Export Compliance Daily is a Warren News publication.
COPPA Preemption?

US Chamber Asks Court to Throw Out Calif. Child Privacy Law

California’s age-appropriate social media design law should be thrown out because it’s preempted by the Children's Online Privacy Protection Act (COPPA) (see 2212140063 and 2301310034), the U.S. Chamber of Commerce told the U.S. District Court for Northern California in an amicus brief Friday in support of NetChoice (docket 5:22-cv-08861).

NetChoice sued in December to invalidate AB-2273, the Age-Appropriate Design Code Act (AADC), which is to take effect in July 2024. The law requires social media companies with child users to follow “age-appropriate” design principles and imposes age-verification requirements. AADC violates the First Amendment by telling sites how to “manage constitutionally protected speech,” argued NetChoice.

Congress “expressly” preempted state laws that regulate children’s privacy differently than COPPA, the Chamber said in its brief. AB-2273 applies to individuals between ages 13 and 18, which is inconsistent with COPPA, which is limited to users under the age of 13, the chamber noted. AB-2273’s “likely to be accessed” standard is inconsistent with COPPA, said the filing: California adopted a “vague, multifactor” test that Congress “considered and rejected” previously. The chamber cited an example of the California law’s vague language: If “evidence” indicates a service is accessed by a “significant” but undefined “number of children,” that service is subject to the new law. AB-2273 lacks COPPA carveouts for websites and services that “solely link to other websites and services,” the chamber said.

The effects of the law’s age-verification requirement on user behavior “have major First Amendment implications,” said Santa Clara University School of Law professor Eric Goldman in his brief siding with NetChoice. AADC’s age-verification requirements chill online speech by imposing “high implementation costs on regulated businesses” and deterring “user traffic through increased latency and intrusive requests for personal information,” said Goldman. The court should grant NetChoice’s motion for preliminary injunction, he said.

Goldman noted several states passed laws that resembled the Communications Decency Act and were struck down as unconstitutional. He cited PSINet v. Chapman, in which the 4th Circuit U.S. Court of Appeals said a Virginia age-verification method using credit card numbers creates First Amendment issues because many adults might be unwilling to share their credit card information online and such a requirement would block adults who wish to access adult material but don’t own credit cards. He also cited ACLU v. Johnson, in which the 10th Circuit U.S. Court of Appeals said an age-verification requirement in New Mexico violated the First and 14th amendments “because it prevents people from communicating and accessing information anonymously." California's law creates a working group that would deliver a report to the state legislature recommending best practices for implementation of provisions like age verification.

Similar age verification attempts have been rejected in Communications Decency Act Section 230 and the Children’s Online Privacy Protection Act, he said. These age assurance barriers are imposed on content readers and content creators, he noted: “Websites and apps that allow users to author and publish content must conduct age assurance on every prospective author before they are given access to the authoring and publication tools. This process will cause high bounce rates for prospective authors and deter their constitutionally protected speech.”