Ensuring Age Appropriate Design with the Latest Code Requirements

Ensuring Age Appropriate Design with the Latest Code Requirements

Last updated:

By Toby Tinney

The internet is vast, informative, and potentially confusing – especially for young minds. Even if online platforms don’t target kids, many children still end up using their services.

Governments worldwide have come to terms with this and devised plans to improve their own child safety.

The Californian Age Appropriate Design Code Act is a data protection bill aimed at safeguarding children’s mental and physical well-being.

What is the California Design Code? (CAADCA)

The age-appropriate design code, aimed at protecting children’s privacy and well-being on all online platforms, starts in July 2024.

The CAADC became law in September 2022 after California Governor, Gavin Newsom, signed the data protection bill.

Businesses have time to check their data management and comply before the law starts.

Who Does the Code Apply to?

The appropriate design code applies to businesses or data fiduciaries with online platforms that could be accessible to children. You are expected to comply regardless of whether children are your target audience or not.

Affected parties include any Information Society Services (ISS) that lack a clear and effective system to verify age and block minors.

Age Appropriate Design Code

In reality, any for-profit online service is an ISS. As such, the appropriate design code act affects businesses like:

  • Apps
  • Computer programs
  • Social media platforms
  • Marketplaces
  • Streaming service providers
  • Websites
  • Internet-based forums and messaging platforms

According to experts, the act will affect any business already under the umbrella of regulations like:

  • The California Privacy Act 2020
  • California Parental Accountability and Child Protection Act
  • The Children Online Privacy Protection Act

Although the CAADCA does not apply retroactively, businesses should fix past mistakes. This helps avoid scrutiny by ensuring data practices and age guidelines meet current standards.

Once you establish that your business is under the CAADCA umbrella, you should focus on implementing suggestions like:

Before diving into a full-scale compliance rollout, it’s worth validating your child-safe design approach on a smaller scale first. Rushing straight into complete implementation without testing your assumptions can lead to costly redesigns down the line. An MVP-based product validation strategy allows your team to pilot key features, gather real user feedback, and confirm that your design choices genuinely meet CAADCA’s requirements — all before committing to a broader deployment. This kind of iterative testing is especially valuable when compliance obligations are high-stakes and the cost of getting it wrong is significant.

Doing a Data Protection Impact Assessment

This survey details the service’s goals, main offerings, key functions, and its direct or indirect interaction with children. The act expects businesses to complete the first assessment by July 1st, 2024, and then conduct subsequent checks before launching any product or service accessible to children.

Bake Privacy into the Product

Offer maximum privacy settings as the default, rather than relying on consent or selected privacy options.

You will have to prove that any different locations that gather even the slightest traceable or untraceable information about under-18 visitors are in their best interests (not in the interests of making your business more profitable).

Don’t Do Anonymous Tracking

The bill goes beyond parents’ desire to monitor their kids discreetly and bans any form of hidden tracking. Any service that allows a parent, guardian, a business, or anyone else to track the location or activities of a child should give the child obvious warnings that their activities are being watched.

What Are the Penalties for Breaching the Code?

The California Attorney General can start litigation against violators and can impose fines to the tune of:

  1. A maximum of $2500 per affected child in cases of violation by negligence
  2. A maximum of $7500 per affected child if the violation was intentional

Should the AG feel that the company is mostly compliant but has made a few mistakes, he or she may issue a 90-day amnesty. Business owners will be able to solve any violations without paying any fines as a result of this amnesty.

How Will the California Age Appropriate Design Code Act Be Enforced?

The online harm provisions bill follows in the footsteps of other successful privacy laws. Many existing systems make it easy to identify violators. Parents, guardians, data controllers, and other interested parties can bring errant platforms to the AG’s attention.

California will ensure that all companies, local and international, follow this law to operate there. The consequences will be tangible. It would be wise to start preparing early if your business falls into the affected categories.

Toby Tinney