California Age Checking Law Walks Back Some of Planned Expansion

California Age Checking Law Walks Back Some of Planned Expansion

California AB 1856 has had its planned expansion of age checking to browsers and websites removed, leaving just closed-source operating systems on the hook for age checking.

AB 1856 is an amendment to the main law, AB 1043, which requires operating systems to ask users for their age and then provide an interface for developers to check the age bracket of each user.

While thankfully it doesn't require any kind of age verification technology like digital IDs or face scans, it still puts operating system and software developers on the hook if they don't take "internal clear and convincing information otherwise available to the developer that indicates that a user’s age is different than the age bracket data indicated by a signal provided by an operating system provider or a covered application store" into account.

This encourages operating system providers to potentially collect more data than just the initial age check, in order to avoid liability in the order of $2500 per child at minimum. When you think about how many children use operating systems and apps, that could add up to a lot of money.

This part of the law is at odds with another part requiring operating systems and apps to collect and send the minimum information they can to comply. They will be incentivized to collect other data that could indicate age.

Luckily, websites, browsers, and open-source operating systems are exempt from this law. It is strange that websites are exempt when they're so much more easily accessible than apps, however.

Small developers are particularly burdened by this law, as they likely won't have the resources to afford good legal representation in the event of a lawsuit. While some parts are concrete, like requiring developers to use the operating system API to check age, other parts are heavily open to interpretation, like what counts as "clear and convincing information" on the age of a user outside of the age signal.

Nothing is stopping people from just lying about their age either, and developers are not punished if a user lies about their age. Since the age check can be so easily bypassed, it brings into question what the actual point of the law even is.

The EFF points to a much better solution:

Rather than creating age gates, a well-crafted privacy law that empowers all of us—young people and adults alike—to control how our data is collected and used would be a crucial step in the right direction.

Community Discussion