NetChoice Sues Maryland Over Online Privacy and Safety Requirements for Minors
NetChoice challenged the Maryland Age-Appropriate Design Code (MAADC) Act that introduced new compliance requirements for companies reasonably assumed to be accessible to minors. The tech industry group filed a lawsuit Monday against Maryland Attorney General Anthony Brown (D), alleging that the law restricts free speech and invades privacy through age-verification requirements.
Sign up for a free preview to unlock the rest of this article
“By compelling websites to collect sensitive documentation from users, this law would create a treasure trove of personal information that could devastate Marylanders’ privacy and security if compromised,” said Chris Marchese, NetChoice’s director of litigation in a news release. “The constitutional problems are matched only by the cybersecurity risks.”
The Maryland AG office declined to comment on the lawsuit. The MAADC, which took effect in October, aims to protect the online privacy of children by requiring entities that offer online products to complete data protection impact assessments, while prohibiting certain data collection and sharing practices and requiring certain data privacy protections.
NetChoice cast the law's requirements as unconstitutional, “sweeping restrictions on free speech” that change how websites interact with users and how information is accessed online. Also, the MAADC requires websites to alter their functions for the “vague and subjective ‘best interests of children,’” and wrongly claims to regulate data when it actually regulates how online services present content to its users, said the complaint.
“The Act’s fundamental flaw is its central command: requiring websites to analyze and restrict protected expressive content based on whether state officials might later determine such restriction would serve the 'best interests of children' -- an inherently subjective standard that provides little meaningful guidance to websites and invites discriminatory enforcement,” NetChoice wrote.
The state law's age-verification requirements raise privacy concerns, said NetChoice. “If websites implicitly need to conduct age verification, this means companies would be forced to collect sensitive data and documentation from all users -- regardless of age,” the NetChoice statement said. “Unfortunately, young Marylanders would be under the greatest threat as minors’ data is the number one target for identity thieves and digital predators.”
NetChoice also alleged that the Children’s Online Privacy Protection Act (COPPA) preempts this law, and that MAADC undermines Congress’s “clear command and intent to establish a uniform, national policy for certain data-privacy practices for minors.”
“While online safety for young people is a critical goal, it must be pursued through constitutional means that don’t infringe on free speech or create new security vulnerabilities for the very people it claims to protect,” said NetChoice's news release. The association also said “that parents and families, not government employees, should make informed choices about online access and engagement.”
Chris Olsen, data, privacy and cybersecurity partner at Wilson Sonsini, said this case represents an ongoing trend of NetChoice opposing states proposing and passing laws addressing privacy and safety issues for minors. “There's a lot of activity on the state legislative front, and as that activity increases, we're likely to see more challenges to state laws,” he said.