A federal district judge in California has enjoined the state’s Age-Appropriate Design Code Act (AADCA). Putatively to protect children from online harms, this sweeping 2022 law imposes a potpourri of duties and restrictions on websites’ collection and handling of children’s data. It further incentivizes websites to verify each user’s age — a gross privacy violation. However, these provisions and others likely violate the First Amendment, Judge Beth Labson Freeman ruled.
Although advocated to address the discrete issue of children’s online safety, the AADCA (if permitted to take effect) would essentially reshape the internet for all users. And it would threaten not just online privacy but free speech. “Self-censorship is (the AADCA’s) self-professed aim,” alleges NetChoice, a trade group representing tech companies, which brought the case.
The astoundingly broad AADCA regulates businesses (as defined by California statute) that host websites that are “likely to be accessed by children.” Legal minors are, of course, likely to access almost every type of website. The law provides websites two paths to avoid liability: extend to all users the law’s protections for children — which California self-admittedly designed to limit children’s access to certain content — or verify every user’s age.
Both options would likely chill speech. Applying speech-limiting children’s safety provisions to adults would “impermissibly ‘reduce the adult population … to reading only what is fit for children,’” Freeman reasoned. Alternatively, many websites implementing universal age verification would likely exclude children altogether to avoid further compliance costs. The judge writes that “the provision here would serve to chill a ‘substantially excessive’ amount of protected speech to the extent that content providers wish to reach children but choose not.”
Although she acknowledged the state’s interest in protecting children from online harm, Freeman correctly assessed that much of the AADCA likely cannot meet a moderately demanding level of scrutiny. California failed repeatedly to show that the law’s provisions would meaningfully protect children from online harms; in some instances, Freeman found that the law would, in fact, harm children and other users.
For example, the AADCA’s promotion of age verification impinges on all users’ privacy — directly contravening the law’s stated aims. To identify underage users reliably, websites must collect from all users either age-confirming documentation — e.g., a government-issued identification card — or biometric data such as a facial scan. (Some websites may outsource this to third parties.) “The … age estimation provision appears not only unlikely to materially alleviate the harm of insufficient data and privacy protections for children but actually likely to exacerbate the problem by inducing covered businesses to require consumers, including children, to divulge additional personal information,” Freeman wrote.
Likewise, provisions limiting websites from making certain targeted suggestions to minors fail to discriminate between protected and non-protected speech and would likely reduce young people’s access to beneficial content.
The law requires websites to document and report how their data practices could harm children and to create harm-mitigation strategies. It does not, however, require websites to act on those strategies. The reporting requirements “provide ‘only ineffective or remote support for the government’s purpose’ and do not ‘directly advance’ the government’s substantial interest,” Freeman concluded. Much else in the law fits this legally head-scratching mold.
Too many legislators in both major parties, although rightfully concerned for children’s safety, support astoundingly sweeping (and often unconstitutional) regulatory schemes for the digital world. As with the AADCA, such proposals (when scrutinized) generally have little chance of achieving their objectives — at least not without also inflicting intolerable economic damage or constitutional violations. Over the past quarter century, courts have accordingly struck down several such laws.
More prudent policymakers would remember that noble intentions guarantee no good policy outcomes and that economic tradeoffs and constitutional norms apply as much in the digital world as in the physical one.