  • Age estimation.  Both the CA AADC and NJ 4919 prohibit covered entities from using personal information collected to estimate age (or, in CA, age or age range) for any other purpose, or from retaining it longer than necessary to estimate age.  However, unlike NJ 4919, the CA AADC further provides that age assurance shall be proportionate to the risks and data practices of the relevant product, service or feature.

*          *          *

We will continue to monitor state law developments following the trend of the CA AADC and keep you updated here on Inside Privacy.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Photo of Madeline Salinas Madeline Salinas

Madeline Salinas counsels national and multinational companies across industries on data privacy, content moderation, and advertising issues.

Madeline advises clients on compliance with federal and state privacy frameworks, and counsels clients on navigating the rapidly evolving legal landscape. She regularly assists clients in…

Madeline Salinas counsels national and multinational companies across industries on data privacy, content moderation, and advertising issues.

Madeline advises clients on compliance with federal and state privacy frameworks, and counsels clients on navigating the rapidly evolving legal landscape. She regularly assists clients in designing cutting-edge products and services, developing privacy notices and consent forms, strategically engaging with state legislatures, and participating in rulemaking proceedings of state and federal agencies. In particular, Madeline has experience advising clients on compliance with laws implicating children’s privacy.

Madeline also partners with clients in developing content moderation policies and designing products and services that facilitate sharing of user-generated content, analyzing the evolving legal landscape and public policy considerations related to content moderation.

As part of her practice, Madeline represents clients in consumer protection enforcement actions brought by the Federal Trade Commission on topics related to data privacy and advertising.