The California legislature’s sweeping attempt to ramp up online protections for children covers a lot of ground, but critics say it’s too broad. Credit: Polygraphus / Getty Images A proposed California law which passed the state senate this week could drastically boost online privacy protection for minors, but major platforms like Google and Meta have called the bill “too broad,” warning that the work involved in complying with the law would be onerous and have unintended consequences.The essence of the bill, called the California Age-Appropriate Design Code Act, is that tech companies that collect data on children would be required to treat that data differently than data on other users, and to enact a range of other safeguards designed to protect children’s privacy when using online platforms.Among the bill’s specific provisions are requirements that all optional privacy settings be set to their highest values by default for child users, all privacy information and terms of service be presented in language easy for children to understand, and to complete a data protection impact assessment before adding new services or features, to ensure that those services won’t result in harm to children. “As children spend more of their time interacting with the online world, the impact of the design of online products and services on children’s well-being has become a focus of significant concern,” the bill stated. “There is bipartisan agreement at the international level, in both the United States and in the State of California, that more needs to be done to create a safer online space for children to learn, explore, and play.” Critics predict unnecessary regulatory overheadThe measure is not without its critics – the California Chamber of Commerce, along with industry groups that include Google, Apple and Amazon, wrote a letter to state legislators in June, saying that the bill’s focus is over-broad and likely to create regulatory overhead for companies that the bill did not intend to target.“’Likely to be accessed by a child’ is an overinclusive standard and would capture far more websites and platforms than necessary and subject them to this bill’s requirements,” the letter read in part. “It is also an unfamiliar standard that will present problems for companies trying to determine whether they are in the scope of the bill.” Child privacy act to have broad impactAccording to Dan Novack, chair of the New York state bar commission on media law, whatever the bill’s specific effects on regulated companies are, they’re likely to be felt widely, as California is essentially the “highest common denominator” among U.S. states where privacy is concerned.“California is so big and services so many people,” he said. “It’s unlikely that most businesses will want to geo-filter California kids,” which means that largely everyone will move to comply with the measure, should California Governor Gavin Newsome sign it into law.What form that compliance takes can be complex as well – huge platforms like Facebook and Google will devise their own solutions and assert compliance, but Novack said that the terms of the proposed law are quite broad, and that different companies will move to comply with the law in different ways.“To me, the obvious concern is all the language about ‘the best interest of the child,’” he said, noting that such language is vague. Related content news Google, Meta, Spotify accused of flouting Apple’s device fingerprinting rules Security researchers allege that several apps are collecting data from iOS devices, violating Apple’s policy on device fingerprinting. By Gyana Swain May 08, 2024 7 mins Mobile Security Application Security news analysis Kinsing crypto mining campaign targets 75 cloud-native applications Five years after being discovered, the Kinsing cryptojacking operation remains very active against organizations, employing daily probes for vulnerable applications using an ever-growing list of exploits. By Lucian Constantin May 08, 2024 6 mins Cryptocurrency Malware Application Security feature How to future-proof Windows networks: Take action now on planned phaseouts and changes Microsoft has telegraphed its desire to start shuttering some legacy Windows systems. Here’s how to get ahead of the security changes that will inevitably come to the platform. By Susan Bradley May 08, 2024 6 mins Windows Security Threat and Vulnerability Management Network Security brandpost Sponsored by Cyber NewsWire Hunters announces full adoption of OCSF and introduces OCSF-native search By Cyber NewsWire - Paid Press Release May 07, 2024 5 mins Cyberattacks Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe