A version of the following public comment was submitted to members of the California General Assembly on March 26, 2026.
California’s Digital Age Assurance Act is a welcome improvement over previous attempts to protect minors online because it departs from the notion that age verification is the only available mechanism. Instead, it represents a move to put parents in the driver’s seat to declare their children’s ages.
However, since the bill’s passage last year, we have noted several concerns arising from the legislation’s real-world impact. We welcome Assembly Bill 1856 (AB 1856) as a way to work with the sponsor to improve upon this Digital Age Assurance Act, and we offer the following recommendations to address some of these concerns.
First, the Digital Age Assurance Act requires parents to declare their teen user’s age, which operating system providers have interpreted to mean that the bill requires all users, regardless of age, to disclose their birthdate. While this information may be innocuous and users can easily provide a false age, we note that a better approach would be to ensure that parents providing their teens’ age is voluntary, leaving room for the privacy rights and anonymity preferences of adults, as well as the individual choice of parents. We suggest the following amendment:
1798.501. (a) An operating system provider shall do all of the following:
(1) Provide an accessible interface at account setup that
requiresallows an account holder to indicate the birth date, age, or both, of the user of that device, and an accessible interface available at account setup and in the device settings that allows the account holder to consent or withhold consent to the use of the provided age for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
Second, the Digital Age Assurance Act could be used by corporations as an excuse to collect more information about a user than necessary. In extreme cases involving nefarious actors, the law could be used as an excuse to ask users to submit to age verification “out of an abundance of caution” to dupe users into offering up their sensitive information that would otherwise be off-limits.
To protect the privacy and security of Californians, the state should ensure that a user cannot be compelled to disclose age information or to submit to age verification as a condition of access. We suggest the following amendment:
1798.504. (c)
(3) An operating system provider or a covered application store shall not:
(A) Require an account holder to declare the age or birth date of the user; or
(B) Require an account holder or user to undergo any form of verification in order to set up an account for a user or to verify an account holder’s age or relationship to a user.
In addition to these recommended amendments, we welcome the opportunity to advise the legislature on ways to improve the state’s Digital Age Assurance law to be as privacy-protective and meaningful as possible.