by Avi Gesser, Johanna N. Skrzypczyk, Michael R. Roberts, Michael J. Bloom, Martha Hirst, and Alessandra G. Masciandaro
On September 15, 2022, California Governor Gavin Newsom signed into law the bipartisan AB 2273, known as the California Age-Appropriate Design Code Act (“California Design Code”). The California Design Code aims to protect children online by imposing heightened obligations on any business that provides an online product, service, or feature “likely to be accessed by children.” Governor Newsom stated that he is “thankful to Assemblymembers Wicks and Cunningham and the tech industry for pushing these protections and putting the wellbeing of our kids first.” The California Design Code’s business obligations take effect on July 1, 2024, though certain businesses must complete Data Protection Impact Assessments “on or before” that date.
In this post, we outline the California Design Code and its compliance requirements, compare it to pre-existing privacy regimes, and conclude with key takeaways for businesses to keep in mind as they adapt to the ever-changing privacy landscape.