On September 20, 2024, California Governor Newsom signed into law SB 976, the Protecting Our Kids from Social Media Addiction Act (the “Act”). The Act defines and prohibits an “addictive internet-based service or platform” from providing an “addictive feed” to a minor unless the platform has previously obtained verifiable parental consent. The Act will take effect on January 1, 2025, and the California Attorney General will promulgate regulations on age assurance and parental consent by January 1, 2027. This post summarizes the law’s key provisions. The law includes several technical definitions and exceptions, which are explained at the end of this post.

  • Knowledge Standard: When SB 976 goes into effect on January 1, 2025, the threshold for triggering the law is when the social media platform has “actual knowledge” the user is a minor. On January 1, 2027, the law expands this threshold to when the social media platform “has reasonably determined” a user is a minor.
  • Age Assurance and Verifiable Parental Consent: Under SB 976, it is unlawful for an “addictive internet-based service” to send notifications to a minor user between 12 a.m. and 6 a.m. or between 8 a.m. and 3 p.m. local time, Monday through Friday, from September through May, unless the operator previously obtained verifiable parental consent.
  • Mechanisms for Parents:The covered operators must provide a mechanism for the verified parent of a minor user to:
    • Prevent their child from accessing or receiving notifications between specific hours in addition to the restrictions noted above.
    • Limit their child’s access to any “addictive feed” to a length of time per day. The default setting must limit a child’s access to one hour per day.
    • Limit their child’s ability to view the number of likes or other form of feedback to pieces of media in the “addictive feed.” This setting must be on by default.
    • Require that the default feed be one where media is not recommended for display based on the information provided by the minor.
    • Set their child’s account to private so that only users who the child is connected to on the platform may view or respond to the child’s content. This setting must be on by default.
  • Public Disclosures:The Act requires operators to publicly disclose, annually, the number of minor users of its services. Additionally, operators must report how many minors have verifiable parental consent to receive an “addictive feed,” as well as how many have the specified parental controls enabled or disabled.
  • Enforcement:The California Attorney General has the exclusive authority to enforce the law. The Attorney General must adopt regulations, including on age assurance and parental consent, by January 1, 2027.
  • Addictive Feed Definition: An “addictive feed” is defined as an internet website, online service, or app, or a portion thereof, in which user-generated content is recommended for display to a user based on information provided by the user or otherwise associated with the user or their device.
    • Exceptions: The following are excluded from the definition:
      • Content that is recommended based on (i) information that is not persistently associated with the user or user’s device and does not concern  the user’s previous interactions with user-generated content; (ii) search terms that are not persistently associated with the user or the user’s device; or (iii) user-selected privacy or accessibility settings, technical information about the user’s device, or device communications or signals concerning whether the user is a minor.
      • Content that the user expressly requested.
      • Direct, private communications between users.
      • Recommended content that is exclusively the next media in a preexisting sequence from the same poster of the content.
      • Recommended content that is necessary to comply with the law or promulgated regulations.
  • Addictive Internet-Based Service or Application Definition: An “addictive internet-based service or application” is defined to mean an internet website, including a “social media platform,” that offers users an addictive feed as a significant part of their service.
    • Exceptions: An “addictive internet-based service media platform or application” does not include an internet website where interactions between users are limited to commercial transactions or consumer reviews of products or services or that operates a feed for the primary purpose of cloud storage.
  • Social Media Platform Definition:The definition of “social media platform” is borrowed from the Business and Professions Code and means a public or semipublic internet-based service or app that allows California users to connect and interact socially with each other and permits users to do all the following:
    • (i) Construct a public or semipublic profile to sign into and use the service or app;
    • (ii) Populate a list of other users with whom an individual shares a social connection within the system, including subscribing to another user’s content; and
    • (iii) Create or post content viewable by others, such as on message boards, in chat rooms, or on a main feed that presents the user with content generated by other users.
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Photo of Jenna Zhang Jenna Zhang

Jenna Zhang advises clients across industries on data privacy, cybersecurity, and emerging technologies. 

Jenna partners with clients to ensure their compliance with the rapidly evolving federal and state privacy and cybersecurity laws. She supports clients in designing new products and services, drafting privacy…

Jenna Zhang advises clients across industries on data privacy, cybersecurity, and emerging technologies. 

Jenna partners with clients to ensure their compliance with the rapidly evolving federal and state privacy and cybersecurity laws. She supports clients in designing new products and services, drafting privacy notices and terms of use, responding to cyber and data security incidents, and evaluating privacy and cybersecurity risks in corporate transactions. In particular, she advises clients on substantive requirements relating to children’s and student privacy, including COPPA, FERPA, age-appropriate design code laws, and social media laws.

As part of her practice, Jenna regularly represents clients in data privacy investigations and enforcement actions brought by the Federal Trade Commission and state attorneys general. She also supports clients in proactive engagement with regulators and policymakers to ensure their perspectives are heard.

Jenna also maintains an active pro bono practice with a focus on supporting families in adoptions, guardianships, and immigration matters.

Photo of Natalie Maas Natalie Maas

Natalie is an associate in the firm’s San Francisco office, where she is a member of the Food, Drug, and Device, and Data Privacy and Cybersecurity Practice Groups. She advises pharmaceutical, biotechnology, medical device, and food companies on a broad range of regulatory…

Natalie is an associate in the firm’s San Francisco office, where she is a member of the Food, Drug, and Device, and Data Privacy and Cybersecurity Practice Groups. She advises pharmaceutical, biotechnology, medical device, and food companies on a broad range of regulatory and compliance issues.

Natalie also maintains an active pro bono practice, with a particular focus on health care and reproductive rights.