California lawmakers passed, and Gov. Gavin Newsom signed the California Age-Appropriate Design Code Act (CAADCA) last year. The law imposes an age-assurance requirement on websites, which means regulated businesses must estimate the age of their users with “a reasonable level of certainty appropriate to the risks that arise from the data management practices of the business.”
NetChoice, a trade organization representing tech companies and platforms, challenged this unconstitutional imposition on California citizens and businesses in federal court. On Sept.18, U.S. District Judge Beth Labson Freeman ordered the state not to implement the law until the case is decided. Freeman, appointed by then-President Barack Obama, agreed with NetChoice that the law’s demands likely run counter to the right of citizens to access online content and free speech protected under the First Amendment.
There are many reasons this law should be overturned. The primary ways to determine a user’s age online are self-reporting, document review, and automated age estimation. Self-reporting checking a box or entering your birthdate—doesn’t meet the law’s requirements. Automated age estimation means using biometrics, like face scans, to determine the age of the person trying to log in.
Document review means showing your driver’s license or other government-issued identification to verify your identity and age. Sharing your official ID or allowing your face to be scanned to visit virtually any online location means sharing private information with every website operator that can be used to steal your identity, whether or not you trust them. You can’t even inspect the website first to see if it is worth sharing your identity. Thus, the law creates tremendous risk for everyone who wants to go online and would be a boon for every scammer itching to get your identity.
Judge Freeman noted the law compromises privacy, writing that it is “actually likely to exacerbate the problem by inducing covered businesses to require consumers, including children, to divulge additional personal information.”
That alone is enough reason to thank the court for blocking it. However, the CAADC has other troublesome implications.
Given the risks of potential privacy violations, people would likely become choosier about which websites they visit. Kids would have to think about how much they want to risk their identity online when researching a school assignment and doing things online. Likewise, when adults attempt to comparison shop for cheaper prices, they’ll have to decide how many places they want to share their sensitive personal information. Ultimately, we’ll all have less access to online information, goods, and services.
And the same goes for free speech. How many news sites, blogs, and apps are you willing to share your sensitive personal information with to read or watch their content? How much less information will you see as a result of your reluctance to share your documents or data? Readers will go to fewer websites, and content publishers will see drops in visitors due to the requirements.
U.S. courts have repeatedly rejected federal and state laws that impose online age-authentication requirements as violations of the First Amendment. California’s attempt to get around precedents by calling for age “assurance” rather than authentication does not pass constitutional muster.
In 1996, Congress enacted the Communications Decency Act, which the Supreme Court largely struck down in Reno v. ACLU as a vague and content-based restriction of protected speech under the First Amendment. In 1998, Congress passed the Child Online Protection Act, which contained an age-verification provision and was also rejected by the Supreme Court. In addition, several states have passed similar laws that were declared unconstitutional. California’s latest attempt to impose age verification will likely go the same way.
Common sense and a quick look at the Constitution should have killed the California Age-Appropriate Design Code Act before it was passed.